[PATCH 2/3] drm/display/dp_mst: Fix drm_atomic_get_mst_topology_state()

public inbox for linux-kernel@vger.kernel.org
 help / color / mirror / Atom feed

From: Lyude Paul <lyude@redhat.com>
To: dri-devel@lists.freedesktop.org
Cc: "Ville Syrjälä" <ville.syrjala@linux.intel.com>,
	stable@vger.kernel.org, "David Airlie" <airlied@linux.ie>,
	"Daniel Vetter" <daniel@ffwll.ch>,
	"Thomas Zimmermann" <tzimmermann@suse.de>,
	"Jani Nikula" <jani.nikula@intel.com>,
	"Wayne Lin" <Wayne.Lin@amd.com>,
	"Bhawanpreet Lakha" <Bhawanpreet.Lakha@amd.com>,
	"Imran Khan" <imran.f.khan@oracle.com>,
	"Javier Martinez Canillas" <javierm@redhat.com>,
	"Fangzhi Zuo" <Jerry.Zuo@amd.com>,
	linux-kernel@vger.kernel.org (open list)
Subject: [PATCH 2/3] drm/display/dp_mst: Fix drm_atomic_get_mst_topology_state()
Date: Thu,  2 Jun 2022 16:17:56 -0400	[thread overview]
Message-ID: <20220602201757.30431-3-lyude@redhat.com> (raw)
In-Reply-To: <20220602201757.30431-1-lyude@redhat.com>

I noticed a rather surprising issue here while working on removing all of
the non-atomic MST code: drm_atomic_get_mst_topology_state() doesn't check
the return value of drm_atomic_get_private_obj_state() and instead just
passes it directly to to_dp_mst_topology_state(). This means that if we
hit a deadlock or something else which would return an error code pointer,
we'll likely segfault the kernel.

This is definitely another one of those fixes where I'm astonished we
somehow managed never to discover this issue until now…

Signed-off-by: Lyude Paul <lyude@redhat.com>
Fixes: a4370c777406 ("drm/atomic: Make private objs proper objects")
Cc: Ville Syrjälä <ville.syrjala@linux.intel.com>
Cc: <stable@vger.kernel.org> # v4.14+
---
 drivers/gpu/drm/display/drm_dp_mst_topology.c | 2 +-
 include/drm/display/drm_dp_mst_helper.h       | 2 ++
 2 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/drivers/gpu/drm/display/drm_dp_mst_topology.c b/drivers/gpu/drm/display/drm_dp_mst_topology.c
index d84673b3294b..d6e595b95f07 100644
--- a/drivers/gpu/drm/display/drm_dp_mst_topology.c
+++ b/drivers/gpu/drm/display/drm_dp_mst_topology.c
@@ -5468,7 +5468,7 @@ EXPORT_SYMBOL(drm_dp_mst_topology_state_funcs);
 struct drm_dp_mst_topology_state *drm_atomic_get_mst_topology_state(struct drm_atomic_state *state,
 								    struct drm_dp_mst_topology_mgr *mgr)
 {
-	return to_dp_mst_topology_state(drm_atomic_get_private_obj_state(state, &mgr->base));
+	return to_dp_mst_topology_state_safe(drm_atomic_get_private_obj_state(state, &mgr->base));
 }
 EXPORT_SYMBOL(drm_atomic_get_mst_topology_state);
 
diff --git a/include/drm/display/drm_dp_mst_helper.h b/include/drm/display/drm_dp_mst_helper.h
index 10adec068b7f..fe7577e7f305 100644
--- a/include/drm/display/drm_dp_mst_helper.h
+++ b/include/drm/display/drm_dp_mst_helper.h
@@ -541,6 +541,8 @@ struct drm_dp_payload {
 };
 
 #define to_dp_mst_topology_state(x) container_of(x, struct drm_dp_mst_topology_state, base)
+#define to_dp_mst_topology_state_safe(x) \
+	container_of_safe(x, struct drm_dp_mst_topology_state, base)
 
 struct drm_dp_vcpi_allocation {
 	struct drm_dp_mst_port *port;
-- 
2.35.3

next prev parent reply	other threads:[~2022-06-02 20:18 UTC|newest]

Thread overview: 8+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
     [not found] <20220602201757.30431-1-lyude@redhat.com>
2022-06-02 20:17 ` [PATCH 1/3] drm/display/dp_mst: Don't validate port refs in drm_dp_check_and_send_link_address() Lyude Paul
2022-06-13  9:54   ` Lin, Wayne
2022-06-02 20:17 ` Lyude Paul [this message]
2022-06-02 20:42   ` [PATCH 2/3] drm/display/dp_mst: Fix drm_atomic_get_mst_topology_state() Ville Syrjälä
2022-06-02 20:43     ` Lyude Paul
2022-06-02 20:17 ` [PATCH 3/3] drm/dp_mst: Get rid of old comment in drm_atomic_get_mst_topology_state docs Lyude Paul
2022-06-13  9:59   ` Lin, Wayne
2022-06-21 19:37     ` Lyude Paul

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:d84673b3294 dfblob:d6e595b95f0 dfblob:10adec068b7
dfblob:fe7577e7f30 )
 OR (
bs:"[PATCH 2/3] drm/display/dp_mst: Fix drm_atomic_get_mst_topology_state()" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20220602201757.30431-3-lyude@redhat.com \
    --to=lyude@redhat.com \
    --cc=Bhawanpreet.Lakha@amd.com \
    --cc=Jerry.Zuo@amd.com \
    --cc=Wayne.Lin@amd.com \
    --cc=airlied@linux.ie \
    --cc=daniel@ffwll.ch \
    --cc=dri-devel@lists.freedesktop.org \
    --cc=imran.f.khan@oracle.com \
    --cc=jani.nikula@intel.com \
    --cc=javierm@redhat.com \
    --cc=linux-kernel@vger.kernel.org \
    --cc=stable@vger.kernel.org \
    --cc=tzimmermann@suse.de \
    --cc=ville.syrjala@linux.intel.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox