[Letux-kernel] [RFC 22/28] drm/fb-helper: fix potential NULL dereference in drm_fbdev_cleanup()
H. Nikolaus Schaller
hns at goldelico.com
Sat Jan 23 17:28:48 CET 2021
It may happen that drm_fbdev_client_hotplug() goes to err_cleanup
with no buffer allocated. This leads to a kernel panic in
drm_client_buffer_vunmap().
Signed-off-by: H. Nikolaus Schaller <hns at goldelico.com>
---
drivers/gpu/drm/drm_fb_helper.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/gpu/drm/drm_fb_helper.c b/drivers/gpu/drm/drm_fb_helper.c
index 4b81195106875..0e68f09708a08 100644
--- a/drivers/gpu/drm/drm_fb_helper.c
+++ b/drivers/gpu/drm/drm_fb_helper.c
@@ -2038,7 +2038,7 @@ static void drm_fbdev_cleanup(struct drm_fb_helper *fb_helper)
if (shadow)
vfree(shadow);
- else
+ else if (fb_helper->buffer)
drm_client_buffer_vunmap(fb_helper->buffer);
drm_client_framebuffer_delete(fb_helper->buffer);
--
2.26.2
More information about the Letux-kernel
mailing list