projects / platform / adaptation / renesas_rcar / renesas_kernel.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 6b6ef1e)
imx-drm: ipuv3-plane: fix ipu_plane_dpms()
authorRussell King <rmk+kernel@arm.linux.org.uk>
Mon, 1 Sep 2014 17:07:33 +0000 (18:07 +0100)
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Sun, 5 Oct 2014 21:52:12 +0000 (14:52 -0700)
commit 3a44a2058747d71385eb69691c7f977cb58cc293 upstream.

When unbinding imx-drm, the following oops was observed:

Unable to handle kernel NULL pointer dereference at virtual address 00000004
pgd = e995c000
[00000004] *pgd=4fea5831
Internal error: Oops: 817 [#1] SMP ARM
Modules linked in: bnep rfcomm bluetooth nfsd exportfs hid_cypress brcmfmac brcmutil snd_soc_fsl_ssi snd_soc_fsl_spdif imx_pcm_fiq imx_pcm_dma snd_soc_sgtl5000 imx_sdma imx2_wdt imx_ldb(C) imx_thermal snd_soc_imx_sgtl5000 snd_soc_imx_spdif snd_soc_imx_audmux
CPU: 1 PID: 779 Comm: bash Tainted: G         C    3.16.0-rc2+ #1230
task: ea9eb180 ti: ea378000 task.ti: ea378000
PC is at ipu_dp_put+0x10/0x18
LR is at ipu_plane_dpms+0x60/0x8c
pc : [<c0350d20>]    lr : [<c04bd9e8>]    psr: 200f0013
sp : ea379d80  ip : ea379d90  fp : ea379d8c
r10: 00100100  r9 : 00000000  r8 : 00200200
r7 : e9ba0264  r6 : e9ba01f8  r5 : 00000000  r4 : ea34b800
r3 : 00000000  r2 : 00000000  r1 : 0000009b  r0 : 00000000
Flags: nzCv  IRQs on  FIQs on  Mode SVC_32  ISA ARM  Segment user
Control: 10c53c7d  Table: 3995c04a  DAC: 00000015
Process bash (pid: 779, stack limit = 0xea378240)
Stack: (0xea379d80 to 0xea37a000)
...
Backtrace:
[<c0350d10>] (ipu_dp_put) from [<c04bd9e8>] (ipu_plane_dpms+0x60/0x8c)
[<c04bd988>] (ipu_plane_dpms) from [<c04bda40>] (ipu_disable_plane+0x2c/0x60)
[<c04bda14>] (ipu_disable_plane) from [<c04bda9c>] (ipu_plane_destroy+0x28/0x60)
[<c04bda74>] (ipu_plane_destroy) from [<c033ff84>] (drm_mode_config_cleanup+0x1b8/0x250)
[<c033fdcc>] (drm_mode_config_cleanup) from [<c04bc234>] (imx_drm_driver_unload+0x44/0x4c)
[<c04bc1f0>] (imx_drm_driver_unload) from [<c03394a4>] (drm_dev_unregister+0x2c/0xa0)
[<c0339478>] (drm_dev_unregister) from [<c0339f8c>] (drm_put_dev+0x30/0x6c)
[<c0339f5c>] (drm_put_dev) from [<c04bc1cc>] (imx_drm_unbind+0x14/0x18)
[<c04bc1b8>] (imx_drm_unbind) from [<c03530b4>] (component_master_del+0xbc/0xd8)
...
Code: e1a0c00d e92dd800 e24cb004 e3a03000 (e5c03004)

This is caused by a missing check in ipu_plane_dpms for a NULL pointer.

Fixes: b8d181e408af ("staging: drm/imx: add drm plane support")
Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
drivers/staging/imx-drm/ipuv3-plane.c patch | blob | history

diff --git a/drivers/staging/imx-drm/ipuv3-plane.c b/drivers/staging/imx-drm/ipuv3-plane.c
index 34b642a..c70f173 100644 (file)
--- a/drivers/staging/imx-drm/ipuv3-plane.c
+++ b/drivers/staging/imx-drm/ipuv3-plane.c
@@ -277,7 +277,8 @@ static void ipu_plane_dpms(struct ipu_plane *ipu_plane, int mode)
 
                ipu_idmac_put(ipu_plane->ipu_ch);
                ipu_dmfc_put(ipu_plane->dmfc);
-               ipu_dp_put(ipu_plane->dp);
+               if (ipu_plane->dp)
+                       ipu_dp_put(ipu_plane->dp);
        }
 }
 
Domain: System / Uncategorized;