Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

drm/amd/display: Avoid NULL dereference in dc_dmub_srv error paths

In dc_dmub_srv_log_diagnostic_data() and
dc_dmub_srv_enable_dpia_trace().

Both functions check:

if (!dc_dmub_srv || !dc_dmub_srv->dmub)

and then call DC_LOG_ERROR() inside that block.

DC_LOG_ERROR() uses dc_dmub_srv->ctx internally. So if
dc_dmub_srv is NULL, the logging itself can dereference a
NULL pointer and cause a crash.

Fix this by splitting the checks.

First check if dc_dmub_srv is NULL and return immediately.
Then check dc_dmub_srv->dmub and log the error only when
dc_dmub_srv is valid.

Fixes the below:
../display/dc/dc_dmub_srv.c:962 dc_dmub_srv_log_diagnostic_data() error: we previously assumed 'dc_dmub_srv' could be null (see line 961)
../display/dc/dc_dmub_srv.c:1167 dc_dmub_srv_enable_dpia_trace() error: we previously assumed 'dc_dmub_srv' could be null (see line 1166)

Fixes: 2631ac1ac328 ("drm/amd/display: add DMUB registers to crash dump diagnostic data.")
Fixes: 71ba6b577a35 ("drm/amd/display: Add interface to enable DPIA trace")
Cc: Roman Li <roman.li@amd.com>
Cc: Alex Hung <alex.hung@amd.com>
Cc: Tom Chung <chiahsuan.chung@amd.com>
Cc: Dan Carpenter <dan.carpenter@linaro.org>
Cc: Aurabindo Pillai <aurabindo.pillai@amd.com>
Signed-off-by: Srinivasan Shanmugam <srinivasan.shanmugam@amd.com>
Reviewed-by: Alex Hung <alex.hung@amd.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>

authored by

Srinivasan Shanmugam and committed by
Alex Deucher
4ae3e16f 1f991ceb

+8 -2
+8 -2
drivers/gpu/drm/amd/display/dc/dc_dmub_srv.c
··· 958 958 { 959 959 uint32_t i; 960 960 961 - if (!dc_dmub_srv || !dc_dmub_srv->dmub) { 961 + if (!dc_dmub_srv) 962 + return; 963 + 964 + if (!dc_dmub_srv->dmub) { 962 965 DC_LOG_ERROR("%s: invalid parameters.", __func__); 963 966 return; 964 967 } ··· 1166 1163 { 1167 1164 struct dc_dmub_srv *dc_dmub_srv = dc->ctx->dmub_srv; 1168 1165 1169 - if (!dc_dmub_srv || !dc_dmub_srv->dmub) { 1166 + if (!dc_dmub_srv) 1167 + return; 1168 + 1169 + if (!dc_dmub_srv->dmub) { 1170 1170 DC_LOG_ERROR("%s: invalid parameters.", __func__); 1171 1171 return; 1172 1172 }