[PATCH v2] drm: bridge: it66121: Fix invalid connector dereference
From: Jai Luthra
Date: Fri Sep 01 2023 - 05:31:50 EST
Fix the NULL pointer dereference when no monitor is connected, and the
sound card is opened from userspace.
Instead return an empty buffer (of zeroes) as the EDID information to
the sound framework if there is no connector attached.
Fixes: e0fd83dbe924 ("drm: bridge: it66121: Add audio support")
Reported-by: Nishanth Menon <nm@xxxxxx>
Closes: https://lore.kernel.org/all/20230825105849.crhon42qndxqif4i@gondola/
Reviewed-by: Helen Koike <helen.koike@xxxxxxxxxxxxx>
Signed-off-by: Jai Luthra <j-luthra@xxxxxx>
---
Changes in v2:
- Return an empty buffer of 0s instead of returning an error
- Lock the mutex before accessing ctx->connector
- Link to v1: https://lore.kernel.org/r/20230825-it66121_edid-v1-1-3ab54923e472@xxxxxx
---
drivers/gpu/drm/bridge/ite-it66121.c | 12 ++++++++----
1 file changed, 8 insertions(+), 4 deletions(-)
diff --git a/drivers/gpu/drm/bridge/ite-it66121.c b/drivers/gpu/drm/bridge/ite-it66121.c
index 466641c77fe9..fc7f5ec5fb38 100644
--- a/drivers/gpu/drm/bridge/ite-it66121.c
+++ b/drivers/gpu/drm/bridge/ite-it66121.c
@@ -1447,10 +1447,14 @@ static int it66121_audio_get_eld(struct device *dev, void *data,
struct it66121_ctx *ctx = dev_get_drvdata(dev);
mutex_lock(&ctx->lock);
-
- memcpy(buf, ctx->connector->eld,
- min(sizeof(ctx->connector->eld), len));
-
+ if (!ctx->connector) {
+ /* Pass en empty ELD if connector not available */
+ dev_dbg(dev, "No connector present, passing empty EDID data");
+ memset(buf, 0, len);
+ } else {
+ memcpy(buf, ctx->connector->eld,
+ min(sizeof(ctx->connector->eld), len));
+ }
mutex_unlock(&ctx->lock);
return 0;
---
base-commit: 99d99825fc075fd24b60cc9cf0fb1e20b9c16b0f
change-id: 20230825-it66121_edid-6ee98517808b
Best regards,
--
Jai Luthra <j-luthra@xxxxxx>