On Mon, 8 Apr 2024 at 11:57, Aleksandr Mishin <amishin@xxxxxxxxxx> wrote: > > In dpu_core_irq_callback_handler() callback function pointer is compared to NULL, > but then callback function is unconditionally called by this pointer. > Fix this bug by adding conditional return. > > Found by Linux Verification Center (linuxtesting.org) with SVACE. This should be converted to a proper Reported-by: trailer. > > Fixes: c929ac60b3ed ("drm/msm/dpu: allow just single IRQ callback") > Signed-off-by: Aleksandr Mishin <amishin@xxxxxxxxxx> > --- > drivers/gpu/drm/msm/disp/dpu1/dpu_hw_interrupts.c | 4 +++- > 1 file changed, 3 insertions(+), 1 deletion(-) > > diff --git a/drivers/gpu/drm/msm/disp/dpu1/dpu_hw_interrupts.c b/drivers/gpu/drm/msm/disp/dpu1/dpu_hw_interrupts.c > index 946dd0135dff..03a16fbd4c99 100644 > --- a/drivers/gpu/drm/msm/disp/dpu1/dpu_hw_interrupts.c > +++ b/drivers/gpu/drm/msm/disp/dpu1/dpu_hw_interrupts.c > @@ -223,9 +223,11 @@ static void dpu_core_irq_callback_handler(struct dpu_kms *dpu_kms, unsigned int > > VERB("IRQ=[%d, %d]\n", DPU_IRQ_REG(irq_idx), DPU_IRQ_BIT(irq_idx)); > > - if (!irq_entry->cb) > + if (!irq_entry->cb) { > DRM_ERROR("no registered cb, IRQ=[%d, %d]\n", > DPU_IRQ_REG(irq_idx), DPU_IRQ_BIT(irq_idx)); > + return; > + } > > atomic_inc(&irq_entry->count); > > -- > 2.30.2 > > -- With best wishes Dmitry