| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20250729114924.138111-1-d.dulov@aladdin.ru>
Date: Tue, 29 Jul 2025 14:49:24 +0300
From: Daniil Dulov <d.dulov@...ddin.ru>
To: <stable@...r.kernel.org>, Greg Kroah-Hartman <gregkh@...uxfoundation.org>
CC: Daniil Dulov <d.dulov@...ddin.ru>, Harry Wentland
<harry.wentland@....com>, Leo Li <sunpeng.li@....com>, Rodrigo Siqueira
<siqueira@...lia.com>, Alex Deucher <alexander.deucher@....com>,
Christian König <christian.koenig@....com>, David Airlie
<airlied@...il.com>, Simona Vetter <simona@...ll.ch>,
<amd-gfx@...ts.freedesktop.org>, <dri-devel@...ts.freedesktop.org>,
<linux-kernel@...r.kernel.org>, <lvc-project@...uxtesting.org>, Tom Chung
<chiahsuan.chung@....com>, Rodrigo Siqueira <Rodrigo.Siqueira@....com>,
"Roman Li" <roman.li@....com>, Alex Hung <alex.hung@....com>, Aurabindo
Pillai <aurabindo.pillai@....com>, Hamza Mahfooz <hamza.mahfooz@....com>,
"Srinivasan Shanmugam" <srinivasan.shanmugam@....com>
Subject: [PATCH 6.1/6.6] drm/amd/display: Add null check for head_pipe in dcn32_acquire_idle_pipe_for_head_pipe_in_layer
From: Srinivasan Shanmugam <srinivasan.shanmugam@....com>
commit ac2140449184a26eac99585b7f69814bd3ba8f2d upstream.
This commit addresses a potential null pointer dereference issue in the
`dcn32_acquire_idle_pipe_for_head_pipe_in_layer` function. The issue
could occur when `head_pipe` is null.
The fix adds a check to ensure `head_pipe` is not null before asserting
it. If `head_pipe` is null, the function returns NULL to prevent a
potential null pointer dereference.
Reported by smatch:
drivers/gpu/drm/amd/amdgpu/../display/dc/resource/dcn32/dcn32_resource.c:2690 dcn32_acquire_idle_pipe_for_head_pipe_in_layer() error: we previously assumed 'head_pipe' could be null (see line 2681)
Cc: Tom Chung <chiahsuan.chung@....com>
Cc: Rodrigo Siqueira <Rodrigo.Siqueira@....com>
Cc: Roman Li <roman.li@....com>
Cc: Alex Hung <alex.hung@....com>
Cc: Aurabindo Pillai <aurabindo.pillai@....com>
Cc: Harry Wentland <harry.wentland@....com>
Cc: Hamza Mahfooz <hamza.mahfooz@....com>
Signed-off-by: Srinivasan Shanmugam <srinivasan.shanmugam@....com>
Reviewed-by: Tom Chung <chiahsuan.chung@....com>
Signed-off-by: Alex Deucher <alexander.deucher@....com>
[ Daniil: dcn32 was moved from drivers/gpu/drm/amd/display/dc to
drivers/gpu/drm/amd/display/dc/resource since commit
8b8eed05a1c6 ("drm/amd/display: Refactor resource into component directory").
The path is changed accordingly to apply the patch on 6.1.y. and 6.6.y ]
Signed-off-by: Daniil Dulov <d.dulov@...ddin.ru>
---
Backport fix for CVE-2024-49918
drivers/gpu/drm/amd/display/dc/dcn32/dcn32_resource.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/drivers/gpu/drm/amd/display/dc/dcn32/dcn32_resource.c b/drivers/gpu/drm/amd/display/dc/dcn32/dcn32_resource.c
index 1b1534ffee9f..591c3166a468 100644
--- a/drivers/gpu/drm/amd/display/dc/dcn32/dcn32_resource.c
+++ b/drivers/gpu/drm/amd/display/dc/dcn32/dcn32_resource.c
@@ -2563,8 +2563,10 @@ struct pipe_ctx *dcn32_acquire_idle_pipe_for_head_pipe_in_layer(
struct resource_context *old_ctx = &stream->ctx->dc->current_state->res_ctx;
int head_index;
- if (!head_pipe)
+ if (!head_pipe) {
ASSERT(0);
+ return NULL;
+ }
/*
* Modified from dcn20_acquire_idle_pipe_for_layer
--
2.34.1
Powered by blists - more mailing lists