[PATCH 6.1/6.6] drm/amd/display: Add NULL check for clk_mgr and clk_mgr->funcs in dcn30_init_hw
From: Srinivasan Shanmugam srinivasan.shanmugam@amd.com
[ Upstream commit cba7fec864172dadd953daefdd26e01742b71a6a ]
This commit addresses a potential null pointer dereference issue in the `dcn30_init_hw` function. The issue could occur when `dc->clk_mgr` or `dc->clk_mgr->funcs` is null.
The fix adds a check to ensure `dc->clk_mgr` and `dc->clk_mgr->funcs` is not null before accessing its functions. This prevents a potential null pointer dereference.
Reported by smatch: drivers/gpu/drm/amd/amdgpu/../display/dc/hwss/dcn30/dcn30_hwseq.c:789 dcn30_init_hw() error: we previously assumed 'dc->clk_mgr' could be null (see line 628)
Cc: Tom Chung chiahsuan.chung@amd.com Cc: Rodrigo Siqueira Rodrigo.Siqueira@amd.com Cc: Roman Li roman.li@amd.com Cc: Alex Hung alex.hung@amd.com Cc: Aurabindo Pillai aurabindo.pillai@amd.com Cc: Harry Wentland harry.wentland@amd.com Cc: Hamza Mahfooz hamza.mahfooz@amd.com Signed-off-by: Srinivasan Shanmugam srinivasan.shanmugam@amd.com Reviewed-by: Alex Hung alex.hung@amd.com Signed-off-by: Alex Deucher alexander.deucher@amd.com Signed-off-by: Sasha Levin sashal@kernel.org [Xiangyu: BP to fix CVE: CVE-2024-49917, modified the source path] Signed-off-by: Xiangyu Chen xiangyu.chen@windriver.com --- drivers/gpu/drm/amd/display/dc/dcn30/dcn30_hwseq.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-)
diff --git a/drivers/gpu/drm/amd/display/dc/dcn30/dcn30_hwseq.c b/drivers/gpu/drm/amd/display/dc/dcn30/dcn30_hwseq.c index ba4a1e7f196d..b8653bdfc40f 100644 --- a/drivers/gpu/drm/amd/display/dc/dcn30/dcn30_hwseq.c +++ b/drivers/gpu/drm/amd/display/dc/dcn30/dcn30_hwseq.c @@ -440,7 +440,7 @@ void dcn30_init_hw(struct dc *dc) int edp_num; uint32_t backlight = MAX_BACKLIGHT_LEVEL;
- if (dc->clk_mgr && dc->clk_mgr->funcs->init_clocks) + if (dc->clk_mgr && dc->clk_mgr->funcs && dc->clk_mgr->funcs->init_clocks) dc->clk_mgr->funcs->init_clocks(dc->clk_mgr);
// Initialize the dccg @@ -599,11 +599,12 @@ void dcn30_init_hw(struct dc *dc) if (!dcb->funcs->is_accelerated_mode(dcb) && dc->res_pool->hubbub->funcs->init_watermarks) dc->res_pool->hubbub->funcs->init_watermarks(dc->res_pool->hubbub);
- if (dc->clk_mgr->funcs->notify_wm_ranges) + if (dc->clk_mgr && dc->clk_mgr->funcs && dc->clk_mgr->funcs->notify_wm_ranges) dc->clk_mgr->funcs->notify_wm_ranges(dc->clk_mgr);
//if softmax is enabled then hardmax will be set by a different call - if (dc->clk_mgr->funcs->set_hard_max_memclk && !dc->clk_mgr->dc_mode_softmax_enabled) + if (dc->clk_mgr && dc->clk_mgr->funcs && dc->clk_mgr->funcs->set_hard_max_memclk && + !dc->clk_mgr->dc_mode_softmax_enabled) dc->clk_mgr->funcs->set_hard_max_memclk(dc->clk_mgr);
if (dc->res_pool->hubbub->funcs->force_pstate_change_control)
[ Sasha's backport helper bot ]
Hi,
The upstream commit SHA1 provided is correct: cba7fec864172dadd953daefdd26e01742b71a6a
WARNING: Author mismatch between patch and upstream commit: Backport author: Xiangyu Chen xiangyu.chen@eng.windriver.com Commit author: Srinivasan Shanmugam srinivasan.shanmugam@amd.com
Status in newer kernel trees: 6.12.y | Present (exact SHA1) 6.11.y | Present (different SHA1: 56c326577971) 6.6.y | Not found
Note: The patch differs from the upstream commit: --- --- - 2024-11-27 07:49:27.263865735 -0500 +++ /tmp/tmp.eIVvb9BFuT 2024-11-27 07:49:27.254520787 -0500 @@ -1,3 +1,5 @@ +[ Upstream commit cba7fec864172dadd953daefdd26e01742b71a6a ] + This commit addresses a potential null pointer dereference issue in the `dcn30_init_hw` function. The issue could occur when `dc->clk_mgr` or `dc->clk_mgr->funcs` is null. @@ -19,24 +21,27 @@ Signed-off-by: Srinivasan Shanmugam srinivasan.shanmugam@amd.com Reviewed-by: Alex Hung alex.hung@amd.com Signed-off-by: Alex Deucher alexander.deucher@amd.com +Signed-off-by: Sasha Levin sashal@kernel.org +[Xiangyu: BP to fix CVE: CVE-2024-49917, modified the source path] +Signed-off-by: Xiangyu Chen xiangyu.chen@windriver.com --- - drivers/gpu/drm/amd/display/dc/hwss/dcn30/dcn30_hwseq.c | 7 ++++--- + drivers/gpu/drm/amd/display/dc/dcn30/dcn30_hwseq.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-)
-diff --git a/drivers/gpu/drm/amd/display/dc/hwss/dcn30/dcn30_hwseq.c b/drivers/gpu/drm/amd/display/dc/hwss/dcn30/dcn30_hwseq.c -index fc5936460ac26..98a40d46aaaec 100644 ---- a/drivers/gpu/drm/amd/display/dc/hwss/dcn30/dcn30_hwseq.c -+++ b/drivers/gpu/drm/amd/display/dc/hwss/dcn30/dcn30_hwseq.c -@@ -625,7 +625,7 @@ void dcn30_init_hw(struct dc *dc) +diff --git a/drivers/gpu/drm/amd/display/dc/dcn30/dcn30_hwseq.c b/drivers/gpu/drm/amd/display/dc/dcn30/dcn30_hwseq.c +index ba4a1e7f196d..b8653bdfc40f 100644 +--- a/drivers/gpu/drm/amd/display/dc/dcn30/dcn30_hwseq.c ++++ b/drivers/gpu/drm/amd/display/dc/dcn30/dcn30_hwseq.c +@@ -440,7 +440,7 @@ void dcn30_init_hw(struct dc *dc) + int edp_num; uint32_t backlight = MAX_BACKLIGHT_LEVEL; - uint32_t user_level = MAX_BACKLIGHT_LEVEL;
- if (dc->clk_mgr && dc->clk_mgr->funcs->init_clocks) + if (dc->clk_mgr && dc->clk_mgr->funcs && dc->clk_mgr->funcs->init_clocks) dc->clk_mgr->funcs->init_clocks(dc->clk_mgr);
// Initialize the dccg -@@ -786,11 +786,12 @@ void dcn30_init_hw(struct dc *dc) +@@ -599,11 +599,12 @@ void dcn30_init_hw(struct dc *dc) if (!dcb->funcs->is_accelerated_mode(dcb) && dc->res_pool->hubbub->funcs->init_watermarks) dc->res_pool->hubbub->funcs->init_watermarks(dc->res_pool->hubbub);
@@ -51,3 +56,6 @@ dc->clk_mgr->funcs->set_hard_max_memclk(dc->clk_mgr);
if (dc->res_pool->hubbub->funcs->force_pstate_change_control) +-- +2.25.1 + ---
Results of testing on various branches:
| Branch | Patch Apply | Build Test | |---------------------------|-------------|------------| | stable/linux-6.6.y | Success | Success | | stable/linux-6.1.y | Success | Success |
linux-stable-mirror@lists.linaro.org
-
Sasha Levin -
Xiangyu Chen