This is a note to let you know that I've just added the patch titled
drm/sysfb: Do not dereference NULL pointer in plane reset
to the 6.17-stable tree which can be found at:
http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary
The filename of the patch is:
drm-sysfb-do-not-dereference-null-pointer-in-plane-reset.patch
and it can be found in the queue-6.17 subdirectory.
If you, or anyone else, feels it should not be added to the stable tree,
please let <[email protected]> know about it.
>From 14e02ed3876f4ab0ed6d3f41972175f8b8df3d70 Mon Sep 17 00:00:00 2001
From: Thomas Zimmermann <[email protected]>
Date: Fri, 17 Oct 2025 11:13:36 +0200
Subject: drm/sysfb: Do not dereference NULL pointer in plane reset
From: Thomas Zimmermann <[email protected]>
commit 14e02ed3876f4ab0ed6d3f41972175f8b8df3d70 upstream.
The plane state in __drm_gem_reset_shadow_plane() can be NULL. Do not
deref that pointer, but forward NULL to the other plane-reset helpers.
Clears plane->state to NULL.
v2:
- fix typo in commit description (Javier)
Signed-off-by: Thomas Zimmermann <[email protected]>
Fixes: b71565022031 ("drm/gem: Export implementation of shadow-plane helpers")
Reported-by: Dan Carpenter <[email protected]>
Closes: https://lore.kernel.org/dri-devel/[email protected]/
Cc: Thomas Zimmermann <[email protected]>
Cc: Melissa Wen <[email protected]>
Cc: Maarten Lankhorst <[email protected]>
Cc: Maxime Ripard <[email protected]>
Cc: David Airlie <[email protected]>
Cc: Simona Vetter <[email protected]>
Cc: [email protected]
Cc: <[email protected]> # v5.15+
Reviewed-by: Javier Martinez Canillas <[email protected]>
Link: https://patch.msgid.link/[email protected]
Signed-off-by: Greg Kroah-Hartman <[email protected]>
---
drivers/gpu/drm/drm_gem_atomic_helper.c | 8 ++++++--
1 file changed, 6 insertions(+), 2 deletions(-)
--- a/drivers/gpu/drm/drm_gem_atomic_helper.c
+++ b/drivers/gpu/drm/drm_gem_atomic_helper.c
@@ -310,8 +310,12 @@ EXPORT_SYMBOL(drm_gem_destroy_shadow_pla
void __drm_gem_reset_shadow_plane(struct drm_plane *plane,
struct drm_shadow_plane_state
*shadow_plane_state)
{
- __drm_atomic_helper_plane_reset(plane, &shadow_plane_state->base);
- drm_format_conv_state_init(&shadow_plane_state->fmtcnv_state);
+ if (shadow_plane_state) {
+ __drm_atomic_helper_plane_reset(plane,
&shadow_plane_state->base);
+ drm_format_conv_state_init(&shadow_plane_state->fmtcnv_state);
+ } else {
+ __drm_atomic_helper_plane_reset(plane, NULL);
+ }
}
EXPORT_SYMBOL(__drm_gem_reset_shadow_plane);
Patches currently in stable-queue which might be from [email protected] are
queue-6.17/drm-ast-clear-preserved-bits-from-register-output-value.patch
queue-6.17/fbcon-set-fb_display-mode-to-null-when-the-mode-is-released.patch
queue-6.17/drm-sysfb-do-not-dereference-null-pointer-in-plane-reset.patch
queue-6.17/fbdev-bitblit-bound-check-glyph-index-in-bit_putcs.patch
