Re: [PATCH 01/39] drm/atomic: Make drm_atomic_get_connector_state() early return consistent

Wed, 27 Aug 2025 10:41:04 -0700 

On 25 August 2025 16.43.06 EEST, Maxime Ripard <mrip...@kernel.org> wrote:
>The drm_atomic_get_connector_state() tries to lookup if a connector
>state was already allocated in the global state to return early if it
>was the case. drm_atomic_get_plane_state() and
>drm_atomic_get_crtc_state() behave similarly.
>
>However, and unlike the other two, drm_atomic_get_connector_state() will
>do that lookup after having called drm_modeset_lock(), when the others
>will do it before.
>
>Let's move the early return before the lock to make it consistent.
>
>Signed-off-by: Maxime Ripard <mrip...@kernel.org>
>---
> drivers/gpu/drm/drm_atomic.c | 6 +++---
> 1 file changed, 3 insertions(+), 3 deletions(-)
>
>diff --git a/drivers/gpu/drm/drm_atomic.c b/drivers/gpu/drm/drm_atomic.c
>index 
>cd15cf52f0c9144711da5879da57884674aea9e4..fe21f154e0fa030f85fb3d6d35e2684adcf36e26
> 100644
>--- a/drivers/gpu/drm/drm_atomic.c
>+++ b/drivers/gpu/drm/drm_atomic.c
>@@ -1128,10 +1128,13 @@ drm_atomic_get_connector_state(struct drm_atomic_state 
>*state,
>       struct drm_mode_config *config = &connector->dev->mode_config;
>       struct drm_connector_state *connector_state;
> 
>       WARN_ON(!state->acquire_ctx);
> 
>+      if (state->connectors[index].state)
>+              return state->connectors[index].state;

Unlike other DRM objects, connectors are dynamic. There is no guarantee that at 
this point this array entry exists and it's valid. You might be tampering with 
the unallocated memory.

>+
>       ret = drm_modeset_lock(&config->connection_mutex, state->acquire_ctx);
>       if (ret)
>               return ERR_PTR(ret);
> 
>       index = drm_connector_index(connector);
>@@ -1150,13 +1153,10 @@ drm_atomic_get_connector_state(struct drm_atomic_state 
>*state,
>                      sizeof(*state->connectors) * (alloc - 
> state->num_connector));
> 
>               state->num_connector = alloc;
>       }
> 
>-      if (state->connectors[index].state)
>-              return state->connectors[index].state;
>-
>       connector_state = connector->funcs->atomic_duplicate_state(connector);
>       if (!connector_state)
>               return ERR_PTR(-ENOMEM);
> 
>       drm_connector_get(connector);
>


With best wishes 
Dmitry

Reply via email to