[PATCH] drm/mst: Fix NULL pointer dereference in drm_dp_add_payload

public inbox for stable@vger.kernel.org
 help / color / mirror / Atom feed

* [PATCH] drm/mst: Fix NULL pointer dereference in drm_dp_add_payload_part2 (again)
@ 2024-04-13  0:22 Jeff Mahoney
  2024-04-13  0:57 ` Jeff Mahoney
  0 siblings, 1 reply; 3+ messages in thread
From: Jeff Mahoney @ 2024-04-13  0:22 UTC (permalink / raw)
  To: Wayne Lin, dri-devel
  Cc: linux-kernel, David Airlie, Daniel Vetter, Jeff Mahoney, stable

Commit 54d217406afe (drm: use mgr->dev in drm_dbg_kms in
drm_dp_add_payload_part2) appears to have been accidentially reverted as
part of commit 5aa1dfcdf0a42 (drm/mst: Refactor the flow for payload
allocation/removement).

I've been seeing NULL pointer dereferences in drm_dp_add_payload_part2
due to state->dev being NULL in the debug message printed if the payload
allocation has failed.

This commit restores mgr->dev to avoid the Oops.

Fixes: 5aa1dfcdf0a42 ("drm/mst: Refactor the flow for payload allocation/removement")
Cc: stable@vger.kernel.org
Signed-off-by: Jeff Mahoney <jeffm@suse.com>
---
 drivers/gpu/drm/display/drm_dp_mst_topology.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/gpu/drm/display/drm_dp_mst_topology.c b/drivers/gpu/drm/display/drm_dp_mst_topology.c
index 03d528209426..3dc966f25c0c 100644
--- a/drivers/gpu/drm/display/drm_dp_mst_topology.c
+++ b/drivers/gpu/drm/display/drm_dp_mst_topology.c
@@ -3437,7 +3437,7 @@ int drm_dp_add_payload_part2(struct drm_dp_mst_topology_mgr *mgr,
 
 	/* Skip failed payloads */
 	if (payload->payload_allocation_status != DRM_DP_MST_PAYLOAD_ALLOCATION_DFP) {
-		drm_dbg_kms(state->dev, "Part 1 of payload creation for %s failed, skipping part 2\n",
+		drm_dbg_kms(mgr->dev, "Part 1 of payload creation for %s failed, skipping part 2\n",
 			    payload->port->connector->name);
 		return -EIO;
 	}
-- 
2.44.0


^ permalink raw reply related	[flat|nested] 3+ messages in thread

* Re: [PATCH] drm/mst: Fix NULL pointer dereference in drm_dp_add_payload_part2 (again)
  2024-04-13  0:22 [PATCH] drm/mst: Fix NULL pointer dereference in drm_dp_add_payload_part2 (again) Jeff Mahoney
@ 2024-04-13  0:57 ` Jeff Mahoney
  2024-04-15  2:53   ` Lin, Wayne
  0 siblings, 1 reply; 3+ messages in thread
From: Jeff Mahoney @ 2024-04-13  0:57 UTC (permalink / raw)
  To: Wayne Lin, dri-devel; +Cc: linux-kernel, David Airlie, Daniel Vetter, stable

As a follow up, I read through the original thread before sending this 
and my understanding is that this message probably shouldn't be getting 
printed in the first place.  I've turned on KMS, ATOMIC, STATE, and DP 
debugging to see what shakes out.  I have a KVM on my desk that I use to 
switch between systems fairly frequently.  I'm speculating that the 
connecting and disconnecting is related, so I'm hopeful I can trigger it 
quickly.

-Jeff

On 4/12/24 20:22, Jeff Mahoney wrote:
> Commit 54d217406afe (drm: use mgr->dev in drm_dbg_kms in
> drm_dp_add_payload_part2) appears to have been accidentially reverted as
> part of commit 5aa1dfcdf0a42 (drm/mst: Refactor the flow for payload
> allocation/removement).
> 
> I've been seeing NULL pointer dereferences in drm_dp_add_payload_part2
> due to state->dev being NULL in the debug message printed if the payload
> allocation has failed.
> 
> This commit restores mgr->dev to avoid the Oops.
> 
> Fixes: 5aa1dfcdf0a42 ("drm/mst: Refactor the flow for payload allocation/removement")
> Cc: stable@vger.kernel.org
> Signed-off-by: Jeff Mahoney <jeffm@suse.com>
> ---
>   drivers/gpu/drm/display/drm_dp_mst_topology.c | 2 +-
>   1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/drivers/gpu/drm/display/drm_dp_mst_topology.c b/drivers/gpu/drm/display/drm_dp_mst_topology.c
> index 03d528209426..3dc966f25c0c 100644
> --- a/drivers/gpu/drm/display/drm_dp_mst_topology.c
> +++ b/drivers/gpu/drm/display/drm_dp_mst_topology.c
> @@ -3437,7 +3437,7 @@ int drm_dp_add_payload_part2(struct drm_dp_mst_topology_mgr *mgr,
>   
>   	/* Skip failed payloads */
>   	if (payload->payload_allocation_status != DRM_DP_MST_PAYLOAD_ALLOCATION_DFP) {
> -		drm_dbg_kms(state->dev, "Part 1 of payload creation for %s failed, skipping part 2\n",
> +		drm_dbg_kms(mgr->dev, "Part 1 of payload creation for %s failed, skipping part 2\n",
>   			    payload->port->connector->name);
>   		return -EIO;
>   	}

-- 
Jeff Mahoney
VP Engineering, Linux Systems

^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: [PATCH] drm/mst: Fix NULL pointer dereference in drm_dp_add_payload_part2 (again)
  2024-04-13  0:57 ` Jeff Mahoney
@ 2024-04-15  2:53   ` Lin, Wayne
  0 siblings, 0 replies; 3+ messages in thread
From: Lin, Wayne @ 2024-04-15  2:53 UTC (permalink / raw)
  To: Jeff Mahoney, dri-devel@lists.freedesktop.org
  Cc: linux-kernel@vger.kernel.org, David Airlie, Daniel Vetter,
	stable@vger.kernel.org

[Public]

Hi Jeff,

I have a patch sent for this before but not yet get reviewed. Will ping again.
https://patchwork.freedesktop.org/series/130852/

Thanks!

Regards,
Wayne

________________________________________
From: Jeff Mahoney <jeffm@suse.com>
Sent: Saturday, April 13, 2024 08:57
To: Lin, Wayne; dri-devel@lists.freedesktop.org
Cc: linux-kernel@vger.kernel.org; David Airlie; Daniel Vetter; stable@vger.kernel.org
Subject: Re: [PATCH] drm/mst: Fix NULL pointer dereference in drm_dp_add_payload_part2 (again)

As a follow up, I read through the original thread before sending this
and my understanding is that this message probably shouldn't be getting
printed in the first place.  I've turned on KMS, ATOMIC, STATE, and DP
debugging to see what shakes out.  I have a KVM on my desk that I use to
switch between systems fairly frequently.  I'm speculating that the
connecting and disconnecting is related, so I'm hopeful I can trigger it
quickly.

-Jeff

On 4/12/24 20:22, Jeff Mahoney wrote:
> Commit 54d217406afe (drm: use mgr->dev in drm_dbg_kms in
> drm_dp_add_payload_part2) appears to have been accidentially reverted as
> part of commit 5aa1dfcdf0a42 (drm/mst: Refactor the flow for payload
> allocation/removement).
>
> I've been seeing NULL pointer dereferences in drm_dp_add_payload_part2
> due to state->dev being NULL in the debug message printed if the payload
> allocation has failed.
>
> This commit restores mgr->dev to avoid the Oops.
>
> Fixes: 5aa1dfcdf0a42 ("drm/mst: Refactor the flow for payload allocation/removement")
> Cc: stable@vger.kernel.org
> Signed-off-by: Jeff Mahoney <jeffm@suse.com>
> ---
>   drivers/gpu/drm/display/drm_dp_mst_topology.c | 2 +-
>   1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/drivers/gpu/drm/display/drm_dp_mst_topology.c b/drivers/gpu/drm/display/drm_dp_mst_topology.c
> index 03d528209426..3dc966f25c0c 100644
> --- a/drivers/gpu/drm/display/drm_dp_mst_topology.c
> +++ b/drivers/gpu/drm/display/drm_dp_mst_topology.c
> @@ -3437,7 +3437,7 @@ int drm_dp_add_payload_part2(struct drm_dp_mst_topology_mgr *mgr,
>
>       /* Skip failed payloads */
>       if (payload->payload_allocation_status != DRM_DP_MST_PAYLOAD_ALLOCATION_DFP) {
> -             drm_dbg_kms(state->dev, "Part 1 of payload creation for %s failed, skipping part 2\n",
> +             drm_dbg_kms(mgr->dev, "Part 1 of payload creation for %s failed, skipping part 2\n",
>                           payload->port->connector->name);
>               return -EIO;
>       }

--
Jeff Mahoney
VP Engineering, Linux Systems

^ permalink raw reply	[flat|nested] 3+ messages in thread

end of thread, other threads:[~2024-04-15  2:53 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2024-04-13  0:22 [PATCH] drm/mst: Fix NULL pointer dereference in drm_dp_add_payload_part2 (again) Jeff Mahoney
2024-04-13  0:57 ` Jeff Mahoney
2024-04-15  2:53   ` Lin, Wayne

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox