From fecabfd9241f6c41ffa975803682028361791cad Mon Sep 17 00:00:00 2001 From: Jordan Crouse Date: Tue, 7 May 2019 13:18:10 -0600 Subject: [PATCH] drm/msm/dpu: Avoid a null de-ref while recovering from kms init fail In the failure path for dpu_kms_init() it is possible to get to the MMU destroy function with uninitialized MMU structs. Check for NULL and skip if needed. Signed-off-by: Jordan Crouse Reviewed-by: Kristian H. Kristensen Signed-off-by: Rob Clark --- drivers/gpu/drm/msm/disp/dpu1/dpu_kms.c | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/drivers/gpu/drm/msm/disp/dpu1/dpu_kms.c b/drivers/gpu/drm/msm/disp/dpu1/dpu_kms.c index fb7c04c06416..4518e744c896 100644 --- a/drivers/gpu/drm/msm/disp/dpu1/dpu_kms.c +++ b/drivers/gpu/drm/msm/disp/dpu1/dpu_kms.c @@ -56,7 +56,7 @@ static const char * const iommu_ports[] = { #define DPU_DEBUGFS_HWMASKNAME "hw_log_mask" static int dpu_kms_hw_init(struct msm_kms *kms); -static int _dpu_kms_mmu_destroy(struct dpu_kms *dpu_kms); +static void _dpu_kms_mmu_destroy(struct dpu_kms *dpu_kms); static unsigned long dpu_iomap_size(struct platform_device *pdev, const char *name) @@ -713,17 +713,20 @@ static const struct msm_kms_funcs kms_funcs = { #endif }; -static int _dpu_kms_mmu_destroy(struct dpu_kms *dpu_kms) +static void _dpu_kms_mmu_destroy(struct dpu_kms *dpu_kms) { struct msm_mmu *mmu; + if (!dpu_kms->base.aspace) + return; + mmu = dpu_kms->base.aspace->mmu; mmu->funcs->detach(mmu, (const char **)iommu_ports, ARRAY_SIZE(iommu_ports)); msm_gem_address_space_put(dpu_kms->base.aspace); - return 0; + dpu_kms->base.aspace = NULL; } static int _dpu_kms_mmu_init(struct dpu_kms *dpu_kms) -- 2.30.2