omap_irq_wait_init() allocates an omap_irq_wait object and initializes its waitqueue and list node immediately. If the allocation fails, the waitqueue initialization dereferences NULL.
Return NULL when the wait object cannot be allocated and make omap_irq_wait() report -ENOMEM if it is asked to wait on a missing object. No wait entry has been installed in that case, so there is nothing to remove from the wait list. Signed-off-by: Ruoyu Wang <[email protected]> --- drivers/gpu/drm/omapdrm/omap_irq.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/drivers/gpu/drm/omapdrm/omap_irq.c b/drivers/gpu/drm/omapdrm/omap_irq.c index d0f895c43ee41..e0fa9617a3d30 100644 --- a/drivers/gpu/drm/omapdrm/omap_irq.c +++ b/drivers/gpu/drm/omapdrm/omap_irq.c @@ -46,6 +46,9 @@ struct omap_irq_wait * omap_irq_wait_init(struct drm_device *dev, struct omap_irq_wait *wait = kzalloc_obj(*wait); unsigned long flags; + if (!wait) + return NULL; + init_waitqueue_head(&wait->wq); wait->irqmask = irqmask; wait->count = count; @@ -65,6 +68,9 @@ int omap_irq_wait(struct drm_device *dev, struct omap_irq_wait *wait, unsigned long flags; int ret; + if (!wait) + return -ENOMEM; + ret = wait_event_timeout(wait->wq, (wait->count <= 0), timeout); spin_lock_irqsave(&priv->wait_lock, flags); -- 2.34.1
