On Fri, May 05, 2023 at 11:22:12AM +0300, Stanislav Lisovskiy wrote:
> intel_atomic_get_new_crtc_state can return NULL, unless crtc state wasn't
> obtained previously with intel_atomic_get_crtc_state, so we must check it
> for NULLness here, just as in many other places, where we can't guarantee
> that intel_atomic_get_crtc_state was called.
> We are currently getting NULL ptr deref because of that, so this fix was
> confirmed to help.
>
> Fixes: 74a75dc90869 ("drm/i915/display: move plane prepare/cleanup to intel_atomic_plane.c")
> Signed-off-by: Stanislav Lisovskiy <stanislav.lisovskiy@xxxxxxxxx>
> ---
> drivers/gpu/drm/i915/display/intel_atomic_plane.c | 4 ++--
> 1 file changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/drivers/gpu/drm/i915/display/intel_atomic_plane.c b/drivers/gpu/drm/i915/display/intel_atomic_plane.c
> index 9f670dcfe76e..4125ee07a271 100644
> --- a/drivers/gpu/drm/i915/display/intel_atomic_plane.c
> +++ b/drivers/gpu/drm/i915/display/intel_atomic_plane.c
> @@ -1029,7 +1029,7 @@ intel_prepare_plane_fb(struct drm_plane *_plane,
> int ret;
>
> if (old_obj) {
> - const struct intel_crtc_state *crtc_state =
> + const struct intel_crtc_state *new_crtc_state =
> intel_atomic_get_new_crtc_state(state,
> to_intel_crtc(old_plane_state->hw.crtc));
>
> @@ -1044,7 +1044,7 @@ intel_prepare_plane_fb(struct drm_plane *_plane,
> * This should only fail upon a hung GPU, in which case we
> * can safely continue.
> */
> - if (intel_crtc_needs_modeset(crtc_state)) {
> + if (new_crtc_state && intel_crtc_needs_modeset(new_crtc_state)) {
NAK. We need to fix the bug instead of paparing over it.
> ret = i915_sw_fence_await_reservation(&state->commit_ready,
> old_obj->base.resv,
> false, 0,
> --
> 2.37.3
--
Ville Syrjälä
Intel
