2024-04-13 00:34:52

by Jeff Mahoney

Subject: [PATCH] drm/mst: Fix NULL pointer dereference in drm_dp_add_payload_part2 (again)

Commit 54d217406afe (drm: use mgr->dev in drm_dbg_kms in
drm_dp_add_payload_part2) appears to have been accidentially reverted as
part of commit 5aa1dfcdf0a42 (drm/mst: Refactor the flow for payload
allocation/removement).

I've been seeing NULL pointer dereferences in drm_dp_add_payload_part2
due to state->dev being NULL in the debug message printed if the payload
allocation has failed.

This commit restores mgr->dev to avoid the Oops.

Fixes: 5aa1dfcdf0a42 ("drm/mst: Refactor the flow for payload allocation/removement")
Cc: [email protected]
Signed-off-by: Jeff Mahoney <[email protected]>
---
drivers/gpu/drm/display/drm_dp_mst_topology.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/gpu/drm/display/drm_dp_mst_topology.c b/drivers/gpu/drm/display/drm_dp_mst_topology.c
index 03d528209426..3dc966f25c0c 100644
--- a/drivers/gpu/drm/display/drm_dp_mst_topology.c
+++ b/drivers/gpu/drm/display/drm_dp_mst_topology.c
@@ -3437,7 +3437,7 @@ int drm_dp_add_payload_part2(struct drm_dp_mst_topology_mgr *mgr,

/* Skip failed payloads */
if (payload->payload_allocation_status != DRM_DP_MST_PAYLOAD_ALLOCATION_DFP) {
- drm_dbg_kms(state->dev, "Part 1 of payload creation for %s failed, skipping part 2\n",
+ drm_dbg_kms(mgr->dev, "Part 1 of payload creation for %s failed, skipping part 2\n",
payload->port->connector->name);
return -EIO;
}
--
2.44.0

2024-04-13 01:03:48

by Jeff Mahoney

Subject: Re: [PATCH] drm/mst: Fix NULL pointer dereference in drm_dp_add_payload_part2 (again)

As a follow up, I read through the original thread before sending this
and my understanding is that this message probably shouldn't be getting
printed in the first place. I've turned on KMS, ATOMIC, STATE, and DP
debugging to see what shakes out. I have a KVM on my desk that I use to
switch between systems fairly frequently. I'm speculating that the
connecting and disconnecting is related, so I'm hopeful I can trigger it
quickly.

-Jeff

On 4/12/24 20:22, Jeff Mahoney wrote:
> Commit 54d217406afe (drm: use mgr->dev in drm_dbg_kms in
> drm_dp_add_payload_part2) appears to have been accidentially reverted as
> part of commit 5aa1dfcdf0a42 (drm/mst: Refactor the flow for payload
> allocation/removement).
>
> I've been seeing NULL pointer dereferences in drm_dp_add_payload_part2
> due to state->dev being NULL in the debug message printed if the payload
> allocation has failed.
>
> This commit restores mgr->dev to avoid the Oops.
>
> Fixes: 5aa1dfcdf0a42 ("drm/mst: Refactor the flow for payload allocation/removement")
> Cc: [email protected]
> Signed-off-by: Jeff Mahoney <[email protected]>
> ---
> drivers/gpu/drm/display/drm_dp_mst_topology.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/drivers/gpu/drm/display/drm_dp_mst_topology.c b/drivers/gpu/drm/display/drm_dp_mst_topology.c
> index 03d528209426..3dc966f25c0c 100644
> --- a/drivers/gpu/drm/display/drm_dp_mst_topology.c
> +++ b/drivers/gpu/drm/display/drm_dp_mst_topology.c
> @@ -3437,7 +3437,7 @@ int drm_dp_add_payload_part2(struct drm_dp_mst_topology_mgr *mgr,
>
> /* Skip failed payloads */
> if (payload->payload_allocation_status != DRM_DP_MST_PAYLOAD_ALLOCATION_DFP) {
> - drm_dbg_kms(state->dev, "Part 1 of payload creation for %s failed, skipping part 2\n",
> + drm_dbg_kms(mgr->dev, "Part 1 of payload creation for %s failed, skipping part 2\n",
> payload->port->connector->name);
> return -EIO;
> }

--
Jeff Mahoney
VP Engineering, Linux Systems

2024-04-15 02:53:37

by Lin, Wayne

Subject: Re: [PATCH] drm/mst: Fix NULL pointer dereference in drm_dp_add_payload_part2 (again)

[Public]

Hi Jeff,

I have a patch sent for this before but not yet get reviewed. Will ping again.
https://patchwork.freedesktop.org/series/130852/

Thanks!

Regards,
Wayne

________________________________________
From: Jeff Mahoney <[email protected]>
Sent: Saturday, April 13, 2024 08:57
To: Lin, Wayne; [email protected]
Cc: [email protected]; David Airlie; Daniel Vetter; [email protected]
Subject: Re: [PATCH] drm/mst: Fix NULL pointer dereference in drm_dp_add_payload_part2 (again)

As a follow up, I read through the original thread before sending this
and my understanding is that this message probably shouldn't be getting
printed in the first place. I've turned on KMS, ATOMIC, STATE, and DP
debugging to see what shakes out. I have a KVM on my desk that I use to
switch between systems fairly frequently. I'm speculating that the
connecting and disconnecting is related, so I'm hopeful I can trigger it
quickly.

-Jeff

On 4/12/24 20:22, Jeff Mahoney wrote:
> Commit 54d217406afe (drm: use mgr->dev in drm_dbg_kms in
> drm_dp_add_payload_part2) appears to have been accidentially reverted as
> part of commit 5aa1dfcdf0a42 (drm/mst: Refactor the flow for payload
> allocation/removement).
>
> I've been seeing NULL pointer dereferences in drm_dp_add_payload_part2
> due to state->dev being NULL in the debug message printed if the payload
> allocation has failed.
>
> This commit restores mgr->dev to avoid the Oops.
>
> Fixes: 5aa1dfcdf0a42 ("drm/mst: Refactor the flow for payload allocation/removement")
> Cc: [email protected]
> Signed-off-by: Jeff Mahoney <[email protected]>
> ---
> drivers/gpu/drm/display/drm_dp_mst_topology.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/drivers/gpu/drm/display/drm_dp_mst_topology.c b/drivers/gpu/drm/display/drm_dp_mst_topology.c
> index 03d528209426..3dc966f25c0c 100644
> --- a/drivers/gpu/drm/display/drm_dp_mst_topology.c
> +++ b/drivers/gpu/drm/display/drm_dp_mst_topology.c
> @@ -3437,7 +3437,7 @@ int drm_dp_add_payload_part2(struct drm_dp_mst_topology_mgr *mgr,
>
> /* Skip failed payloads */
> if (payload->payload_allocation_status != DRM_DP_MST_PAYLOAD_ALLOCATION_DFP) {
> - drm_dbg_kms(state->dev, "Part 1 of payload creation for %s failed, skipping part 2\n",
> + drm_dbg_kms(mgr->dev, "Part 1 of payload creation for %s failed, skipping part 2\n",
> payload->port->connector->name);
> return -EIO;
> }

--
Jeff Mahoney
VP Engineering, Linux Systems