drm/msm: Fix potential NULL dereference in DPU SSPP

[ Upstream commit 8bf71a5719b6cc5b6ba358096081e5d50ea23ab6 ]

Move initialization of sblk in _sspp_subblk_offset() after NULL check to
avoid potential NULL pointer dereference.

Fixes: 25fdd5933e4c ("drm/msm: Add SDM845 DPU support")
Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Jessica Zhang <jesszhan@codeaurora.org>
Link: https://lore.kernel.org/r/20211020175733.3379-1-jesszhan@codeaurora.org
Signed-off-by: Rob Clark <robdclark@chromium.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>

diff --git a/drivers/gpu/drm/msm/disp/dpu1/dpu_hw_sspp.c b/drivers/gpu/drm/msm/disp/dpu1/dpu_hw_sspp.c
index c940b69435e162d1a10d2854a497331067f9d584..016c462bdb5d229f2725fc70734173b08f5183d0 100644 (file)
--- a/drivers/gpu/drm/msm/disp/dpu1/dpu_hw_sspp.c
+++ b/drivers/gpu/drm/msm/disp/dpu1/dpu_hw_sspp.c
@@ -138,11 +138,13 @@ static int _sspp_subblk_offset(struct dpu_hw_pipe *ctx,
                u32 *idx)
 {
        int rc = 0;
-       const struct dpu_sspp_sub_blks *sblk = ctx->cap->sblk;
+       const struct dpu_sspp_sub_blks *sblk;
 
-       if (!ctx)
+       if (!ctx || !ctx->cap || !ctx->cap->sblk)
                return -EINVAL;
 
+       sblk = ctx->cap->sblk;
+
        switch (s_id) {
        case DPU_SSPP_SRC:
                *idx = sblk->src_blk.base;
@@ -419,7 +421,7 @@ static void _dpu_hw_sspp_setup_scaler3(struct dpu_hw_pipe *ctx,
 
        (void)pe;
        if (_sspp_subblk_offset(ctx, DPU_SSPP_SCALER_QSEED3, &idx) || !sspp
-               || !scaler3_cfg || !ctx || !ctx->cap || !ctx->cap->sblk)
+               || !scaler3_cfg)
                return;
 
        dpu_hw_setup_scaler3(&ctx->hw, scaler3_cfg, idx,