[SRU][J][PATCH 1/2] drm/amd/display: Fix 'panel_cntl' could be null in 'dcn21_set_backlight_level()'

Yo-Jung (Leo) Lin leo.lin at canonical.com
Fri Dec 20 09:30:24 UTC 2024 

From: Srinivasan Shanmugam <srinivasan.shanmugam at amd.com>

'panel_cntl' structure used to control the display panel could be null,
dereferencing it could lead to a null pointer access.

Fixes the below:
drivers/gpu/drm/amd/amdgpu/../display/dc/hwss/dcn21/dcn21_hwseq.c:269 dcn21_set_backlight_level() error: we previously assumed 'panel_cntl' could be null (see line 250)

Fixes: 474ac4a875ca ("drm/amd/display: Implement some asic specific abm call backs.")
Cc: Yongqiang Sun <yongqiang.sun at amd.com>
Cc: Anthony Koo <Anthony.Koo at amd.com>
Cc: Rodrigo Siqueira <Rodrigo.Siqueira at amd.com>
Cc: Aurabindo Pillai <aurabindo.pillai at amd.com>
Signed-off-by: Srinivasan Shanmugam <srinivasan.shanmugam at amd.com>
Reviewed-by: Anthony Koo <Anthony.Koo at amd.com>
Signed-off-by: Alex Deucher <alexander.deucher at amd.com>
(cherry picked from commit e96fddb32931d007db12b1fce9b5e8e4c080401b)
[0xff07: original commit also simplified an outer-most if() now that
 there's an early null check. Ignore that part because that if() hadn't
 appeared here.
 WARNING: Despite being labeled as a fix, this patch DIDN'T fix the CVE
 correctly. Another follow-up patch (drm/amd/display: Fix && vs || typos)
 (17ba9cde11c2) should be applied altogether to fully mitigate this CVE.]
CVE-2024-26662
Signed-off-by: Yo-Jung (Leo) Lin <leo.lin at canonical.com>
---
 drivers/gpu/drm/amd/display/dc/dcn21/dcn21_hwseq.c | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/drivers/gpu/drm/amd/display/dc/dcn21/dcn21_hwseq.c b/drivers/gpu/drm/amd/display/dc/dcn21/dcn21_hwseq.c
index 9c9d492b2229..f48f313dfb4d 100644
--- a/drivers/gpu/drm/amd/display/dc/dcn21/dcn21_hwseq.c
+++ b/drivers/gpu/drm/amd/display/dc/dcn21/dcn21_hwseq.c
@@ -208,8 +208,14 @@ bool dcn21_set_backlight_level(struct pipe_ctx *pipe_ctx,
 	union dmub_rb_cmd cmd;
 	struct dc_context *dc = pipe_ctx->stream->ctx;
 	struct abm *abm = pipe_ctx->stream_res.abm;
-	uint32_t otg_inst = pipe_ctx->stream_res.tg->inst;
+	struct timing_generator *tg = pipe_ctx->stream_res.tg;
 	struct panel_cntl *panel_cntl = pipe_ctx->stream->link->panel_cntl;
+	uint32_t otg_inst;
+
+	if (!abm && !tg && !panel_cntl)
+		return false;
+
+	otg_inst = tg->inst;
 
 	if (dc->dc->res_pool->dmcu) {
 		dce110_set_backlight_level(pipe_ctx, backlight_pwm_u16_16, frame_ramp);
-- 
2.43.0

More information about the kernel-team mailing list