[PATCH 1/2] drm/amd/display: Fix 'panel_cntl' could be null in 'dcn21_set_backlight_level()'

Yo-Jung (Leo) Lin leo.lin at canonical.com
Fri Dec 20 08:55:52 UTC 2024 

On Thu, Dec 19, 2024 at 3:59 PM Yo-Jung (Leo) Lin <leo.lin at canonical.com> wrote:
>
> From: Srinivasan Shanmugam <srinivasan.shanmugam at amd.com>
>
> 'panel_cntl' structure used to control the display panel could be null,
> dereferencing it could lead to a null pointer access.
>
> Fixes the below:
> drivers/gpu/drm/amd/amdgpu/../display/dc/hwss/dcn21/dcn21_hwseq.c:269 dcn21_set_backlight_level() error: we previously assumed 'panel_cntl' could be null (see line 250)
>
> Fixes: 474ac4a875ca ("drm/amd/display: Implement some asic specific abm call backs.")
> Cc: Yongqiang Sun <yongqiang.sun at amd.com>
> Cc: Anthony Koo <Anthony.Koo at amd.com>
> Cc: Rodrigo Siqueira <Rodrigo.Siqueira at amd.com>
> Cc: Aurabindo Pillai <aurabindo.pillai at amd.com>
> Signed-off-by: Srinivasan Shanmugam <srinivasan.shanmugam at amd.com>
> Reviewed-by: Anthony Koo <Anthony.Koo at amd.com>
> Signed-off-by: Alex Deucher <alexander.deucher at amd.com>
> (cherry picked from commit e96fddb32931d007db12b1fce9b5e8e4c080401b)
> [0xff07: original commit also simplified an outer-most if() now that
>  there's an early null check. Ignore that part because that if() hadn't
>  appeared here.
>  WARNING: Despite being labeled as a fix, this patch DIDN'T fix the CVE
>  correctly. Another follow-up patch (drm/amd/display: Fix && vs || typos)
>  (17ba9cde11c2) should be applied altogether to fully mitigate this CVE.]
> CVE-2024-26662
> Signed-off-by: Yo-Jung (Leo) Lin <leo.lin at canonical.com>
> ---
>  drivers/gpu/drm/amd/display/dc/dcn21/dcn21_hwseq.c | 8 +++++++-
>  1 file changed, 7 insertions(+), 1 deletion(-)
>
> diff --git a/drivers/gpu/drm/amd/display/dc/dcn21/dcn21_hwseq.c b/drivers/gpu/drm/amd/display/dc/dcn21/dcn21_hwseq.c
> index 9c9d492b2229..f48f313dfb4d 100644
> --- a/drivers/gpu/drm/amd/display/dc/dcn21/dcn21_hwseq.c
> +++ b/drivers/gpu/drm/amd/display/dc/dcn21/dcn21_hwseq.c
> @@ -208,8 +208,14 @@ bool dcn21_set_backlight_level(struct pipe_ctx *pipe_ctx,
>         union dmub_rb_cmd cmd;
>         struct dc_context *dc = pipe_ctx->stream->ctx;
>         struct abm *abm = pipe_ctx->stream_res.abm;
> -       uint32_t otg_inst = pipe_ctx->stream_res.tg->inst;
> +       struct timing_generator *tg = pipe_ctx->stream_res.tg;
>         struct panel_cntl *panel_cntl = pipe_ctx->stream->link->panel_cntl;
> +       uint32_t otg_inst;
> +
> +       if (!abm && !tg && !panel_cntl)
> +               return false;
> +
> +       otg_inst = tg->inst;
>
>         if (dc->dc->res_pool->dmcu) {
>                 dce110_set_backlight_level(pipe_ctx, backlight_pwm_u16_16, frame_ramp);
> --
> 2.43.0
>
>
> --
> kernel-team mailing list
> kernel-team at lists.ubuntu.com
> https://lists.ubuntu.com/mailman/listinfo/kernel-team

NACK. Missing [SRU][J]

More information about the kernel-team mailing list