[Intel-gfx] [PATCH] drm: Check if primary mst is null
Lyude Paul
lyude at redhat.com
Wed Nov 7 19:55:28 UTC 2018
Thanks for noticing this one! With the changes that Ville mentioned in their
response:
Reviewed-by: Lyude Paul <lyude at redhat.com>
If you need me to push this for you; poke me here or on IRC
On Wed, 2018-11-07 at 18:11 +0200, Stanislav Lisovskiy wrote:
> Unfortunately drm_dp_get_mst_branch_device which is called from both
> drm_dp_mst_handle_down_rep and drm_dp_mst_handle_up_rep seem to rely
> on that mgr->mst_primary is not NULL, which seem to be wrong as it can be
> cleared with simultaneous mode set, if probing fails or in other case.
> mgr->lock mutex doesn't protect against that as it might just get assigned
> to NULL
> right before, not simultaneously.
> There are currently bugs 107738, 108816 bugs which crash in
> drm_dp_get_mst_branch_device, caused by this issue.
>
> Signed-off-by: Stanislav Lisovskiy <stanislav.lisovskiy at intel.com>
> ---
> drivers/gpu/drm/drm_dp_mst_topology.c | 6 ++++++
> 1 file changed, 6 insertions(+)
>
> diff --git a/drivers/gpu/drm/drm_dp_mst_topology.c
> b/drivers/gpu/drm/drm_dp_mst_topology.c
> index 5ff1d79b86c4..fb90ed4cdc3a 100644
> --- a/drivers/gpu/drm/drm_dp_mst_topology.c
> +++ b/drivers/gpu/drm/drm_dp_mst_topology.c
> @@ -1273,6 +1273,12 @@ static struct drm_dp_mst_branch
> *drm_dp_get_mst_branch_device(struct drm_dp_mst_
> /* find the port by iterating down */
>
> mutex_lock(&mgr->lock);
> +
> + if (!mgr->mst_primary) {
> + mstb = NULL;
> + goto out;
> + }
> +
> mstb = mgr->mst_primary;
>
> for (i = 0; i < lct - 1; i++) {
--
Cheers,
Lyude Paul
More information about the Intel-gfx
mailing list