From adebb0daf71cdace4c8b6ff8dcb61d6332414657 Mon Sep 17 00:00:00 2001 From: Rahul Sharma Date: Thu, 25 Apr 2019 17:58:11 +0530 Subject: [PATCH] drm/msm/sde: fix null pointer dereference This change is done to fix null pointer dereference in sde_core_irq_preinstall(). Change-Id: I448e275e2ce5708738651d1cf7f66329bcf47451 Signed-off-by: Rahul Sharma --- drivers/gpu/drm/msm/sde/sde_core_irq.c | 20 +++++++++++++++++++- 1 file changed, 19 insertions(+), 1 deletion(-) diff --git a/drivers/gpu/drm/msm/sde/sde_core_irq.c b/drivers/gpu/drm/msm/sde/sde_core_irq.c index 4f7e688650de..b587e5c02b63 100644 --- a/drivers/gpu/drm/msm/sde/sde_core_irq.c +++ b/drivers/gpu/drm/msm/sde/sde_core_irq.c @@ -1,4 +1,4 @@ -/* Copyright (c) 2015-2017, The Linux Foundation. All rights reserved. +/* Copyright (c) 2015-2017,2019 The Linux Foundation. All rights reserved. * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License version 2 and @@ -388,10 +388,28 @@ void sde_core_irq_preinstall(struct sde_kms *sde_kms) sde_kms->irq_obj.total_irqs = sde_kms->hw_intr->irq_idx_tbl_size; sde_kms->irq_obj.irq_cb_tbl = kcalloc(sde_kms->irq_obj.total_irqs, sizeof(struct list_head), GFP_KERNEL); + if (sde_kms->irq_obj.irq_cb_tbl == NULL) { + SDE_ERROR("Failed to allocate\n"); + return; + } sde_kms->irq_obj.enable_counts = kcalloc(sde_kms->irq_obj.total_irqs, sizeof(atomic_t), GFP_KERNEL); + if (sde_kms->irq_obj.enable_counts == NULL) { + kfree(sde_kms->irq_obj.irq_cb_tbl); + sde_kms->irq_obj.irq_cb_tbl = NULL; + SDE_ERROR("Failed to allocate\n"); + return; + } sde_kms->irq_obj.irq_counts = kcalloc(sde_kms->irq_obj.total_irqs, sizeof(atomic_t), GFP_KERNEL); + if (sde_kms->irq_obj.irq_counts == NULL) { + kfree(sde_kms->irq_obj.irq_cb_tbl); + kfree(sde_kms->irq_obj.enable_counts); + sde_kms->irq_obj.irq_cb_tbl = NULL; + sde_kms->irq_obj.enable_counts = NULL; + SDE_ERROR("Failed to allocate\n"); + return; + } for (i = 0; i < sde_kms->irq_obj.total_irqs; i++) { INIT_LIST_HEAD(&sde_kms->irq_obj.irq_cb_tbl[i]); atomic_set(&sde_kms->irq_obj.enable_counts[i], 0);