From: sashiko-bot@kernel.org
To: "Wentao Liang" <vulab@iscas.ac.cn>
Cc: dri-devel@lists.freedesktop.org
Subject: Re: [PATCH] drm/amd/display: fix refcount leak in detect_link_and_local_sink()
Date: Sat, 06 Jun 2026 09:22:35 +0000 [thread overview]
Message-ID: <20260606092235.DBF411F00893@smtp.kernel.org> (raw)
In-Reply-To: <20260606091731.21183-1-vulab@iscas.ac.cn>
Thank you for your contribution! Sashiko AI review found 1 potential issue(s) to consider:
- [High] The patch introduces a NULL pointer dereference by calling `dc_sink_release(prev_sink)` without checking if `prev_sink` is NULL when DP alt mode times out.
--
commit 341dc989b4f07001883ab7ee04e6a4e4cda21615
Author: Wentao Liang <vulab@iscas.ac.cn>
drm/amd/display: fix refcount leak in detect_link_and_local_sink()
Fix a refcount leak by releasing prev_sink on the DP alt mode timeout path
in detect_link_and_local_sink().
> diff --git a/drivers/gpu/drm/amd/display/dc/link/link_detection.c b/drivers/gpu/drm/amd/display/dc/link/link_detection.c
> index a3212fd151d16..0d1352bf1da29 100644
> --- a/drivers/gpu/drm/amd/display/dc/link/link_detection.c
> +++ b/drivers/gpu/drm/amd/display/dc/link/link_detection.c
> @@ -1164,8 +1164,10 @@ static bool detect_link_and_local_sink(struct dc_link *link,
> link->link_enc->features.flags.bits.DP_IS_USB_C == 1) {
>
> /* if alt mode times out, return false */
> - if (!wait_for_entering_dp_alt_mode(link))
> + if (!wait_for_entering_dp_alt_mode(link)) {
> + dc_sink_release(prev_sink);
[Severity: High]
Does this code introduce a NULL pointer dereference?
Earlier in detect_link_and_local_sink(), prev_sink is initialized from
link->local_sink, which can be NULL if no display was previously connected.
The other error paths in this function check if (prev_sink) before calling
dc_sink_release().
If prev_sink is NULL, calling dc_sink_release() will crash because it directly
dereferences the sink pointer:
drivers/gpu/drm/amd/display/dc/core/dc_sink.c:dc_sink_release() {
kref_put(&sink->refcount, dc_sink_free);
}
> return false;
> + }
> }
>
> if (!detect_dp(link, &sink_caps, reason)) {
--
Sashiko AI review · https://sashiko.dev/#/patchset/20260606091731.21183-1-vulab@iscas.ac.cn?part=1
prev parent reply other threads:[~2026-06-06 9:22 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-06-06 9:17 [PATCH] drm/amd/display: fix refcount leak in detect_link_and_local_sink() Wentao Liang
2026-06-06 9:22 ` sashiko-bot [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260606092235.DBF411F00893@smtp.kernel.org \
--to=sashiko-bot@kernel.org \
--cc=dri-devel@lists.freedesktop.org \
--cc=sashiko-reviews@lists.linux.dev \
--cc=vulab@iscas.ac.cn \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.