On Mon, 8 Apr 2024 at 11:57, Aleksandr Mishin <amis...@t-argos.ru> wrote:
>
> In dpu_core_irq_callback_handler() callback function pointer is compared to
> NULL,
> but then callback function is unconditionally called by this pointer.
> Fix this bug by adding conditional return.
>
> Found by Linux Verification Center (linuxtesting.org) with SVACE.
This should be converted to a proper Reported-by: trailer.
>
> Fixes: c929ac60b3ed ("drm/msm/dpu: allow just single IRQ callback")
> Signed-off-by: Aleksandr Mishin <amis...@t-argos.ru>
> ---
> drivers/gpu/drm/msm/disp/dpu1/dpu_hw_interrupts.c | 4 +++-
> 1 file changed, 3 insertions(+), 1 deletion(-)
>
> diff --git a/drivers/gpu/drm/msm/disp/dpu1/dpu_hw_interrupts.c
> b/drivers/gpu/drm/msm/disp/dpu1/dpu_hw_interrupts.c
> index 946dd0135dff..03a16fbd4c99 100644
> --- a/drivers/gpu/drm/msm/disp/dpu1/dpu_hw_interrupts.c
> +++ b/drivers/gpu/drm/msm/disp/dpu1/dpu_hw_interrupts.c
> @@ -223,9 +223,11 @@ static void dpu_core_irq_callback_handler(struct dpu_kms
> *dpu_kms, unsigned int
>
> VERB("IRQ=[%d, %d]\n", DPU_IRQ_REG(irq_idx), DPU_IRQ_BIT(irq_idx));
>
> - if (!irq_entry->cb)
> + if (!irq_entry->cb) {
> DRM_ERROR("no registered cb, IRQ=[%d, %d]\n",
> DPU_IRQ_REG(irq_idx), DPU_IRQ_BIT(irq_idx));
> + return;
> + }
>
> atomic_inc(&irq_entry->count);
>
> --
> 2.30.2
>
>
--
With best wishes
Dmitry
