Re: [PATCH] drm/vc4: fix NULL dereference in vc4_hvs_unbind
From: Dave Stevenson
Date: Tue May 05 2026 - 04:55:16 EST
Hi Thorsten
On Sat, 2 May 2026 at 13:13, Thorsten Blum <thorsten.blum@xxxxxxxxx> wrote:
>
> With 'dtoverlay=vc4-kms-v3d,noaudio' and 'hdmi=off' on Raspberry Pi,
Mainline doesn't use overlays, so this description isn't valid.
Which generation of Pi are you using? Whilst they all share the vc4
driver, the functionality associated differs. If you're disabling HDMI
(and HDMI audio), which display outputs are you using?
> unloading the vc4 module calls vc4_hvs_unbind() with
> dev_get_drvdata(master) returning NULL.
>
> Return early when 'drm' is NULL before converting it to 'vc4' and before
> dereferencing 'vc4->hvs', preventing a kernel oops.
That leaves things allocated and clocks running, so bailing out isn't a fix.
I'll have a look to see why dev_get_drvdata is returning NULL.
Dave
> Fixes: c8b75bca92cb ("drm/vc4: Add KMS support for Raspberry Pi.")
> Cc: stable@xxxxxxxxxxxxxxx
> Signed-off-by: Thorsten Blum <thorsten.blum@xxxxxxxxx>
> ---
> drivers/gpu/drm/vc4/vc4_hvs.c | 10 ++++++++--
> 1 file changed, 8 insertions(+), 2 deletions(-)
>
> diff --git a/drivers/gpu/drm/vc4/vc4_hvs.c b/drivers/gpu/drm/vc4/vc4_hvs.c
> index ee8d0738501b..9cb66f696fc7 100644
> --- a/drivers/gpu/drm/vc4/vc4_hvs.c
> +++ b/drivers/gpu/drm/vc4/vc4_hvs.c
> @@ -1753,10 +1753,16 @@ static void vc4_hvs_unbind(struct device *dev, struct device *master,
> void *data)
> {
> struct drm_device *drm = dev_get_drvdata(master);
> - struct vc4_dev *vc4 = to_vc4_dev(drm);
> - struct vc4_hvs *hvs = vc4->hvs;
> + struct vc4_dev *vc4;
> + struct vc4_hvs *hvs;
> struct drm_mm_node *node, *next;
>
> + if (!drm)
> + return;
> +
> + vc4 = to_vc4_dev(drm);
> + hvs = vc4->hvs;
> +
> if (drm_mm_node_allocated(&vc4->hvs->mitchell_netravali_filter))
> drm_mm_remove_node(&vc4->hvs->mitchell_netravali_filter);
>