lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <5535ac41-efb8-4bf5-91bb-9b6f63517e8f@collabora.com>
Date: Mon, 9 Feb 2026 12:40:13 +0100
From: AngeloGioacchino Del Regno <angelogioacchino.delregno@...labora.com>
To: Luca Leonardo Scorcia <l.scorcia@...il.com>,
 linux-mediatek@...ts.infradead.org
Cc: Chun-Kuang Hu <chunkuang.hu@...nel.org>,
 Philipp Zabel <p.zabel@...gutronix.de>, David Airlie <airlied@...il.com>,
 Simona Vetter <simona@...ll.ch>, Matthias Brugger <matthias.bgg@...il.com>,
 dri-devel@...ts.freedesktop.org, linux-kernel@...r.kernel.org,
 linux-arm-kernel@...ts.infradead.org
Subject: Re: [PATCH] drm/mediatek: dsi: Store driver data before invoking
 mipi_dsi_host_register

Il 09/02/26 10:05, Luca Leonardo Scorcia ha scritto:
> The call to mipi_dsi_host_register triggers a callback to mtk_dsi_bind,
> which uses dev_get_drvdata to retrieve the mtk_dsi struct, so this
> structure needs to be stored inside the driver data before invoking it.
> 
> As drvdata is currently uninitialized it leads to a crash when
> registering the DSI DRM encoder right after acquiring
> the mode_config.idr_mutex, blocking all subsequent DRM operations.
> 
> Fixes the following crash during mediatek-drm probe (tested on Xiaomi
> Smart Clock x04g):
> 
> Unable to handle kernel NULL pointer dereference at virtual address
>   0000000000000040
> [...]
> Modules linked in: mediatek_drm(+) drm_display_helper cec drm_client_lib
>   drm_dma_helper drm_kms_helper panel_simple
> [...]
> Call trace:
>   drm_mode_object_add+0x58/0x98 (P)
>   __drm_encoder_init+0x48/0x140
>   drm_encoder_init+0x6c/0xa0
>   drm_simple_encoder_init+0x20/0x34 [drm_kms_helper]
>   mtk_dsi_bind+0x34/0x13c [mediatek_drm]
>   component_bind_all+0x120/0x280
>   mtk_drm_bind+0x284/0x67c [mediatek_drm]
>   try_to_bring_up_aggregate_device+0x23c/0x320
>   __component_add+0xa4/0x198
>   component_add+0x14/0x20
>   mtk_dsi_host_attach+0x78/0x100 [mediatek_drm]
>   mipi_dsi_attach+0x2c/0x50
>   panel_simple_dsi_probe+0x4c/0x9c [panel_simple]
>   mipi_dsi_drv_probe+0x1c/0x28
>   really_probe+0xc0/0x3dc
>   __driver_probe_device+0x80/0x160
>   driver_probe_device+0x40/0x120
>   __device_attach_driver+0xbc/0x17c
>   bus_for_each_drv+0x88/0xf0
>   __device_attach+0x9c/0x1cc
>   device_initial_probe+0x54/0x60
>   bus_probe_device+0x34/0xa0
>   device_add+0x5b0/0x800
>   mipi_dsi_device_register_full+0xdc/0x16c
>   mipi_dsi_host_register+0xc4/0x17c
>   mtk_dsi_probe+0x10c/0x260 [mediatek_drm]
>   platform_probe+0x5c/0xa4
>   really_probe+0xc0/0x3dc
>   __driver_probe_device+0x80/0x160
>   driver_probe_device+0x40/0x120
>   __driver_attach+0xc8/0x1f8
>   bus_for_each_dev+0x7c/0xe0
>   driver_attach+0x24/0x30
>   bus_add_driver+0x11c/0x240
>   driver_register+0x68/0x130
>   __platform_register_drivers+0x64/0x160
>   mtk_drm_init+0x24/0x1000 [mediatek_drm]
>   do_one_initcall+0x60/0x1d0
>   do_init_module+0x54/0x240
>   load_module+0x1838/0x1dc0
>   init_module_from_file+0xd8/0xf0
>   __arm64_sys_finit_module+0x1b4/0x428
>   invoke_syscall.constprop.0+0x48/0xc8
>   do_el0_svc+0x3c/0xb8
>   el0_svc+0x34/0xe8
>   el0t_64_sync_handler+0xa0/0xe4
>   el0t_64_sync+0x198/0x19c
> Code: 52800022 941004ab 2a0003f3 37f80040 (29005a80)
> ---[ end trace 0000000000000000 ]---
> 
> Signed-off-by: Luca Leonardo Scorcia <l.scorcia@...il.com>

Reviewed-by: AngeloGioacchino Del Regno <angelogioacchino.delregno@...labora.com>

... but wait, what have I just read? Xiaomi Smart Clock?! MT8167?

Are you running upstream on this device?
If so, why don't you also contribute a nice devicetree to get this device finally
upstream?!?! :-)

Cheers,
Angelo

> ---
>   drivers/gpu/drm/mediatek/mtk_dsi.c | 4 ++--
>   1 file changed, 2 insertions(+), 2 deletions(-)
> 
> diff --git a/drivers/gpu/drm/mediatek/mtk_dsi.c b/drivers/gpu/drm/mediatek/mtk_dsi.c
> index 4c2983852596..2358407b8a6b 100644
> --- a/drivers/gpu/drm/mediatek/mtk_dsi.c
> +++ b/drivers/gpu/drm/mediatek/mtk_dsi.c
> @@ -1232,6 +1232,8 @@ static int mtk_dsi_probe(struct platform_device *pdev)
>   
>   	dsi->host.ops = &mtk_dsi_ops;
>   	dsi->host.dev = dev;
> +	platform_set_drvdata(pdev, dsi);
> +
>   	ret = mipi_dsi_host_register(&dsi->host);
>   	if (ret < 0)
>   		return dev_err_probe(dev, ret, "Failed to register DSI host\n");
> @@ -1254,8 +1256,6 @@ static int mtk_dsi_probe(struct platform_device *pdev)
>   
>   	init_waitqueue_head(&dsi->irq_wait_queue);
>   
> -	platform_set_drvdata(pdev, dsi);
> -
>   	dsi->bridge.of_node = dev->of_node;
>   	dsi->bridge.type = DRM_MODE_CONNECTOR_DSI;
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ