drm/msm/dsi: add protection against NULL dsi device

When panel probe happens after DSI probe, the DSI probe is deferred as
per current design. In the probe defer path dsi device is destroyed.
This NULL dsi device could be deferenced by the panel probe in the
mipi_dsi_attach path.

Check for NULL dsi device before accessing it.

Changes in v2:
 - Add more comments on how this NULL pointer situation will be hit

Reported-by: Jeffrey Hugo <jhugo@codeaurora.org>
Tested-by: Jeffrey Hugo <jhugo@codeaurora.org>
Signed-off-by: Abhinav Kumar <abhinavk@codeaurora.org>
Signed-off-by: Rob Clark <robdclark@chromium.org>

1 files changed, 11 insertions, 1 deletions

diff --git a/drivers/gpu/drm/msm/dsi/dsi_manager.c b/drivers/gpu/drm/msm/dsi/dsi_manager.c
index 979a8e929341..72ac869a737a 100644
--- a/drivers/gpu/drm/msm/dsi/dsi_manager.c
+++ b/drivers/gpu/drm/msm/dsi/dsi_manager.c
@@ -762,7 +762,7 @@ bool msm_dsi_manager_cmd_xfer_trigger(int id, u32 dma_base, u32 len)
 void msm_dsi_manager_attach_dsi_device(int id, u32 device_flags)
 {
 	struct msm_dsi *msm_dsi = dsi_mgr_get_dsi(id);
-	struct drm_device *dev = msm_dsi->dev;
+	struct drm_device *dev;
 	struct msm_drm_private *priv;
 	struct msm_kms *kms;
 	struct drm_encoder *encoder;
@@ -774,7 +774,17 @@ void msm_dsi_manager_attach_dsi_device(int id, u32 device_flags)
 	 * (generally the case when we're connected to a drm_panel of the type
 	 * mipi_dsi_device), this would be NULL. In such cases, try to set the
 	 * encoder mode in the DSI connector's detect() op.
+	 *
+	 * msm_dsi pointer is assigned to a valid dsi device only when
+	 * msm_dsi_manager_register() succeeds. When panel hasnt probed yet
+	 * dsi_mgr_setup_components() could potentially return -EDEFER and
+	 * assign the msm_dsi->dev to NULL. When the panel now probes and calls
+	 * mipi_dsi_attach(), this will call msm_dsi_manager_attach_dsi_device()
+	 * which will result in a NULL pointer dereference
 	 */
+
+	dev = msm_dsi ? msm_dsi->dev : NULL;
+
 	if (!dev)
 		return;