* [PATCH v3 RESEND] drm/mediatek: dsi: Store driver data before invoking mipi_dsi_host_register
@ 2026-03-20 15:37 Luca Leonardo Scorcia
2026-03-21 17:36 ` Claude review: " Claude Code Review Bot
2026-03-21 17:36 ` Claude Code Review Bot
0 siblings, 2 replies; 3+ messages in thread
From: Luca Leonardo Scorcia @ 2026-03-20 15:37 UTC (permalink / raw)
To: dri-devel
Cc: Luca Leonardo Scorcia, AngeloGioacchino Del Regno, CK Hu,
Chun-Kuang Hu, Philipp Zabel, David Airlie, Simona Vetter,
Matthias Brugger, Alexandre Mergnat, linux-mediatek, linux-kernel,
linux-arm-kernel
The call to mipi_dsi_host_register triggers a callback to mtk_dsi_bind,
which uses dev_get_drvdata to retrieve the mtk_dsi struct, so this
structure needs to be stored inside the driver data before invoking it.
As drvdata is currently uninitialized it leads to a crash when
registering the DSI DRM encoder right after acquiring
the mode_config.idr_mutex, blocking all subsequent DRM operations.
Fixes the following crash during mediatek-drm probe (tested on Xiaomi
Smart Clock x04g):
Unable to handle kernel NULL pointer dereference at virtual address
0000000000000040
[...]
Modules linked in: mediatek_drm(+) drm_display_helper cec drm_client_lib
drm_dma_helper drm_kms_helper panel_simple
[...]
Call trace:
drm_mode_object_add+0x58/0x98 (P)
__drm_encoder_init+0x48/0x140
drm_encoder_init+0x6c/0xa0
drm_simple_encoder_init+0x20/0x34 [drm_kms_helper]
mtk_dsi_bind+0x34/0x13c [mediatek_drm]
component_bind_all+0x120/0x280
mtk_drm_bind+0x284/0x67c [mediatek_drm]
try_to_bring_up_aggregate_device+0x23c/0x320
__component_add+0xa4/0x198
component_add+0x14/0x20
mtk_dsi_host_attach+0x78/0x100 [mediatek_drm]
mipi_dsi_attach+0x2c/0x50
panel_simple_dsi_probe+0x4c/0x9c [panel_simple]
mipi_dsi_drv_probe+0x1c/0x28
really_probe+0xc0/0x3dc
__driver_probe_device+0x80/0x160
driver_probe_device+0x40/0x120
__device_attach_driver+0xbc/0x17c
bus_for_each_drv+0x88/0xf0
__device_attach+0x9c/0x1cc
device_initial_probe+0x54/0x60
bus_probe_device+0x34/0xa0
device_add+0x5b0/0x800
mipi_dsi_device_register_full+0xdc/0x16c
mipi_dsi_host_register+0xc4/0x17c
mtk_dsi_probe+0x10c/0x260 [mediatek_drm]
platform_probe+0x5c/0xa4
really_probe+0xc0/0x3dc
__driver_probe_device+0x80/0x160
driver_probe_device+0x40/0x120
__driver_attach+0xc8/0x1f8
bus_for_each_dev+0x7c/0xe0
driver_attach+0x24/0x30
bus_add_driver+0x11c/0x240
driver_register+0x68/0x130
__platform_register_drivers+0x64/0x160
mtk_drm_init+0x24/0x1000 [mediatek_drm]
do_one_initcall+0x60/0x1d0
do_init_module+0x54/0x240
load_module+0x1838/0x1dc0
init_module_from_file+0xd8/0xf0
__arm64_sys_finit_module+0x1b4/0x428
invoke_syscall.constprop.0+0x48/0xc8
do_el0_svc+0x3c/0xb8
el0_svc+0x34/0xe8
el0t_64_sync_handler+0xa0/0xe4
el0t_64_sync+0x198/0x19c
Code: 52800022 941004ab 2a0003f3 37f80040 (29005a80)
---[ end trace 0000000000000000 ]---
Fixes: e4732b590a77 ("drm/mediatek: dsi: Register DSI host after acquiring clocks and PHY")
Signed-off-by: Luca Leonardo Scorcia <l.scorcia@gmail.com>
Reviewed-by: AngeloGioacchino Del Regno <angelogioacchino.delregno@collabora.com>
Reviewed-by: CK Hu <ck.hu@mediatek.com>
---
v3: Also initialize irq_wait_queue before calling platform_set_drvdata
v2: Added Fixes tag
drivers/gpu/drm/mediatek/mtk_dsi.c | 9 +++++----
1 file changed, 5 insertions(+), 4 deletions(-)
diff --git a/drivers/gpu/drm/mediatek/mtk_dsi.c b/drivers/gpu/drm/mediatek/mtk_dsi.c
index d7726091819c..acee2227275b 100644
--- a/drivers/gpu/drm/mediatek/mtk_dsi.c
+++ b/drivers/gpu/drm/mediatek/mtk_dsi.c
@@ -1232,6 +1232,11 @@ static int mtk_dsi_probe(struct platform_device *pdev)
dsi->host.ops = &mtk_dsi_ops;
dsi->host.dev = dev;
+
+ init_waitqueue_head(&dsi->irq_wait_queue);
+
+ platform_set_drvdata(pdev, dsi);
+
ret = mipi_dsi_host_register(&dsi->host);
if (ret < 0)
return dev_err_probe(dev, ret, "Failed to register DSI host\n");
@@ -1243,10 +1248,6 @@ static int mtk_dsi_probe(struct platform_device *pdev)
return dev_err_probe(&pdev->dev, ret, "Failed to request DSI irq\n");
}
- init_waitqueue_head(&dsi->irq_wait_queue);
-
- platform_set_drvdata(pdev, dsi);
-
dsi->bridge.of_node = dev->of_node;
dsi->bridge.type = DRM_MODE_CONNECTOR_DSI;
--
2.43.0
^ permalink raw reply related [flat|nested] 3+ messages in thread
* Claude review: drm/mediatek: dsi: Store driver data before invoking mipi_dsi_host_register
2026-03-20 15:37 [PATCH v3 RESEND] drm/mediatek: dsi: Store driver data before invoking mipi_dsi_host_register Luca Leonardo Scorcia
@ 2026-03-21 17:36 ` Claude Code Review Bot
2026-03-21 17:36 ` Claude Code Review Bot
1 sibling, 0 replies; 3+ messages in thread
From: Claude Code Review Bot @ 2026-03-21 17:36 UTC (permalink / raw)
To: dri-devel-reviews
Overall Series Review
Subject: drm/mediatek: dsi: Store driver data before invoking mipi_dsi_host_register
Author: Luca Leonardo Scorcia <l.scorcia@gmail.com>
Patches: 1
Reviewed: 2026-03-22T03:36:31.537150
---
This is a single-patch fix for a real NULL pointer dereference crash in the MediaTek DSI driver during probe. The analysis is correct and the fix is straightforward. The commit `e4732b590a77` moved `mipi_dsi_host_register` earlier in the probe sequence but left `platform_set_drvdata` after it, causing `dev_get_drvdata` in the `mtk_dsi_bind` callback path to return NULL.
The patch is well-motivated with a clear crash trace, has already been reviewed by the MediaTek DRM maintainers (CK Hu) and Collabora's Angelo Del Regno, and is on its v3 iteration.
**Verdict: Looks good. Ready to merge.**
---
Generated by Claude Code Patch Reviewer
^ permalink raw reply [flat|nested] 3+ messages in thread
* Claude review: drm/mediatek: dsi: Store driver data before invoking mipi_dsi_host_register
2026-03-20 15:37 [PATCH v3 RESEND] drm/mediatek: dsi: Store driver data before invoking mipi_dsi_host_register Luca Leonardo Scorcia
2026-03-21 17:36 ` Claude review: " Claude Code Review Bot
@ 2026-03-21 17:36 ` Claude Code Review Bot
1 sibling, 0 replies; 3+ messages in thread
From: Claude Code Review Bot @ 2026-03-21 17:36 UTC (permalink / raw)
To: dri-devel-reviews
Patch Review
**Problem analysis:** Correct. The call chain is:
`mipi_dsi_host_register` → `panel_simple_dsi_probe` → `mipi_dsi_attach` → `mtk_dsi_host_attach` → `component_add` → `mtk_dsi_bind` → `dev_get_drvdata` (returns NULL) → crash in `drm_simple_encoder_init`.
**Fix correctness:**
1. **Moving `platform_set_drvdata(pdev, dsi)` before `mipi_dsi_host_register`** — correct and necessary. This is the core fix.
2. **Moving `init_waitqueue_head(&dsi->irq_wait_queue)` before `mipi_dsi_host_register`** — also correct. Since the bind path can now execute during `mipi_dsi_host_register`, and the IRQ handler (`mtk_dsi_irq`) uses `dsi->irq_wait_queue` via `wake_up_interruptible`, the waitqueue must be initialized before any code path could potentially trigger it. While the IRQ is requested *after* `mipi_dsi_host_register`, initializing the waitqueue early is defensive and costs nothing.
3. **Error path consideration:** After this patch, if `mipi_dsi_host_register` fails, `platform_set_drvdata` will have been called but the function returns an error and the device will be torn down by devm, so no issue. If `devm_request_irq` fails, the existing cleanup (`mipi_dsi_host_unregister`) is still correct — `drvdata` being set is harmless.
**No issues found.** The Fixes tag correctly references the commit that introduced the regression. The patch is minimal and focused.
---
Generated by Claude Code Patch Reviewer
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2026-03-21 17:36 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2026-03-20 15:37 [PATCH v3 RESEND] drm/mediatek: dsi: Store driver data before invoking mipi_dsi_host_register Luca Leonardo Scorcia
2026-03-21 17:36 ` Claude review: " Claude Code Review Bot
2026-03-21 17:36 ` Claude Code Review Bot
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox