From 66cc998fcfe01db4376f8706b6dc5825030cd372 Mon Sep 17 00:00:00 2001 From: Andy Yan Date: Tue, 17 Jun 2025 17:46:08 +0800 Subject: [PATCH] drm/rockchip: vop2: Fix vcstate for splice vp The vcstate for the splice vp may be NULL if this vp not registered as a crtc, this may trigger a null pointer access in the 8K mode: [ 84.267856] Unable to handle kernel NULL pointer dereference at virtual address 0000000000000040 [ 84.344984] Mem abort info: [ 84.347778] ESR = 0x0000000096000005 [ 84.392721] Internal error: Oops: 0000000096000005 [#1] SMP [ 84.398289] Modules linked in: [ 84.401347] CPU: 6 PID: 779 Comm: weston Not tainted 6.1.99 #21 [ 84.407263] Hardware name: IP11HH-8K-104 V0.4 (DT) [ 84.412048] pstate: 60400009 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 84.419005] pc : vop2_setup_dly_for_vp+0x1c/0x270 [ 84.423705] lr : vop2_crtc_atomic_begin+0xe90/0x2bb0 [ 84.428667] sp : ffffffc00c8db850 [ 84.431974] x29: ffffffc00c8db850 x28: 0000000000000001 x27:0000000000000000 [ 84.439101] x26: ffffff8005960080 x25: ffffff8006ae9600 x24:ffffff8005961458 [ 84.446226] x23: ffffffc009842850 x22: ffffff80059600f8 x21:ffffffc009823410 [ 84.453355] x20: ffffff8006ae9500 x19: ffffff8002054800 x18:0000000000000030 [ 84.460485] x17: 393431313a632e32 x16: 706f765f6d72645f x15:ffffffffffffffff [ 84.467614] x14: 0000000000000000 x13: 30393431313a632e x12:32706f765f6d7264 [ 84.474738] x11: 5f706968636b636f x10: ffffffc00a2438d8 x9 :ffffffc008813420 [ 84.481865] x8 : 0000000000000000 x7 : ffffffc00a2438d8 x6 :ffffff8005960080 [ 84.488989] x5 : 0000000000017ff4 x4 : ffffffc009418f68 x3 :0000000000000000 [ 84.496118] x2 : 0000000000000001 x1 : ffffff80072cd280 x0 :ffffff8005961458 [ 84.503246] Call trace: [ 84.505693] vop2_setup_dly_for_vp+0x1c/0x270 [ 84.510051] drm_atomic_helper_commit_planes+0x80/0x210 [ 84.515274] rockchip_drm_atomic_helper_commit_tail_rpm+0x19c/0x2fc [ 84.521540] commit_tail+0xa4/0x180 [ 84.525022] drm_atomic_helper_commit+0x16c/0x190 [ 84.529725] drm_atomic_commit+0xac/0xe0 [ 84.533652] drm_atomic_helper_set_config+0xd8/0x110 [ 84.538609] drm_mode_setcrtc+0x1b4/0x690 [ 84.542617] drm_ioctl_kernel+0xb4/0x100 [ 84.546542] drm_ioctl+0x208/0x440 [ 84.549947] __arm64_sys_ioctl+0xb4/0xdc [ 84.553869] invoke_syscall+0x4c/0x114 [ 84.557617] el0_svc_common.constprop.0+0x54/0x180 [ 84.562407] do_el0_svc+0x20/0x2c [ 84.565724] el0_svc+0x14/0x80 [ 84.568784] el0t_64_sync_handler+0xb0/0xb4 [ 84.572961] el0t_64_sync+0x158/0x15c Change-Id: Ic654f121cc180fb3f57834774eca856c3b87ecc1 Signed-off-by: Andy Yan --- drivers/gpu/drm/rockchip/rockchip_drm_vop2.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/drivers/gpu/drm/rockchip/rockchip_drm_vop2.c b/drivers/gpu/drm/rockchip/rockchip_drm_vop2.c index 96fccea8e2ca..35451b2fbf9a 100644 --- a/drivers/gpu/drm/rockchip/rockchip_drm_vop2.c +++ b/drivers/gpu/drm/rockchip/rockchip_drm_vop2.c @@ -12104,9 +12104,9 @@ static void vop2_setup_dly_for_vp(struct vop2_video_port *vp) struct drm_crtc *crtc = &vp->rockchip_crtc.crtc; struct rockchip_crtc_state *vcstate = to_rockchip_crtc_state(crtc->state); struct drm_display_mode *adjusted_mode = &crtc->state->adjusted_mode; - u16 hsync_len = adjusted_mode->crtc_hsync_end - adjusted_mode->crtc_hsync_start; - u16 hdisplay = adjusted_mode->crtc_hdisplay; u32 bg_dly = vp_data->pre_scan_max_dly[0]; + u16 hsync_len; + u16 hdisplay; u32 pre_scan_dly; if (vp_data->hdr_table) { @@ -12131,9 +12131,9 @@ static void vop2_setup_dly_for_vp(struct vop2_video_port *vp) if (vp->splice_mode_right) { vcstate = to_rockchip_crtc_state(left_vp->rockchip_crtc.crtc.state); adjusted_mode = &left_vp->rockchip_crtc.crtc.state->adjusted_mode; - hsync_len = adjusted_mode->crtc_hsync_end - adjusted_mode->crtc_hsync_start; - hdisplay = adjusted_mode->crtc_hdisplay; } + hsync_len = adjusted_mode->crtc_hsync_end - adjusted_mode->crtc_hsync_start; + hdisplay = adjusted_mode->crtc_hdisplay; /* * splice mode: hdisplay must roundup as 4 pixel,