[PATCH] drm/amd/display: Fix possible NULL dereference on device remove/driver unload

Li, Roman Roman.Li at amd.com
Mon Feb 12 15:23:07 UTC 2024 

[AMD Official Use Only - General]

Reviewed-by: Roman Li <roman.li at amd.com>

> -----Original Message-----
> From: amd-gfx <amd-gfx-bounces at lists.freedesktop.org> On Behalf Of
> Srinivasan Shanmugam
> Sent: Tuesday, February 6, 2024 11:55 PM
> To: Siqueira, Rodrigo <Rodrigo.Siqueira at amd.com>; Pillai, Aurabindo
> <Aurabindo.Pillai at amd.com>
> Cc: amd-gfx at lists.freedesktop.org; SHANMUGAM, SRINIVASAN
> <SRINIVASAN.SHANMUGAM at amd.com>; Andrey Grodzovsky
> <andrey.grodzovsky at amd.com>; Wentland, Harry
> <Harry.Wentland at amd.com>
> Subject: [PATCH] drm/amd/display: Fix possible NULL dereference on device
> remove/driver unload
>
> As part of a cleanup amdgpu_dm_fini() function, which is typically called when
> a device is being shut down or a driver is being unloaded
>
> The below error message suggests that there is a potential null pointer
> dereference issue with adev->dm.dc.
>
> In the below, line of code where adev->dm.dc is used without a preceding null
> check:
>
> for (i = 0; i < adev->dm.dc->caps.max_links; i++) {
>
> To fix this issue, add a null check for adev->dm.dc before this line.
>
> Reported by smatch:
> drivers/gpu/drm/amd/amdgpu/../display/amdgpu_dm/amdgpu_dm.c:1959
> amdgpu_dm_fini() error: we previously assumed 'adev->dm.dc' could be null
> (see line 1943)
>
> Fixes: 006c26a0f1c8 ("drm/amd/display: Fix crash on device remove/driver
> unload")
> Cc: Andrey Grodzovsky <andrey.grodzovsky at amd.com>
> Cc: Harry Wentland <harry.wentland at amd.com>
> Cc: Rodrigo Siqueira <Rodrigo.Siqueira at amd.com>
> Cc: Aurabindo Pillai <aurabindo.pillai at amd.com>
> Signed-off-by: Srinivasan Shanmugam <srinivasan.shanmugam at amd.com>
> ---
>  drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c
> b/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c
> index b3a5e730be24..d4c1415f4562 100644
> --- a/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c
> +++ b/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c
> @@ -1956,7 +1956,7 @@ static void amdgpu_dm_fini(struct amdgpu_device
> *adev)
>                                     &adev->dm.dmub_bo_gpu_addr,
>                                     &adev->dm.dmub_bo_cpu_addr);
>
> -     if (adev->dm.hpd_rx_offload_wq) {
> +     if (adev->dm.hpd_rx_offload_wq && adev->dm.dc) {
>               for (i = 0; i < adev->dm.dc->caps.max_links; i++) {
>                       if (adev->dm.hpd_rx_offload_wq[i].wq) {
>                               destroy_workqueue(adev-
> >dm.hpd_rx_offload_wq[i].wq);
> --
> 2.34.1

More information about the amd-gfx mailing list