<html> <head> <meta http-equiv="Content-Type" content="text/html; charset=us-ascii"> <style type="text/css" style="display:none;"> P {margin-top:0;margin-bottom:0;} </style> </head> <body dir="ltr"> <p style="font-family:Calibri;font-size:10pt;color:#0000FF;margin:5pt;font-style:normal;font-weight:normal;text-decoration:none;" align="Left"> [AMD Official Use Only - AMD Internal Distribution Only]<br> </p> <br> <div> <div class="elementToProof" style="font-family: Aptos, Aptos_EmbeddedFont, Aptos_MSFontService, Calibri, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);"> Reviewed-by: Aurabindo Pillai <aurabindo.pillai@amd.com></div> <div class="elementToProof" style="font-family: Aptos, Aptos_EmbeddedFont, Aptos_MSFontService, Calibri, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);"> <br> </div> <div id="Signature" class="elementToProof" style="color: inherit;"> <div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);"> --</div> <div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);"> <br> </div> <div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);"> Regards,</div> <div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);"> Aurabindo Pillai </div> </div> <div id="appendonsend"></div> <hr style="display:inline-block;width:98%" tabindex="-1"> <div id="divRplyFwdMsg" dir="ltr"><font face="Calibri, sans-serif" style="font-size:11pt" color="#000000"><b>From:</b> SHANMUGAM, SRINIVASAN <SRINIVASAN.SHANMUGAM@amd.com><br> <b>Sent:</b> Monday, April 21, 2025 12:06 AM<br> <b>To:</b> Pillai, Aurabindo <Aurabindo.Pillai@amd.com><br> <b>Cc:</b> amd-gfx@lists.freedesktop.org <amd-gfx@lists.freedesktop.org>; SHANMUGAM, SRINIVASAN <SRINIVASAN.SHANMUGAM@amd.com>; Wentland, Harry <Harry.Wentland@amd.com>; Kazlauskas, Nicholas <Nicholas.Kazlauskas@amd.com>; Chung, ChiaHsuan (Tom) <ChiaHsuan.Chung@amd.com>; Rodrigo Siqueira <Rodrigo.Siqueira@amd.com>; Li, Roman <Roman.Li@amd.com>; Hung, Alex <Alex.Hung@amd.com>; Dan Carpenter <dan.carpenter@linaro.org><br> <b>Subject:</b> [PATCH v2] drm/amd/display: Fix NULL pointer dereferences in dm_update_crtc_state() v2</font> <div> </div> </div> <div class="BodyFragment"><font size="2"><span style="font-size:11pt;"> <div class="PlainText">Added checks for NULL values after retrieving drm_new_conn_state<br> to prevent dereferencing NULL pointers.<br> <br> Fixes the below:<br> drivers/gpu/drm/amd/amdgpu/../display/amdgpu_dm/amdgpu_dm.c:10751 dm_update_crtc_state()<br> warn: 'drm_new_conn_state' can also be NULL<br> <br> drivers/gpu/drm/amd/amdgpu/../display/amdgpu_dm/amdgpu_dm.c<br> 10672 static int dm_update_crtc_state(struct amdgpu_display_manager *dm,<br> 10673 struct drm_atomic_state *state,<br> 10674 struct drm_crtc *crtc,<br> 10675 struct drm_crtc_state *old_crtc_state,<br> 10676 struct drm_crtc_state *new_crtc_state,<br> 10677 bool enable,<br> 10678 bool *lock_and_validation_needed)<br> 10679 {<br> 10680 struct dm_atomic_state *dm_state = NULL;<br> 10681 struct dm_crtc_state *dm_old_crtc_state, *dm_new_crtc_state;<br> 10682 struct dc_stream_state *new_stream;<br> 10683 int ret = 0;<br> 10684<br> ...<br> 10703<br> 10704 /* TODO This hack should go away */<br> 10705 if (connector && enable) {<br> 10706 /* Make sure fake sink is created in plug-in scenario */<br> 10707 drm_new_conn_state = drm_atomic_get_new_connector_state(state,<br> 10708 connector);<br> <br> drm_atomic_get_new_connector_state() can't return error pointers, only NULL.<br> <br> 10709 drm_old_conn_state = drm_atomic_get_old_connector_state(state,<br> 10710 connector);<br> 10711<br> 10712 if (IS_ERR(drm_new_conn_state)) {<br> ^^^^^^^^^^^^^^^^^^<br> <br> 10713 ret = PTR_ERR_OR_ZERO(drm_new_conn_state);<br> <br> Calling PTR_ERR_OR_ZERO() doesn't make sense. It can't be success.<br> <br> 10714 goto fail;<br> 10715 }<br> 10716<br> ...<br> 10748<br> 10749 dm_new_crtc_state->abm_level = dm_new_conn_state->abm_level;<br> 10750<br> --> 10751 ret = fill_hdr_info_packet(drm_new_conn_state,<br> ^^^^^^^^^^^^^^^^^^ Unchecked dereference<br> <br> 10752 &new_stream->hdr_static_metadata);<br> 10753 if (ret)<br> 10754 goto fail;<br> 10755<br> <br> v2: Modified the NULL pointer check for drm_new_conn_state in the<br> dm_update_crtc_state function to include a warning via WARN_ON and<br> return -EINVAL to indicate an invalid state when the pointer is NULL.<br> <br> Cc: Harry Wentland <harry.wentland@amd.com><br> Cc: Nicholas Kazlauskas <nicholas.kazlauskas@amd.com><br> Cc: Tom Chung <chiahsuan.chung@amd.com><br> Cc: Rodrigo Siqueira <Rodrigo.Siqueira@amd.com><br> Cc: Roman Li <roman.li@amd.com><br> Cc: Alex Hung <alex.hung@amd.com><br> Cc: Aurabindo Pillai <aurabindo.pillai@amd.com><br> Reported-by: Dan Carpenter <dan.carpenter@linaro.org><br> Signed-off-by: Srinivasan Shanmugam <srinivasan.shanmugam@amd.com><br> Reviewed-by: Aurabindo Pillai <aurabindo.pillai@amd.com><br> ---<br> drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 4 ++--<br> 1 file changed, 2 insertions(+), 2 deletions(-)<br> <br> diff --git a/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c b/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c<br> index 31a5b8fc4dc4..3d2ff5d58067 100644<br> --- a/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c<br> +++ b/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c<br> @@ -10858,8 +10858,8 @@ static int dm_update_crtc_state(struct amdgpu_display_manager *dm,<br> drm_old_conn_state = drm_atomic_get_old_connector_state(state,<br> connector);<br> <br> - if (IS_ERR(drm_new_conn_state)) {<br> - ret = PTR_ERR_OR_ZERO(drm_new_conn_state);<br> + if (WARN_ON(!drm_new_conn_state)) {<br> + ret = -EINVAL;<br> goto fail;<br> }<br> <br> -- <br> 2.34.1<br> <br> </div> </span></font></div> </div> </body> </html>