drm/irq: Check for valid VBLANK before dereference
authorThierry Reding <treding@nvidia.com>
Wed, 12 Aug 2015 15:00:30 +0000 (17:00 +0200)
committerDaniel Vetter <daniel.vetter@ffwll.ch>
Wed, 12 Aug 2015 15:39:47 +0000 (17:39 +0200)
When accessing the array of per-CRTC VBLANK structures we must always
check that the index into the array is valid before dereferencing to
avoid crashing.

Signed-off-by: Thierry Reding <treding@nvidia.com>
[danvet: Squash in my own whitespace ocd fixup in drm_vblank_count.]
Signed-off-by: Daniel Vetter <daniel.vetter@ffwll.ch>
drivers/gpu/drm/drm_irq.c

index 120a16fe15c2096aef5b96c2b8ee4dae6bc071a6..f7c8b758059f9b9b3a708fd166c1cadb67e9aa37 100644 (file)
@@ -877,6 +877,7 @@ u32 drm_vblank_count(struct drm_device *dev, int crtc)
 
        if (WARN_ON(crtc >= dev->num_crtcs))
                return 0;
+
        return vblank->count;
 }
 EXPORT_SYMBOL(drm_vblank_count);
@@ -1110,10 +1111,10 @@ void drm_vblank_put(struct drm_device *dev, int crtc)
 {
        struct drm_vblank_crtc *vblank = &dev->vblank[crtc];
 
-       if (WARN_ON(atomic_read(&vblank->refcount) == 0))
+       if (WARN_ON(crtc >= dev->num_crtcs))
                return;
 
-       if (WARN_ON(crtc >= dev->num_crtcs))
+       if (WARN_ON(atomic_read(&vblank->refcount) == 0))
                return;
 
        /* Last user schedules interrupt disable */
@@ -1158,6 +1159,9 @@ void drm_wait_one_vblank(struct drm_device *dev, int crtc)
        int ret;
        u32 last;
 
+       if (WARN_ON(crtc >= dev->num_crtcs))
+               return;
+
        ret = drm_vblank_get(dev, crtc);
        if (WARN(ret, "vblank not available on crtc %i, ret=%i\n", crtc, ret))
                return;
@@ -1428,6 +1432,9 @@ void drm_vblank_post_modeset(struct drm_device *dev, int crtc)
        if (!dev->num_crtcs)
                return;
 
+       if (WARN_ON(crtc >= dev->num_crtcs))
+               return;
+
        if (vblank->inmodeset) {
                spin_lock_irqsave(&dev->vbl_lock, irqflags);
                dev->vblank_disable_allowed = true;