[PATCH 6.1/6.6] drm/amd/display: Add null check for head_pipe in dcn32_acquire_idle_pipe_for_head_pipe_in_layer
From: Srinivasan Shanmugam srinivasan.shanmugam@amd.com
commit ac2140449184a26eac99585b7f69814bd3ba8f2d upstream.
This commit addresses a potential null pointer dereference issue in the `dcn32_acquire_idle_pipe_for_head_pipe_in_layer` function. The issue could occur when `head_pipe` is null.
The fix adds a check to ensure `head_pipe` is not null before asserting it. If `head_pipe` is null, the function returns NULL to prevent a potential null pointer dereference.
Reported by smatch: drivers/gpu/drm/amd/amdgpu/../display/dc/resource/dcn32/dcn32_resource.c:2690 dcn32_acquire_idle_pipe_for_head_pipe_in_layer() error: we previously assumed 'head_pipe' could be null (see line 2681)
Cc: Tom Chung chiahsuan.chung@amd.com Cc: Rodrigo Siqueira Rodrigo.Siqueira@amd.com Cc: Roman Li roman.li@amd.com Cc: Alex Hung alex.hung@amd.com Cc: Aurabindo Pillai aurabindo.pillai@amd.com Cc: Harry Wentland harry.wentland@amd.com Cc: Hamza Mahfooz hamza.mahfooz@amd.com Signed-off-by: Srinivasan Shanmugam srinivasan.shanmugam@amd.com Reviewed-by: Tom Chung chiahsuan.chung@amd.com Signed-off-by: Alex Deucher alexander.deucher@amd.com [ Daniil: dcn32 was moved from drivers/gpu/drm/amd/display/dc to drivers/gpu/drm/amd/display/dc/resource since commit 8b8eed05a1c6 ("drm/amd/display: Refactor resource into component directory"). The path is changed accordingly to apply the patch on 6.1.y. and 6.6.y ] Signed-off-by: Daniil Dulov d.dulov@aladdin.ru --- Backport fix for CVE-2024-49918 drivers/gpu/drm/amd/display/dc/dcn32/dcn32_resource.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/drivers/gpu/drm/amd/display/dc/dcn32/dcn32_resource.c b/drivers/gpu/drm/amd/display/dc/dcn32/dcn32_resource.c index 1b1534ffee9f..591c3166a468 100644 --- a/drivers/gpu/drm/amd/display/dc/dcn32/dcn32_resource.c +++ b/drivers/gpu/drm/amd/display/dc/dcn32/dcn32_resource.c @@ -2563,8 +2563,10 @@ struct pipe_ctx *dcn32_acquire_idle_pipe_for_head_pipe_in_layer( struct resource_context *old_ctx = &stream->ctx->dc->current_state->res_ctx; int head_index;
- if (!head_pipe) + if (!head_pipe) { ASSERT(0); + return NULL; + }
/* * Modified from dcn20_acquire_idle_pipe_for_layer
[ Sasha's backport helper bot ]
Hi,
✅ All tests passed successfully. No issues detected. No action required from the submitter.
The upstream commit SHA1 provided is correct: ac2140449184a26eac99585b7f69814bd3ba8f2d
WARNING: Author mismatch between patch and upstream commit: Backport author: Daniil Dulov d.dulov@aladdin.ru Commit author: Srinivasan Shanmugam srinivasan.shanmugam@amd.com
Status in newer kernel trees: 6.15.y | Present (exact SHA1) 6.12.y | Present (exact SHA1)
Note: The patch differs from the upstream commit: --- 1: ac2140449184 ! 1: 7a19ddcf0b97 drm/amd/display: Add null check for head_pipe in dcn32_acquire_idle_pipe_for_head_pipe_in_layer @@ Metadata ## Commit message ## drm/amd/display: Add null check for head_pipe in dcn32_acquire_idle_pipe_for_head_pipe_in_layer
+ commit ac2140449184a26eac99585b7f69814bd3ba8f2d upstream. + This commit addresses a potential null pointer dereference issue in the `dcn32_acquire_idle_pipe_for_head_pipe_in_layer` function. The issue could occur when `head_pipe` is null. @@ Commit message Signed-off-by: Srinivasan Shanmugam srinivasan.shanmugam@amd.com Reviewed-by: Tom Chung chiahsuan.chung@amd.com Signed-off-by: Alex Deucher alexander.deucher@amd.com + [ Daniil: dcn32 was moved from drivers/gpu/drm/amd/display/dc to + drivers/gpu/drm/amd/display/dc/resource since commit + 8b8eed05a1c6 ("drm/amd/display: Refactor resource into component directory"). + The path is changed accordingly to apply the patch on 6.1.y. and 6.6.y ] + Signed-off-by: Daniil Dulov d.dulov@aladdin.ru
- ## drivers/gpu/drm/amd/display/dc/resource/dcn32/dcn32_resource.c ## -@@ drivers/gpu/drm/amd/display/dc/resource/dcn32/dcn32_resource.c: static struct pipe_ctx *dcn32_acquire_idle_pipe_for_head_pipe_in_layer( + ## drivers/gpu/drm/amd/display/dc/dcn32/dcn32_resource.c ## +@@ drivers/gpu/drm/amd/display/dc/dcn32/dcn32_resource.c: static struct pipe_ctx *dcn32_acquire_idle_pipe_for_head_pipe_in_layer( struct resource_context *old_ctx = &stream->ctx->dc->current_state->res_ctx; int head_index;
---
Results of testing on various branches:
| Branch | Patch Apply | Build Test | |---------------------------|-------------|------------| | origin/linux-6.1.y | Success | Success | | origin/linux-6.6.y | Success | Success |
linux-stable-mirror@lists.linaro.org
-
Daniil Dulov -
Sasha Levin