[PATCH] drm/amdgpu: fix a possible null pointer dereference

Daniel Vetter daniel at ffwll.ch
Mon Jun 24 10:23:40 UTC 2024 

On Sun, 23 Jun 2024 at 14:22, Joshua Ashton <joshua at froggi.es> wrote:

> Maybe that wasn't you or whatever, but your last patch that did this got
> some CVE assigned to it that didn't really make any sense, given this is
> just a null deref that'd end up as an oops?
>
> It can only happen if the kzalloc in drm_mode_create fails.
>
> I imagine that the `continue` is not the best cause of action anyway,
> it's probably not worth adding some broken connector with a bunch of
> missing modes.
> It's just going to make things appear more broken and be unexpected to
> userspace.
>
> Maybe this is some new thing that we do now I am out of the loop on...
>

Kernel CVE handling changed a lot, for background:

 https://lwn.net/Articles/978711/

No one needs to ask for CVEs, you'll all get them pretty much automatically
for everything now.

Cheers, Sima


> - Joshie 🐸✨
>
> On 6/23/24 10:20 AM, Joshua Ashton wrote:
> > Are you planning on submitting a bogus CVE for this patch too?
> >
> > - Joshie 🐸✨
> >
> > On June 22, 2024 9:22:19 AM GMT+01:00, Ma Ke <make24 at iscas.ac.cn> wrote:
> >> In amdgpu_connector_add_common_modes(), the return value of
> drm_cvt_mode()
> >> is assigned to mode, which will lead to a NULL pointer dereference on
> >> failure of drm_cvt_mode(). Add a check to avoid npd.
> >>
> >> Signed-off-by: Ma Ke <make24 at iscas.ac.cn>
> >> ---
> >> drivers/gpu/drm/amd/amdgpu/amdgpu_connectors.c | 2 ++
> >> 1 file changed, 2 insertions(+)
> >>
> >> diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_connectors.c
> b/drivers/gpu/drm/amd/amdgpu/amdgpu_connectors.c
> >> index 9caba10315a8..6cf946adb6fe 100644
> >> --- a/drivers/gpu/drm/amd/amdgpu/amdgpu_connectors.c
> >> +++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_connectors.c
> >> @@ -458,6 +458,8 @@ static void
> amdgpu_connector_add_common_modes(struct drm_encoder *encoder,
> >>                      continue;
> >>
> >>              mode = drm_cvt_mode(dev, common_modes[i].w,
> common_modes[i].h, 60, false, false, false);
> >> +            if (!mode)
> >> +                    continue;
> >>              drm_mode_probed_add(connector, mode);
> >>      }
> >> }
>
>

-- 
Daniel Vetter
Software Engineer, Intel Corporation
http://blog.ffwll.ch
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.freedesktop.org/archives/amd-gfx/attachments/20240624/f6e5cb00/attachment-0001.htm>

More information about the amd-gfx mailing list