From: Daniel Vetter <daniel.vetter@ffwll.ch>
Date: Fri, 14 Feb 2014 15:35:54 +0000 (+0100)
Subject: drm/i915: fix NULL deref in the load detect code
X-Git-Tag: v3.15-rc1~51^2~59^2
X-Git-Url: https://asedeno.scripts.mit.edu/gitweb/?a=commitdiff_plain;h=4c0e552882114d1edb588242d45035246ab078a0;p=linux.git

drm/i915: fix NULL deref in the load detect code

Looks like I've missed one of the potential NULL deref bugs in Jesse's
fbdev->fb embedded struct to pointer conversions. Fix it up.

This regression has been introduced in

commit 8bcd45534ddf68ab71aeed709dacd9cf65dc0f75
Author: Jesse Barnes <jbarnes@virtuousgeek.org>
Date:   Fri Feb 7 12:10:38 2014 -0800

    drm/i915: alloc intel_fb in the intel_fbdev struct

Cc: Jesse Barnes <jbarnes@virtuousgeek.org>
Reviewed-by: Jesse Barnes <jbarnes@virtuousgeek.org>
Signed-off-by: Daniel Vetter <daniel.vetter@ffwll.ch>
---

diff --git a/drivers/gpu/drm/i915/intel_display.c b/drivers/gpu/drm/i915/intel_display.c
index fd860077d0fe..e0b7d06687f7 100644
--- a/drivers/gpu/drm/i915/intel_display.c
+++ b/drivers/gpu/drm/i915/intel_display.c
@@ -7754,13 +7754,15 @@ mode_fits_in_fbdev(struct drm_device *dev,
 	struct drm_i915_gem_object *obj;
 	struct drm_framebuffer *fb;
 
-	if (dev_priv->fbdev == NULL)
+	if (!dev_priv->fbdev)
 		return NULL;
 
-	obj = dev_priv->fbdev->fb->obj;
-	if (obj == NULL)
+	if (!dev_priv->fbdev->fb)
 		return NULL;
 
+	obj = dev_priv->fbdev->fb->obj;
+	BUG_ON(!obj);
+
 	fb = &dev_priv->fbdev->fb->base;
 	if (fb->pitches[0] < intel_framebuffer_pitch_for_width(mode->hdisplay,
 							       fb->bits_per_pixel))