Received: by 2002:a05:6a10:af89:0:0:0:0 with SMTP id iu9csp3589496pxb; Mon, 24 Jan 2022 12:58:31 -0800 (PST) X-Google-Smtp-Source: ABdhPJwCQ1fQnDfqHzNCA/TStXvHnYFTFlKd0ck0MChNatqpDJSuA/rTCLuHMVSwRd4DAbTxm+wT X-Received: by 2002:a17:90b:380f:: with SMTP id mq15mr141591pjb.96.1643057911726; Mon, 24 Jan 2022 12:58:31 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1643057911; cv=none; d=google.com; s=arc-20160816; b=HyZLv9ZLloJ/Rqe0HkoJuhw8PUsHjzHy/luj/Gkq0ASUKhGtzYSvgpI2yW59l1IXdr fBsLUpw8da1U1xSg6c3c93925MqaK4ZMmn061a/nv30Ld9vgFuXjmsW5mMR+Q6HnAp+T naV5whdeA0VlaLwlTn9H3jPjICcwoRF1ZuaEcytS+BULJvCElkgUwQtp0uYYac/saxMU Nh+Pz5xY5O6DRiNd4FJwH+7RImuvz/FtHxRepcezL8jdVKhd69Jj1BtnaPr1qC7ZfmbU r0UWTm7fermNUd7Wezc5RUVkhf/k/uzv8EFd8xuMmiPQfdtERCQKaI56LP7ErZBiwxBD YnKg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=fv8UJ4uqqBOVDmCeXoT6hEGsgfrF9MRW+8h6mo4g1bE=; b=VHRXTKGPftqAqO74NBN/51oelztJ/PDr865LrCJ+BQSky7QBayyTFTp8lorJnGoym9 EIv7kQss4kYCxenA3KYKpI7jkO3p4tsq9borMO7YJyiP3KqsE359unZhTyVmo4UjFSsY D1Hdhie24n6ywFY3R5s8LNc3eSATvNeHsxMzfqBkRWzjiQMB66kkzOghbMpDrTDgoR54 E+ZVMco20q7xEpWs/QlZWCbV1u+N8JHvcnP5ZfnSs7hlJkG45jkXbsKsKzblIwWeHCMC Wn+hBAL13jKGefCfNAKOr6/UDwh8ISufz0CuvHm6Pl21i1HYvNeyjanJ+uuo9nHEyp6A DBAw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=G0WaE1aT; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id t20si14179666pgm.574.2022.01.24.12.58.15; Mon, 24 Jan 2022 12:58:31 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=G0WaE1aT; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1381508AbiAXUVJ (ORCPT + 99 others); Mon, 24 Jan 2022 15:21:09 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:60542 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1354537AbiAXUDK (ORCPT ); Mon, 24 Jan 2022 15:03:10 -0500 Received: from dfw.source.kernel.org (dfw.source.kernel.org [IPv6:2604:1380:4641:c500::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id DB840C068099; Mon, 24 Jan 2022 11:29:09 -0800 (PST) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id 787A06121F; Mon, 24 Jan 2022 19:29:09 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 4C1EFC340E5; Mon, 24 Jan 2022 19:29:08 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1643052548; bh=j9v4ELVvP4tqIhgux2H8+EMhBOnwF6PBYkPSz86upds=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=G0WaE1aTAcgMlTHqJv98wachaC5XXSfBUJpayNXB0bc0jcpDCL+q1uhbPesMALmua WiOXgvM1bOkoBnzFgNIgtDyj+NfKL4KYLVIJ83ulK9vHQ4eLRSTYJQsmmIBAQLZ/1k Loh/pxdXqBuEsaJILT0oIuAb5+JIguuv7mZRjY/E= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Zhou Qingyang , Alex Deucher , Sasha Levin Subject: [PATCH 5.4 063/320] drm/amdgpu: Fix a NULL pointer dereference in amdgpu_connector_lcd_native_mode() Date: Mon, 24 Jan 2022 19:40:47 +0100 Message-Id: <20220124183955.871825060@linuxfoundation.org> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20220124183953.750177707@linuxfoundation.org> References: <20220124183953.750177707@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Zhou Qingyang [ Upstream commit b220110e4cd442156f36e1d9b4914bb9e87b0d00 ] In amdgpu_connector_lcd_native_mode(), the return value of drm_mode_duplicate() is assigned to mode, and there is a dereference of it in amdgpu_connector_lcd_native_mode(), which will lead to a NULL pointer dereference on failure of drm_mode_duplicate(). Fix this bug add a check of mode. This bug was found by a static analyzer. The analysis employs differential checking to identify inconsistent security operations (e.g., checks or kfrees) between two code paths and confirms that the inconsistent operations are not recovered in the current function or the callers, so they constitute bugs. Note that, as a bug found by static analysis, it can be a false positive or hard to trigger. Multiple researchers have cross-reviewed the bug. Builds with CONFIG_DRM_AMDGPU=m show no new warnings, and our static analyzer no longer warns about this code. Fixes: d38ceaf99ed0 ("drm/amdgpu: add core driver (v4)") Signed-off-by: Zhou Qingyang Signed-off-by: Alex Deucher Signed-off-by: Sasha Levin --- drivers/gpu/drm/amd/amdgpu/amdgpu_connectors.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_connectors.c b/drivers/gpu/drm/amd/amdgpu/amdgpu_connectors.c index 0d39e386f6e9c..0e1cacf731698 100644 --- a/drivers/gpu/drm/amd/amdgpu/amdgpu_connectors.c +++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_connectors.c @@ -389,6 +389,9 @@ amdgpu_connector_lcd_native_mode(struct drm_encoder *encoder) native_mode->vdisplay != 0 && native_mode->clock != 0) { mode = drm_mode_duplicate(dev, native_mode); + if (!mode) + return NULL; + mode->type = DRM_MODE_TYPE_PREFERRED | DRM_MODE_TYPE_DRIVER; drm_mode_set_name(mode); @@ -403,6 +406,9 @@ amdgpu_connector_lcd_native_mode(struct drm_encoder *encoder) * simpler. */ mode = drm_cvt_mode(dev, native_mode->hdisplay, native_mode->vdisplay, 60, true, false, false); + if (!mode) + return NULL; + mode->type = DRM_MODE_TYPE_PREFERRED | DRM_MODE_TYPE_DRIVER; DRM_DEBUG_KMS("Adding cvt approximation of native panel mode %s\n", mode->name); } -- 2.34.1