On Wed, 24 Jul 2024, Ma Ke <make24@xxxxxxxxxxx> wrote:
> In drm_client_modeset_probe(), the return value of drm_mode_duplicate() is
> assigned to modeset->mode, which will lead to a possible NULL pointer
> dereference on failure of drm_mode_duplicate(). Add a check to avoid npd.
>
> Cc: stable@xxxxxxxxxxxxxxx
> Fixes: cf13909aee05 ("drm/fb-helper: Move out modeset config code")
> Signed-off-by: Ma Ke <make24@xxxxxxxxxxx>
> ---
> Changes in v3:
> - modified patch as suggestions, returned error directly when failing to
> get modeset->mode.
This is not what I suggested, and you can't just return here either.
BR,
Jani.
> Changes in v2:
> - added the recipient's email address, due to the prolonged absence of a
> response from the recipients.
> - added Cc stable.
> ---
> drivers/gpu/drm/drm_client_modeset.c | 3 +++
> 1 file changed, 3 insertions(+)
>
> diff --git a/drivers/gpu/drm/drm_client_modeset.c b/drivers/gpu/drm/drm_client_modeset.c
> index 31af5cf37a09..750b8dce0f90 100644
> --- a/drivers/gpu/drm/drm_client_modeset.c
> +++ b/drivers/gpu/drm/drm_client_modeset.c
> @@ -880,6 +880,9 @@ int drm_client_modeset_probe(struct drm_client_dev *client, unsigned int width,
>
> kfree(modeset->mode);
> modeset->mode = drm_mode_duplicate(dev, mode);
> + if (!modeset->mode)
> + return 0;
> +
> drm_connector_get(connector);
> modeset->connectors[modeset->num_connectors++] = connector;
> modeset->x = offset->x;
--
Jani Nikula, Intel
