drm/i915: fix NULL deref in the load detect code

Looks like I've missed one of the potential NULL deref bugs in Jesse's
fbdev->fb embedded struct to pointer conversions. Fix it up.

This regression has been introduced in

commit 8bcd45534ddf68ab71aeed709dacd9cf65dc0f75
Author: Jesse Barnes <jbarnes@virtuousgeek.org>
Date:   Fri Feb 7 12:10:38 2014 -0800

    drm/i915: alloc intel_fb in the intel_fbdev struct

Cc: Jesse Barnes <jbarnes@virtuousgeek.org>
Reviewed-by: Jesse Barnes <jbarnes@virtuousgeek.org>
Signed-off-by: Daniel Vetter <daniel.vetter@ffwll.ch>

diff --git a/drivers/gpu/drm/i915/intel_display.c b/drivers/gpu/drm/i915/intel_display.c
index fd860077d0fe9a9a3937aa9cf982c0f2f56dd9f9..e0b7d06687f71a4356b8866c4757d2aabc64f64c 100644 (file)
--- a/drivers/gpu/drm/i915/intel_display.c
+++ b/drivers/gpu/drm/i915/intel_display.c
@@ -7754,13 +7754,15 @@ mode_fits_in_fbdev(struct drm_device *dev,
        struct drm_i915_gem_object *obj;
        struct drm_framebuffer *fb;
 
-       if (dev_priv->fbdev == NULL)
+       if (!dev_priv->fbdev)
                return NULL;
 
-       obj = dev_priv->fbdev->fb->obj;
-       if (obj == NULL)
+       if (!dev_priv->fbdev->fb)
                return NULL;
 
+       obj = dev_priv->fbdev->fb->obj;
+       BUG_ON(!obj);
+
        fb = &dev_priv->fbdev->fb->base;
        if (fb->pitches[0] < intel_framebuffer_pitch_for_width(mode->hdisplay,
                                                               fb->bits_per_pixel))