From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: stable@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
patches@lists.linux.dev, Dan Carpenter <dan.carpenter@linaro.org>,
Harry Wentland <harry.wentland@amd.com>,
Tom Chung <chiahsuan.chung@amd.com>,
Rodrigo Siqueira <Rodrigo.Siqueira@amd.com>,
Roman Li <roman.li@amd.com>,
Aurabindo Pillai <aurabindo.pillai@amd.com>,
Srinivasan Shanmugam <srinivasan.shanmugam@amd.com>,
Alex Deucher <alexander.deucher@amd.com>
Subject: [PATCH 6.10 22/22] drm/amdgpu/display: Fix null pointer dereference in dc_stream_program_cursor_position
Date: Thu, 15 Aug 2024 15:25:30 +0200 [thread overview]
Message-ID: <20240815131832.111555892@linuxfoundation.org> (raw)
In-Reply-To: <20240815131831.265729493@linuxfoundation.org>
6.10-stable review patch. If anyone has any objections, please let me know.
------------------
From: Srinivasan Shanmugam <srinivasan.shanmugam@amd.com>
commit fa4c500ce93f4f933c38e6d6388970e121e27b21 upstream.
The fix involves adding a null check for 'stream' at the beginning of
the function. If 'stream' is NULL, the function immediately returns
false. This ensures that 'stream' is not NULL when we dereference it to
access 'ctx' in 'dc = stream->ctx->dc;' the function.
Fixes the below:
drivers/gpu/drm/amd/amdgpu/../display/dc/core/dc_stream.c:398 dc_stream_program_cursor_position()
error: we previously assumed 'stream' could be null (see line 397)
drivers/gpu/drm/amd/amdgpu/../display/dc/core/dc_stream.c
389 bool dc_stream_program_cursor_position(
390 struct dc_stream_state *stream,
391 const struct dc_cursor_position *position)
392 {
393 struct dc *dc;
394 bool reset_idle_optimizations = false;
395 const struct dc_cursor_position *old_position;
396
397 old_position = stream ? &stream->cursor_position : NULL;
^^^^^^^^
The patch adds a NULL check
--> 398 dc = stream->ctx->dc;
^^^^^^^^
The old code didn't check
399
400 if (dc_stream_set_cursor_position(stream, position)) {
401 dc_z10_restore(dc);
402
403 /* disable idle optimizations if enabling cursor */
404 if (dc->idle_optimizations_allowed &&
405 (!old_position->enable || dc->debug.exit_idle_opt_for_cursor_updates) &&
406 position->enable) {
407 dc_allow_idle_optimizations(dc, false);
Fixes: f63f86b5affc ("drm/amd/display: Separate setting and programming of cursor")
Reported-by: Dan Carpenter <dan.carpenter@linaro.org>
Cc: Harry Wentland <harry.wentland@amd.com>
Cc: Tom Chung <chiahsuan.chung@amd.com>
Cc: Rodrigo Siqueira <Rodrigo.Siqueira@amd.com>
Cc: Roman Li <roman.li@amd.com>
Cc: Aurabindo Pillai <aurabindo.pillai@amd.com>
Signed-off-by: Srinivasan Shanmugam <srinivasan.shanmugam@amd.com>
Reviewed-by: Harry Wentland <harry.wentland@amd.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/gpu/drm/amd/display/dc/core/dc_stream.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
--- a/drivers/gpu/drm/amd/display/dc/core/dc_stream.c
+++ b/drivers/gpu/drm/amd/display/dc/core/dc_stream.c
@@ -394,7 +394,10 @@ bool dc_stream_program_cursor_position(
bool reset_idle_optimizations = false;
const struct dc_cursor_position *old_position;
- old_position = stream ? &stream->cursor_position : NULL;
+ if (!stream)
+ return false;
+
+ old_position = &stream->cursor_position;
dc = stream->ctx->dc;
if (dc_stream_set_cursor_position(stream, position)) {
next prev parent reply other threads:[~2024-08-15 13:38 UTC|newest]
Thread overview: 33+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-08-15 13:25 [PATCH 6.10 00/22] 6.10.6-rc1 review Greg Kroah-Hartman
2024-08-15 13:25 ` [PATCH 6.10 01/22] exec: Fix ToCToU between perm check and set-uid/gid usage Greg Kroah-Hartman
2024-08-15 13:25 ` [PATCH 6.10 02/22] drm/amd/display: Defer handling mst up request in resume Greg Kroah-Hartman
2024-08-15 13:25 ` [PATCH 6.10 03/22] drm/amd/display: Separate setting and programming of cursor Greg Kroah-Hartman
2024-08-15 13:25 ` [PATCH 6.10 04/22] drm/amd/display: Prevent IPX From Link Detect and Set Mode Greg Kroah-Hartman
2024-08-15 13:25 ` [PATCH 6.10 05/22] LoongArch: Define __ARCH_WANT_NEW_STAT in unistd.h Greg Kroah-Hartman
2024-08-15 13:25 ` [PATCH 6.10 06/22] nvme/pci: Add APST quirk for Lenovo N60z laptop Greg Kroah-Hartman
2024-08-15 13:25 ` [PATCH 6.10 07/22] ASoC: cs35l56: Patch CS35L56_IRQ1_MASK_18 to the default value Greg Kroah-Hartman
2024-08-15 13:25 ` [PATCH 6.10 08/22] bpf, net: Use DEV_STAT_INC() Greg Kroah-Hartman
2024-08-15 13:25 ` [PATCH 6.10 09/22] f2fs: fix to do sanity check on F2FS_INLINE_DATA flag in inode during GC Greg Kroah-Hartman
2024-08-15 13:25 ` [PATCH 6.10 10/22] f2fs: fix to cover read extent cache access with lock Greg Kroah-Hartman
2024-08-15 13:25 ` [PATCH 6.10 11/22] fou: remove warn in gue_gro_receive on unsupported protocol Greg Kroah-Hartman
2024-08-15 13:25 ` [PATCH 6.10 12/22] jfs: fix null ptr deref in dtInsertEntry Greg Kroah-Hartman
2024-08-15 13:25 ` [PATCH 6.10 13/22] jfs: Fix shift-out-of-bounds in dbDiscardAG Greg Kroah-Hartman
2024-08-15 13:25 ` [PATCH 6.10 14/22] fs/ntfs3: Do copy_to_user out of run_lock Greg Kroah-Hartman
2024-08-15 13:25 ` [PATCH 6.10 15/22] ALSA: usb: Fix UBSAN warning in parse_audio_unit() Greg Kroah-Hartman
2024-08-15 13:25 ` [PATCH 6.10 16/22] platform/x86/amd/pmf: Fix to Update HPD Data When ALS is Disabled Greg Kroah-Hartman
2024-08-15 13:25 ` [PATCH 6.10 17/22] platform/x86: ideapad-laptop: introduce a generic notification chain Greg Kroah-Hartman
2024-08-15 13:25 ` [PATCH 6.10 18/22] platform/x86: ideapad-laptop: move ymc_trigger_ec from lenovo-ymc Greg Kroah-Hartman
2024-08-15 13:25 ` [PATCH 6.10 19/22] platform/x86: ideapad-laptop: add a mutex to synchronize VPC commands Greg Kroah-Hartman
2024-08-15 13:25 ` [PATCH 6.10 20/22] binfmt_flat: Fix corruption when not offsetting data start Greg Kroah-Hartman
2024-08-15 13:25 ` [PATCH 6.10 21/22] drm/amd/display: Solve mst monitors blank out problem after resume Greg Kroah-Hartman
2024-08-15 13:25 ` Greg Kroah-Hartman [this message]
2024-08-15 14:41 ` [PATCH 6.10 00/22] 6.10.6-rc1 review Kevin Holm
2024-08-15 15:07 ` Guenter Roeck
2024-08-16 8:51 ` Greg Kroah-Hartman
2024-08-15 18:01 ` Justin Forbes
2024-08-15 18:34 ` Markus Reichelt
2024-08-15 20:26 ` Peter Schneider
2024-08-15 20:32 ` Pavel Machek
2024-08-15 22:13 ` Florian Fainelli
2024-08-16 8:45 ` Anders Roxell
2024-08-16 10:08 ` Christian Heusel
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20240815131832.111555892@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=Rodrigo.Siqueira@amd.com \
--cc=alexander.deucher@amd.com \
--cc=aurabindo.pillai@amd.com \
--cc=chiahsuan.chung@amd.com \
--cc=dan.carpenter@linaro.org \
--cc=harry.wentland@amd.com \
--cc=patches@lists.linux.dev \
--cc=roman.li@amd.com \
--cc=srinivasan.shanmugam@amd.com \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox