On 5/18/26 21:47, Jonas Karlman wrote:
The IRQ handler can be called at any time after the call to devm_request_threaded_irq() completes, even before dw_hdmi->bridge has been assigned later in meson_dw_hdmi_bind().Protect from a possible NULL pointer dereference in IRQ handler by only calling drm_helper_hpd_irq_event() when bridge has been assigned. Fixes: e67f6037ae1b ("drm/meson: split out encoder from meson_dw_hdmi") Signed-off-by: Jonas Karlman <[email protected]> --- I only observed this NULL pointer dereference one time, without being able to reliably re-create a similar timing scenario. I still think this is an issue that possible could happen and likely should be fixed. Note that patches later in this series will fully replace this change. --- drivers/gpu/drm/meson/meson_dw_hdmi.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/drivers/gpu/drm/meson/meson_dw_hdmi.c b/drivers/gpu/drm/meson/meson_dw_hdmi.c index 993f6d5d4b29..eafe7daf6ff1 100644 --- a/drivers/gpu/drm/meson/meson_dw_hdmi.c +++ b/drivers/gpu/drm/meson/meson_dw_hdmi.c @@ -520,7 +520,8 @@ static irqreturn_t dw_hdmi_top_thread_irq(int irq, void *dev_id) u32 stat = dw_hdmi->irq_stat;/* HPD Events */- if (stat & (HDMITX_TOP_INTR_HPD_RISE | HDMITX_TOP_INTR_HPD_FALL)) { + if (stat & (HDMITX_TOP_INTR_HPD_RISE | HDMITX_TOP_INTR_HPD_FALL) && + dw_hdmi->bridge) { bool hpd_connected = false;if (stat & HDMITX_TOP_INTR_HPD_RISE)
Reviewed-by: Neil Armstrong <[email protected]> Thanks, Neil
