From nobody Wed Feb 5 18:54:08 2025 Received: from fllvem-ot03.ext.ti.com (fllvem-ot03.ext.ti.com [198.47.19.245]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id E2BDA19883C for ; Thu, 16 Jan 2025 11:16:56 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=198.47.19.245 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1737026218; cv=none; b=Ra2c3c6VAdPhLhVfh1J5oTg6MmspipmpKI5WIXFrN0YBBpuxLuvMJ9UBufTxQ973K/NT6l0K//XMPknnlyI6U/T8uI5uNacGnCCL1/14jFe4W+3RnIP0l0YX/YouSZSXlmvkjNLxWe9vPZnjIuM15Ny3oV0nf6cA3DRVQGiY64M= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1737026218; c=relaxed/simple; bh=RO+kavgTNmSHdoXVdAcx9UYjKxG9FVK72WkivpujRD8=; h=From:To:CC:Subject:Date:Message-ID:MIME-Version:Content-Type; b=XsaRdfta0LuU84tvFlsYBNaSXiLhsefDY1Z4g3AK1/EIWcQHXccfEdJPTowq+0H08Fg053EyhKpwFijlk11INyMMNBGLsr+y8xhss8hhclnRTLNK4ZArCUN5J9roiDnw+EUHzLd5BPYDbbLnNk9iJWExv3olRNw/xcA5mTifVMA= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=ti.com; spf=pass smtp.mailfrom=ti.com; dkim=pass (1024-bit key) header.d=ti.com header.i=@ti.com header.b=aMjXcu8n; arc=none smtp.client-ip=198.47.19.245 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=ti.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=ti.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=ti.com header.i=@ti.com header.b="aMjXcu8n" Received: from lelv0266.itg.ti.com ([10.180.67.225]) by fllvem-ot03.ext.ti.com (8.15.2/8.15.2) with ESMTPS id 50GBGcau3929407 (version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Thu, 16 Jan 2025 05:16:38 -0600 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ti.com; s=ti-com-17Q1; t=1737026198; bh=CjWeOrgrgsUWX/lvkWyygw1TwAgIFSIM+ameJ+FGJjY=; h=From:To:CC:Subject:Date; b=aMjXcu8n6FBm12F+o7f6Nbwfa4BG/1aSBJoR5skZ4FlKCcq0BwLMrMk/ErFRhcHnu ux/hTm/0SoePp/v8d/gNIOWsgikqPJr9Wub9VpkTpInwYAtz0kNrB5t7X/88TkdZaD 6Bp6TJIYCgF9LI9tYXy2uuwXa5gFG5Hozmoz0KbY= Received: from DLEE102.ent.ti.com (dlee102.ent.ti.com [157.170.170.32]) by lelv0266.itg.ti.com (8.15.2/8.15.2) with ESMTP id 50GBGbEJ118125; Thu, 16 Jan 2025 05:16:38 -0600 Received: from DLEE114.ent.ti.com (157.170.170.25) by DLEE102.ent.ti.com (157.170.170.32) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.2507.23; Thu, 16 Jan 2025 05:16:37 -0600 Received: from lelvsmtp6.itg.ti.com (10.180.75.249) by DLEE114.ent.ti.com (157.170.170.25) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.2507.23 via Frontend Transport; Thu, 16 Jan 2025 05:16:37 -0600 Received: from localhost (jayesh-hp-z2-tower-g5-workstation.dhcp.ti.com [10.24.69.252]) by lelvsmtp6.itg.ti.com (8.15.2/8.15.2) with ESMTP id 50GBGaH2060516; Thu, 16 Jan 2025 05:16:37 -0600 From: Jayesh Choudhary To: , , , , , , , , CC: , , , , , , , , Subject: [RFC PATCH] drm: bridge: cdns-mhdp8546: Fix possible null pointer dereference Date: Thu, 16 Jan 2025 16:46:36 +0530 Message-ID: <20250116111636.157641-1-j-choudhary@ti.com> X-Mailer: git-send-email 2.34.1 Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-C2ProcessedOrg: 333ef613-75bf-4e12-a4b1-8e3623f5dcea Content-Type: text/plain; charset="utf-8" For the cases we have DRM_BRIDGE_ATTACH_NO_CONNECTOR flag set, the connector structure is not initialised in the bridge. That's done by encoder. So in case of some failure in cdns_mhdp_atomic_enable, when we schedule work for modeset_retry_work, we will use the mutex of connector which will result in NULL pointer dereference. Handle it by adding condition for the connector. Otherwise, since the modeset_retry_work tries to set the connector status as bad, set the mhdp->plugged as false which would give the connector status as disconnected in detect hook. Fixes: fb43aa0acdfd ("drm: bridge: Add support for Cadence MHDP8546 DPI/DP = bridge") Signed-off-by: Jayesh Choudhary --- NOTE: Found this issue in one particular board where edid read failed. Issue log: Adding conditional fixes the null pointer issue but there is still flooding of these logs (128 times): "cdns-mhdp8546 a000000.bridge: Failed to read DPCD addr 0" Sending RFC as I am still not sure about how to handle this flooding. Is it okay to decrease the log level for DPCD read and DPCD write in the cdns_mhdp_transfer to debug? .../drm/bridge/cadence/cdns-mhdp8546-core.c | 24 ++++++++++--------- 1 file changed, 13 insertions(+), 11 deletions(-) diff --git a/drivers/gpu/drm/bridge/cadence/cdns-mhdp8546-core.c b/drivers/= gpu/drm/bridge/cadence/cdns-mhdp8546-core.c index d081850e3c03..6a121a2700d2 100644 --- a/drivers/gpu/drm/bridge/cadence/cdns-mhdp8546-core.c +++ b/drivers/gpu/drm/bridge/cadence/cdns-mhdp8546-core.c @@ -2363,18 +2363,20 @@ static void cdns_mhdp_modeset_retry_fn(struct work_= struct *work) =20 mhdp =3D container_of(work, typeof(*mhdp), modeset_retry_work); =20 - conn =3D &mhdp->connector; - - /* Grab the locks before changing connector property */ - mutex_lock(&conn->dev->mode_config.mutex); - - /* - * Set connector link status to BAD and send a Uevent to notify - * userspace to do a modeset. - */ - drm_connector_set_link_status_property(conn, DRM_MODE_LINK_STATUS_BAD); - mutex_unlock(&conn->dev->mode_config.mutex); + if (mhdp->connector.dev) { + conn =3D &mhdp->connector; + /* Grab the locks before changing connector property */ + mutex_lock(&conn->dev->mode_config.mutex); =20 + /* + * Set connector link status to BAD and send a Uevent to notify + * userspace to do a modeset. + */ + drm_connector_set_link_status_property(conn, DRM_MODE_LINK_STATUS_BAD); + mutex_unlock(&conn->dev->mode_config.mutex); + } else { + mhdp->plugged =3D false; + } /* Send Hotplug uevent so userspace can reprobe */ drm_kms_helper_hotplug_event(mhdp->bridge.dev); } --=20 2.34.1