drm/msm: Fix possible uninitialized access in fbdev
authorThomas Zimmermann <tzimmermann@suse.de>
Wed, 22 Feb 2023 12:37:12 +0000 (13:37 +0100)
committerRob Clark <robdclark@chromium.org>
Wed, 22 Feb 2023 19:22:03 +0000 (11:22 -0800)
Do not run drm_fb_helper_unprepare() if fbdev allocation fails. Avoids
access to an uninitialized pointer. Original bug report is at [1].

Reported-by: kernel test robot <lkp@intel.com>
Signed-off-by: Thomas Zimmermann <tzimmermann@suse.de>
Fixes: 3fb1f62f80a1 ("drm/fb-helper: Remove drm_fb_helper_unprepare() from drm_fb_helper_fini()")
Link: https://lore.kernel.org/oe-kbuild-all/202302220810.9dymwCQ8-lkp@intel.com/
Reviewed-by: Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
Patchwork: https://patchwork.freedesktop.org/patch/523715/
Link: https://lore.kernel.org/r/20230222123712.5049-1-tzimmermann@suse.de
Signed-off-by: Rob Clark <robdclark@chromium.org>
drivers/gpu/drm/msm/msm_fbdev.c

index 31e1e30cb52a238c56fb6ec507bcf47569339f42..dd7d0b965f85fa9df523f57d3b0aba61ebb49af9 100644 (file)
@@ -136,13 +136,13 @@ static const struct drm_fb_helper_funcs msm_fb_helper_funcs = {
 struct drm_fb_helper *msm_fbdev_init(struct drm_device *dev)
 {
        struct msm_drm_private *priv = dev->dev_private;
-       struct msm_fbdev *fbdev = NULL;
+       struct msm_fbdev *fbdev;
        struct drm_fb_helper *helper;
        int ret;
 
        fbdev = kzalloc(sizeof(*fbdev), GFP_KERNEL);
        if (!fbdev)
-               goto fail;
+               return NULL;
 
        helper = &fbdev->base;