Re: [PATCH v2] drm: bridge: it66121: Fix invalid connector dereference
From: Aradhya Bhatia
Date: Fri Sep 01 2023 - 07:32:27 EST
On 01-Sep-23 15:01, Jai Luthra wrote:
> Fix the NULL pointer dereference when no monitor is connected, and the
> sound card is opened from userspace.
>
> Instead return an empty buffer (of zeroes) as the EDID information to
> the sound framework if there is no connector attached.
>
> Fixes: e0fd83dbe924 ("drm: bridge: it66121: Add audio support")
> Reported-by: Nishanth Menon <nm@xxxxxx>
> Closes: https://lore.kernel.org/all/20230825105849.crhon42qndxqif4i@gondola/
> Reviewed-by: Helen Koike <helen.koike@xxxxxxxxxxxxx>
> Signed-off-by: Jai Luthra <j-luthra@xxxxxx>
Reviewed-by: Aradhya Bhatia <a-bhatia1@xxxxxx>
Regards
Aradhya
> ---
> Changes in v2:
> - Return an empty buffer of 0s instead of returning an error
> - Lock the mutex before accessing ctx->connector
> - Link to v1: https://lore.kernel.org/r/20230825-it66121_edid-v1-1-3ab54923e472@xxxxxx
> ---
> drivers/gpu/drm/bridge/ite-it66121.c | 12 ++++++++----
> 1 file changed, 8 insertions(+), 4 deletions(-)
>
> diff --git a/drivers/gpu/drm/bridge/ite-it66121.c b/drivers/gpu/drm/bridge/ite-it66121.c
> index 466641c77fe9..fc7f5ec5fb38 100644
> --- a/drivers/gpu/drm/bridge/ite-it66121.c
> +++ b/drivers/gpu/drm/bridge/ite-it66121.c
> @@ -1447,10 +1447,14 @@ static int it66121_audio_get_eld(struct device *dev, void *data,
> struct it66121_ctx *ctx = dev_get_drvdata(dev);
>
> mutex_lock(&ctx->lock);
> -
> - memcpy(buf, ctx->connector->eld,
> - min(sizeof(ctx->connector->eld), len));
> -
> + if (!ctx->connector) {
> + /* Pass en empty ELD if connector not available */
> + dev_dbg(dev, "No connector present, passing empty EDID data");
> + memset(buf, 0, len);
> + } else {
> + memcpy(buf, ctx->connector->eld,
> + min(sizeof(ctx->connector->eld), len));
> + }
> mutex_unlock(&ctx->lock);
>
> return 0;
>
> ---
> base-commit: 99d99825fc075fd24b60cc9cf0fb1e20b9c16b0f
> change-id: 20230825-it66121_edid-6ee98517808b
>
> Best regards,