[PATCH] drm: Check if primary mst is null

Wed Nov 7 16:11:30 UTC 2018

Unfortunately drm_dp_get_mst_branch_device which is called from both
drm_dp_mst_handle_down_rep and drm_dp_mst_handle_up_rep seem to rely
on that mgr->mst_primary is not NULL, which seem to be wrong as it can be
cleared with simultaneous mode set, if probing fails or in other case.
mgr->lock mutex doesn't protect against that as it might just get assigned to NULL
right before, not simultaneously.
There are currently bugs 107738, 108816 bugs which crash in
drm_dp_get_mst_branch_device, caused by this issue.

Signed-off-by: Stanislav Lisovskiy <stanislav.lisovskiy at intel.com>
---
 drivers/gpu/drm/drm_dp_mst_topology.c | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/drivers/gpu/drm/drm_dp_mst_topology.c b/drivers/gpu/drm/drm_dp_mst_topology.c
index 5ff1d79b86c4..fb90ed4cdc3a 100644
--- a/drivers/gpu/drm/drm_dp_mst_topology.c
+++ b/drivers/gpu/drm/drm_dp_mst_topology.c
@@ -1273,6 +1273,12 @@ static struct drm_dp_mst_branch *drm_dp_get_mst_branch_device(struct drm_dp_mst_
 	/* find the port by iterating down */
 
 	mutex_lock(&mgr->lock);
+
+	if (!mgr->mst_primary) {
+		mstb = NULL;
+		goto out;
+	}
+
 	mstb = mgr->mst_primary;
 
 	for (i = 0; i < lct - 1; i++) {
-- 
2.17.1

