This commit adds a null check for the dm_state variable in the
create_validate_stream_for_sink function. Previously, dm_state was being
checked for nullity at line 7194, but then it was being dereferenced
without any nullity check at line 7200. This could potentially lead to a
null pointer dereference error if dm_state is indeed null.
we now ensure that dm_state is not null before dereferencing it. We do
this by adding a nullity check for dm_state before the call to
create_stream_for_sink at line 7200. If dm_state is null, we log an
error message and return NULL immediately.
This fix prevents a null pointer dereference error.
drivers/gpu/drm/amd/amdgpu/../display/amdgpu_dm/amdgpu_dm.c:7201
create_validate_stream_for_sink()
error: we previously assumed 'dm_state' could be null (see line 7194)
drivers/gpu/drm/amd/amdgpu/../display/amdgpu_dm/amdgpu_dm.c
7185 struct dc_stream_state *
7186 create_validate_stream_for_sink(struct amdgpu_dm_connector *aconnector,
7187 const struct drm_display_mode
*drm_mode,
7188 const struct dm_connector_state
*dm_state,
7189 const struct dc_stream_state
*old_stream)
7190 {
7191 struct drm_connector *connector = &aconnector->base;
7192 struct amdgpu_device *adev = drm_to_adev(connector->dev);
7193 struct dc_stream_state *stream;
7194 const struct drm_connector_state *drm_state = dm_state ?
&dm_state->base : NULL;
^^^^^^^^
^^^^^^^^^ This used check connector->state
but then we changed it to dm_state instead
7195 int requested_bpc = drm_state ? drm_state->max_requested_bpc :
8;
7196 enum dc_status dc_result = DC_OK;
7197
7198 do {
7199 stream = create_stream_for_sink(connector, drm_mode,
7200 dm_state, old_stream,
^^^^^^^^
But dm_state is dereferenced on the next line without checking. (Presumably
the NULL check can be removed).
--> 7201 requested_bpc);
7202 if (stream == NULL) {
7203 DRM_ERROR("Failed to create stream for
sink!\n");
7204 break;
7205 }
7206
7207 if (aconnector->base.connector_type ==
DRM_MODE_CONNECTOR_WRITEBACK)
Fixes: fa7041d9d2fc ("drm/amd/display: Fix ineffective setting of max bpc
property")
Reported-by: Dan Carpenter <[email protected]>
Cc: Tom Chung <[email protected]>
Cc: Rodrigo Siqueira <[email protected]>
Cc: Roman Li <[email protected]>
Cc: Hersen Wu <[email protected]>
Cc: Alex Hung <[email protected]>
Cc: Aurabindo Pillai <[email protected]>
Cc: Harry Wentland <[email protected]>
Cc: Hamza Mahfooz <[email protected]>
Signed-off-by: Srinivasan Shanmugam <[email protected]>
---
drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c
b/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c
index d1527c2e46a1..b7eaece455c8 100644
--- a/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c
+++ b/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c
@@ -7195,6 +7195,11 @@ create_validate_stream_for_sink(struct
amdgpu_dm_connector *aconnector,
int requested_bpc = drm_state ? drm_state->max_requested_bpc : 8;
enum dc_status dc_result = DC_OK;
+ if (!dm_state) {
+ DRM_ERROR("dm_state is NULL!\n");
+ return NULL;
+ }
+
do {
stream = create_stream_for_sink(connector, drm_mode,
dm_state, old_stream,
--
2.34.1
