Re: [PATCH v2 1/2] drm/modeset_lock: add NULL check for ctx before WARN_ON
From: Sworo, George D
Date: Thu Apr 30 2026 - 00:12:18 EST
Thanks Ville for the review!
Fair point. Ideally, we shouldn't be calling modeset_lock() with NULL
ctx but during a recent debug we uncovered an issue where the system
kept printing the calltrace and I figured this was one instance where
ctx is being dereferenced without a guard
03-26 11:33:03.261 0 0 F BUG : kernel NULL pointer
dereference, address: 0000000000000069
03-26 11:33:03.261 0 0 F #PF : supervisor read access in
kernel mode
03-26 11:33:03.261 0 0 F #PF : error_code(0x0000) - not-
present page
03-26 11:33:03.261 0 0 I : PGD 0 P4D 0
03-26 11:33:03.261 0 0 W Oops : Oops: 0000 [#1] PREEMPT SMP
NOPTI
03-26 11:33:03.261 0 0 W Tainted : [U]=USER, [W]=WARN,
[O]=OOT_MODULE
03-26 11:33:03.261 0 0 W Workqueue: i915_flip
intel_atomic_commit_work [xe]
03-26 11:33:03.262 0 0 W RIP : 0010:modeset_lock+0x74/0xd0
On Wed, 2026-04-29 at 14:09 +0300, Ville Syrjälä wrote:
> On Tue, Apr 28, 2026 at 11:04:30PM -0700,
> george.d.sworo@xxxxxxxxx wrote:
> > From: George D Sworo <george.d.sworo@xxxxxxxxx>
> >
> > modeset_lock() and drm_modeset_drop_locks() do not validate
> > the ctx pointer before dereferencing it in WARN_ON(ctx->contended),
> > which can lead to a NULL pointer dereference if ctx is NULL.
> >
> > Add a NULL check to prevent this.
>
> Why are you trying to pass garbage into the function?
>
> >
> > Signed-off-by: George D Sworo <george.d.sworo@xxxxxxxxx>
> > ---
> > drivers/gpu/drm/drm_modeset_lock.c | 2 +-
> > 1 file changed, 1 insertion(+), 1 deletion(-)
> >
> > diff --git a/drivers/gpu/drm/drm_modeset_lock.c
> > b/drivers/gpu/drm/drm_modeset_lock.c
> > index beb91a13a312..2052bb9bb9e5 100644
> > --- a/drivers/gpu/drm/drm_modeset_lock.c
> > +++ b/drivers/gpu/drm/drm_modeset_lock.c
> > @@ -295,7 +295,7 @@ static inline int modeset_lock(struct
> > drm_modeset_lock *lock,
> > {
> > int ret;
> >
> > - if (WARN_ON(ctx->contended))
> > + if (ctx && WARN_ON(ctx->contended))
> > __drm_stack_depot_print(ctx->stack_depot);
> >
> > if (ctx->trylock_only) {
> > --
> > 2.34.1
>