From: Ilia Mirkin Date: Sun, 19 Jan 2014 15:30:32 +0000 (-0500) Subject: drm/nouveau/mxm: fix null deref on load X-Git-Tag: firefly_0821_release~176^2~4662 X-Git-Url: http://demsky.eecs.uci.edu/git/?a=commitdiff_plain;h=72de182362e013b2c2cc92092d97fff58e429d5d;p=firefly-linux-kernel-4.4.55.git drm/nouveau/mxm: fix null deref on load Since commit 61b365a505d6 ("drm/nouveau: populate master subdev pointer only when fully constructed"), the nouveau_mxm(bios) call will return NULL, since it's still being called from the constructor. Instead, pass the mxm pointer via the unused data field. See https://bugs.freedesktop.org/show_bug.cgi?id=73791 Reported-by: Andreas Reis Tested-by: Andreas Reis Signed-off-by: Ilia Mirkin Cc: Ben Skeggs Cc: Dave Airlie Signed-off-by: Linus Torvalds --- diff --git a/drivers/gpu/drm/nouveau/core/subdev/mxm/nv50.c b/drivers/gpu/drm/nouveau/core/subdev/mxm/nv50.c index af129c2e8113..64f8b4702bf7 100644 --- a/drivers/gpu/drm/nouveau/core/subdev/mxm/nv50.c +++ b/drivers/gpu/drm/nouveau/core/subdev/mxm/nv50.c @@ -100,7 +100,7 @@ mxm_match_dcb(struct nouveau_mxm *mxm, u8 *data, void *info) static int mxm_dcb_sanitise_entry(struct nouveau_bios *bios, void *data, int idx, u16 pdcb) { - struct nouveau_mxm *mxm = nouveau_mxm(bios); + struct nouveau_mxm *mxm = data; struct context ctx = { .outp = (u32 *)(bios->data + pdcb) }; u8 type, i2cidx, link, ver, len; u8 *conn; @@ -199,7 +199,7 @@ mxm_dcb_sanitise(struct nouveau_mxm *mxm) return; } - dcb_outp_foreach(bios, NULL, mxm_dcb_sanitise_entry); + dcb_outp_foreach(bios, mxm, mxm_dcb_sanitise_entry); mxms_foreach(mxm, 0x01, mxm_show_unmatched, NULL); }