[PATCH AUTOSEL 6.1 08/17] drm/amd/display: Add NULL check for 'afb' before dereferencing in amdgpu_dm_plane_handle_cursor_update

public inbox for linux-kernel@vger.kernel.org
 help / color / mirror / Atom feed

From: Sasha Levin <sashal@kernel.org>
To: linux-kernel@vger.kernel.org, stable@vger.kernel.org
Cc: Srinivasan Shanmugam <srinivasan.shanmugam@amd.com>,
	Tom Chung <chiahsuan.chung@amd.com>,
	Rodrigo Siqueira <Rodrigo.Siqueira@amd.com>,
	Roman Li <roman.li@amd.com>, Hersen Wu <hersenxs.wu@amd.com>,
	Alex Hung <alex.hung@amd.com>,
	Aurabindo Pillai <aurabindo.pillai@amd.com>,
	Harry Wentland <harry.wentland@amd.com>,
	Alex Deucher <alexander.deucher@amd.com>,
	Sasha Levin <sashal@kernel.org>,
	sunpeng.li@amd.com, christian.koenig@amd.com, Xinhui.Pan@amd.com,
	airlied@gmail.com, daniel@ffwll.ch, mwen@igalia.com,
	joshua@froggi.es, hamza.mahfooz@amd.com, Nicholas.Choi@amd.com,
	Qingqing.Zhuo@amd.com, amd-gfx@lists.freedesktop.org,
	dri-devel@lists.freedesktop.org
Subject: [PATCH AUTOSEL 6.1 08/17] drm/amd/display: Add NULL check for 'afb' before dereferencing in amdgpu_dm_plane_handle_cursor_update
Date: Sun, 28 Jul 2024 11:47:18 -0400	[thread overview]
Message-ID: <20240728154805.2049226-8-sashal@kernel.org> (raw)
In-Reply-To: <20240728154805.2049226-1-sashal@kernel.org>

From: Srinivasan Shanmugam <srinivasan.shanmugam@amd.com>

[ Upstream commit 38e6f715b02b572f74677eb2f29d3b4bc6f1ddff ]

This commit adds a null check for the 'afb' variable in the
amdgpu_dm_plane_handle_cursor_update function. Previously, 'afb' was
assumed to be null, but was used later in the code without a null check.
This could potentially lead to a null pointer dereference.

Fixes the below:
drivers/gpu/drm/amd/amdgpu/../display/amdgpu_dm/amdgpu_dm_plane.c:1298 amdgpu_dm_plane_handle_cursor_update() error: we previously assumed 'afb' could be null (see line 1252)

Cc: Tom Chung <chiahsuan.chung@amd.com>
Cc: Rodrigo Siqueira <Rodrigo.Siqueira@amd.com>
Cc: Roman Li <roman.li@amd.com>
Cc: Hersen Wu <hersenxs.wu@amd.com>
Cc: Alex Hung <alex.hung@amd.com>
Cc: Aurabindo Pillai <aurabindo.pillai@amd.com>
Cc: Harry Wentland <harry.wentland@amd.com>
Signed-off-by: Srinivasan Shanmugam <srinivasan.shanmugam@amd.com>
Reviewed-by: Harry Wentland <harry.wentland@amd.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 .../drm/amd/display/amdgpu_dm/amdgpu_dm_plane.c  | 16 ++++++++++++----
 1 file changed, 12 insertions(+), 4 deletions(-)

diff --git a/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_plane.c b/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_plane.c
index cd6e99cf74a06..984a5affc5af1 100644
--- a/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_plane.c
+++ b/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_plane.c
@@ -1225,14 +1225,22 @@ void handle_cursor_update(struct drm_plane *plane,
 {
 	struct amdgpu_device *adev = drm_to_adev(plane->dev);
 	struct amdgpu_framebuffer *afb = to_amdgpu_framebuffer(plane->state->fb);
-	struct drm_crtc *crtc = afb ? plane->state->crtc : old_plane_state->crtc;
-	struct dm_crtc_state *crtc_state = crtc ? to_dm_crtc_state(crtc->state) : NULL;
-	struct amdgpu_crtc *amdgpu_crtc = to_amdgpu_crtc(crtc);
-	uint64_t address = afb ? afb->address : 0;
+	struct drm_crtc *crtc;
+	struct dm_crtc_state *crtc_state;
+	struct amdgpu_crtc *amdgpu_crtc;
+	u64 address;
 	struct dc_cursor_position position = {0};
 	struct dc_cursor_attributes attributes;
 	int ret;
 
+	if (!afb)
+		return;
+
+	crtc = plane->state->crtc ? plane->state->crtc : old_plane_state->crtc;
+	crtc_state = crtc ? to_dm_crtc_state(crtc->state) : NULL;
+	amdgpu_crtc = to_amdgpu_crtc(crtc);
+	address = afb->address;
+
 	if (!plane->state->fb && !old_plane_state->fb)
 		return;
 
-- 
2.43.0

next prev parent reply	other threads:[~2024-07-28 15:48 UTC|newest]

Thread overview: 17+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2024-07-28 15:47 [PATCH AUTOSEL 6.1 01/17] drm/amdgpu/pm: Fix the param type of set_power_profile_mode Sasha Levin
2024-07-28 15:47 ` [PATCH AUTOSEL 6.1 02/17] drm/amdgpu/pm: Fix the null pointer dereference for smu7 Sasha Levin
2024-07-28 15:47 ` [PATCH AUTOSEL 6.1 03/17] drm/amdgpu: Fix the null pointer dereference to ras_manager Sasha Levin
2024-07-28 15:47 ` [PATCH AUTOSEL 6.1 04/17] drm/amdgpu/pm: Fix the null pointer dereference in apply_state_adjust_rules Sasha Levin
2024-07-28 15:47 ` [PATCH AUTOSEL 6.1 05/17] drm/amdgpu: Add lock around VF RLCG interface Sasha Levin
2024-07-28 15:47 ` [PATCH AUTOSEL 6.1 06/17] drm/amd/pm: Fix the null pointer dereference for vega10_hwmgr Sasha Levin
2024-07-28 15:47 ` [PATCH AUTOSEL 6.1 07/17] media: amphion: Remove lock in s_ctrl callback Sasha Levin
2024-07-28 15:47 ` Sasha Levin [this message]
2024-07-28 15:47 ` [PATCH AUTOSEL 6.1 09/17] drm/amd/display: Add null checker before passing variables Sasha Levin
2024-07-28 15:47 ` [PATCH AUTOSEL 6.1 10/17] media: uvcvideo: Ignore empty TS packets Sasha Levin
2024-07-28 15:47 ` [PATCH AUTOSEL 6.1 11/17] media: uvcvideo: Fix the bandwdith quirk on USB 3.x Sasha Levin
2024-07-28 15:47 ` [PATCH AUTOSEL 6.1 12/17] media: uvcvideo: Remove mappings form uvc_device_info Sasha Levin
2024-07-28 15:47 ` [PATCH AUTOSEL 6.1 13/17] media: xc2028: avoid use-after-free in load_firmware_cb() Sasha Levin
2024-07-28 15:47 ` [PATCH AUTOSEL 6.1 14/17] ext4: fix uninitialized variable in ext4_inlinedir_to_tree Sasha Levin
2024-07-28 15:47 ` [PATCH AUTOSEL 6.1 15/17] jbd2: avoid memleak in jbd2_journal_write_metadata_buffer Sasha Levin
2024-07-28 15:47 ` [PATCH AUTOSEL 6.1 16/17] s390/sclp: Prevent release of buffer in I/O Sasha Levin
2024-07-28 15:47 ` [PATCH AUTOSEL 6.1 17/17] SUNRPC: Fix a race to wake a sync task Sasha Levin

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:cd6e99cf74a0 dfblob:984a5affc5af )
 OR (
bs:"[PATCH AUTOSEL 6.1 08/17] drm/amd/display: Add NULL check for 'afb' before dereferencing in amdgpu_dm_plane_handle_cursor_update" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20240728154805.2049226-8-sashal@kernel.org \
    --to=sashal@kernel.org \
    --cc=Nicholas.Choi@amd.com \
    --cc=Qingqing.Zhuo@amd.com \
    --cc=Rodrigo.Siqueira@amd.com \
    --cc=Xinhui.Pan@amd.com \
    --cc=airlied@gmail.com \
    --cc=alex.hung@amd.com \
    --cc=alexander.deucher@amd.com \
    --cc=amd-gfx@lists.freedesktop.org \
    --cc=aurabindo.pillai@amd.com \
    --cc=chiahsuan.chung@amd.com \
    --cc=christian.koenig@amd.com \
    --cc=daniel@ffwll.ch \
    --cc=dri-devel@lists.freedesktop.org \
    --cc=hamza.mahfooz@amd.com \
    --cc=harry.wentland@amd.com \
    --cc=hersenxs.wu@amd.com \
    --cc=joshua@froggi.es \
    --cc=linux-kernel@vger.kernel.org \
    --cc=mwen@igalia.com \
    --cc=roman.li@amd.com \
    --cc=srinivasan.shanmugam@amd.com \
    --cc=stable@vger.kernel.org \
    --cc=sunpeng.li@amd.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox