| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <1609127826-264749-1-git-send-email-bodefang@126.com>
Date: Mon, 28 Dec 2020 11:57:06 +0800
From: Defang Bo <bodefang@....com>
To: airlied@...ux.ie, daniel@...ll.ch
Cc: nicholas.kazlauskas@....com, Rodrigo.Siqueira@....com,
aurabindo.pillai@....com, stylon.wang@....com,
Bhawanpreet.Lakha@....com, hersenxs.wu@....com, amonakov@...ras.ru,
luben.tuikov@....com, amd-gfx@...ts.freedesktop.org,
linux-kernel@...r.kernel.org, Defang Bo <bodefang@....com>
Subject: [PATCH] drm/amd/display: avoid null pointer dereference in dm_set_vblank
[Why]
Similar to commit<dddc0557e3a0>("drm/amd/display: Guard against null crtc in CRC IRQ"), a null pointer deference can occur if crtc is null in
dm_set_vblank.
[How]
Check that CRTC is non-null before accessing its fields.
Signed-off-by: Defang Bo <bodefang@....com>
---
drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 14 +++++++++++---
1 file changed, 11 insertions(+), 3 deletions(-)
diff --git a/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c b/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c
index e2b23486..f820962 100644
--- a/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c
+++ b/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c
@@ -4875,11 +4875,19 @@ static inline int dm_set_vupdate_irq(struct drm_crtc *crtc, bool enable)
static inline int dm_set_vblank(struct drm_crtc *crtc, bool enable)
{
enum dc_irq_source irq_source;
- struct amdgpu_crtc *acrtc = to_amdgpu_crtc(crtc);
- struct amdgpu_device *adev = drm_to_adev(crtc->dev);
- struct dm_crtc_state *acrtc_state = to_dm_crtc_state(crtc->state);
+ struct amdgpu_crtc *acrtc;
+ struct amdgpu_device *adev;
+ struct dm_crtc_state *acrtc_state;
int rc = 0;
+ if (crtc == NULL)
+ return -EINVAL;
+
+ acrtc = to_amdgpu_crtc(crtc);
+ adev = drm_to_adev(crtc->dev);
+ acrtc_state = to_dm_crtc_state(crtc->state);
+
+
if (enable) {
/* vblank irq on -> Only need vupdate irq in vrr mode */
if (amdgpu_dm_vrr_active(acrtc_state))
--
2.7.4
Powered by blists - more mailing lists