[PATCH] drm/dp_mst: Avoid NULL pointer dereference
Lyude Paul
lyude at redhat.com
Fri Jan 3 20:35:12 UTC 2020
Back from the holidays!
Reviewed-by: Lyude Paul <lyude at redhat.com>
Do you need me to push this to drm-misc?
On Thu, 2019-12-26 at 10:31 +0800, Wayne Lin wrote:
> [Why]
> Found kernel NULL pointer dereference under the below situation:
>
> src — HDMI_Monitor src — HDMI_Monitor
> e.g.: \ =>
> MSTB — MSTB (unplug) MSTB — MSTB
>
> When display 1 HDMI and 2 DP daisy chain monitors, unplugging the dp
> cable connected to source causes kernel NULL pointer dereference at
> drm_dp_mst_atomic_check_bw_limit(). When calculating pbn_limit, if
> branch is null, accessing "&branch->ports" causes the problem.
>
> [How]
> Judge branch is null or not at the beginning. If it is null, return 0.
>
> Signed-off-by: Wayne Lin <Wayne.Lin at amd.com>
> Cc: stable at vger.kernel.org
> ---
> drivers/gpu/drm/drm_dp_mst_topology.c | 3 +++
> 1 file changed, 3 insertions(+)
>
> diff --git a/drivers/gpu/drm/drm_dp_mst_topology.c
> b/drivers/gpu/drm/drm_dp_mst_topology.c
> index 7d2d31eaf003..a6473e3ab448 100644
> --- a/drivers/gpu/drm/drm_dp_mst_topology.c
> +++ b/drivers/gpu/drm/drm_dp_mst_topology.c
> @@ -4707,6 +4707,9 @@ int drm_dp_mst_atomic_check_bw_limit(struct
> drm_dp_mst_branch *branch,
> struct drm_dp_vcpi_allocation *vcpi;
> int pbn_limit = 0, pbn_used = 0;
>
> + if (!branch)
> + return 0;
> +
> list_for_each_entry(port, &branch->ports, next) {
> if (port->mstb)
> if (drm_dp_mst_atomic_check_bw_limit(port->mstb,
> mst_state))
--
Cheers,
Lyude Paul
More information about the dri-devel
mailing list