Received: by 2002:ab2:69cc:0:b0:1f4:be93:e15a with SMTP id n12csp2066418lqp; Tue, 16 Apr 2024 06:35:32 -0700 (PDT) X-Forwarded-Encrypted: i=3; AJvYcCVkvjUOSxqe3m17Z4AataFyBDsXXMOYE+X6q9Zd5EBpp7/h1v+mY7lNhmoEph5RKf9uFdgbeope57KGhrE6bkD0HiH+1CyheifzENRqow== X-Google-Smtp-Source: AGHT+IFMJAFb/tT3JTVDgMKe067Pe1KLy5fwsCDRYzJfkaM67qX0fF+NDfCAS+W834ZjGtSpFzZM X-Received: by 2002:a17:906:2448:b0:a52:6ba1:af45 with SMTP id a8-20020a170906244800b00a526ba1af45mr3320550ejb.35.1713274532769; Tue, 16 Apr 2024 06:35:32 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1713274532; cv=pass; d=google.com; s=arc-20160816; b=w4RYVRfaZp8lHXzeePhXQTDRrimQPm3hejibsQ/8QJ8B58mIdQaL5PkI4TI6OLrIUD mcjfYqLWzV9t4BYb0XdNh7W3S4qbIht8Ca3xNU/J9aIyrVEvD/1skNRas5IqIQ8PHlTi G2/dblx0RDFCcMZK570/RtzW1zesxC7bFxZfc5UeoL9Z+/ZLDn1tw+0Es+TBNZ2j8Sqp zGuBoSuLfT9UZYG8SdNkoIi3FN1arFxVqaNx+gu8YvD/Cje7tBb9GkH+r83GpnNBZo3H k4YnCmFHfOMfSawpMitcuRzb7vmKTzhyB1o7xemoLqMOqbkEs3TgcRlm92ItQ+Wm8+H9 jZlQ== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:list-unsubscribe:list-subscribe :list-id:precedence:dkim-signature; bh=4LteBvnmINCe/TvbR9lxr7dozRvUqdJKqsF4BnfjhfM=; fh=o9dSlFKhr4ZTR9VTmP0a4YzEktsQ9zAVVjIttw20LHc=; b=hzjNf+mo+217kR+ymd3/0vt1BaF0EZwbSagkqv+2mOaIp2viI9I6uNi2NAcZD1e+Oh R4U6wl5lieVJmGI25eSlNxocqoAxBOZKlAY0t1bOt8URihHBxl66JdstMKH+uFDrXYGE Zw1Pwf85e004ni9TCANTg25GqSh1RfGPYj9Q3DeaqBpyScjAwTQf5vRsygJEc+ktsfIb HvSQXK5HH0bjtwHaCGsDy0KmaZ2y/rEokjKTtoMWrSpKLXRNpHLXfWLqgI8jqUB948fM hO1HPgC8fo6OlTJHTGqniJWJ+MY7RAry0z3LGJGIhIayBR3H9c6U9U3ax02XCZ8A8Bmh inHQ==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=AduxKibg; arc=pass (i=1 dkim=pass dkdomain=kernel.org); spf=pass (google.com: domain of linux-kernel+bounces-146895-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.80.249 as permitted sender) smtp.mailfrom="linux-kernel+bounces-146895-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from am.mirrors.kernel.org (am.mirrors.kernel.org. [147.75.80.249]) by mx.google.com with ESMTPS id y15-20020a1709063a8f00b00a526fdf330asi1813640ejd.562.2024.04.16.06.35.32 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 16 Apr 2024 06:35:32 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel+bounces-146895-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.80.249 as permitted sender) client-ip=147.75.80.249; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=AduxKibg; arc=pass (i=1 dkim=pass dkdomain=kernel.org); spf=pass (google.com: domain of linux-kernel+bounces-146895-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.80.249 as permitted sender) smtp.mailfrom="linux-kernel+bounces-146895-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by am.mirrors.kernel.org (Postfix) with ESMTPS id 652421F21897 for ; Tue, 16 Apr 2024 13:35:32 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 7154812D74D; Tue, 16 Apr 2024 13:33:51 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="AduxKibg" Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 9C38212C49A for ; Tue, 16 Apr 2024 13:33:50 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1713274430; cv=none; b=UpP+jnAimcdRslAmQgDU4hvXwVG2ZUPvMNrW50s2qGy+vh+RMhbwUOv99k/XERb/EkpR3D9rrNZEEVK98LRlIGdPNRTKRGCARzJbI1ysQtEQwftF2hBkQf6SpeWT/lKHiQtjWG/Bb2YFo2zIqXxbp73KFQD+dhDnLur1neDnkZ8= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1713274430; c=relaxed/simple; bh=y44+MXwINffl7FTl3NXZCF8gOj5eIknEcj0Cw0D79Fw=; h=MIME-Version:References:In-Reply-To:From:Date:Message-ID:Subject: To:Cc:Content-Type; b=YBMJ5McgcRMJ5kpXxXLrfI17zJG80JRmaRYoy3Z9vnUxbM9rT+0Ojnyeqd1LodQYNU9Cyjl/sjdnv3h9NptbnbXFXhOkZm8BFRAS4ASNm5043jpDbua5zB0Kqk8tOtcUf1ZIO6MPPIdv+ey1+nKlPXd5t2LM066ZKeJ6i2fTgc4= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=AduxKibg; arc=none smtp.client-ip=10.30.226.201 Received: by smtp.kernel.org (Postfix) with ESMTPSA id 2AA28C2BD11 for ; Tue, 16 Apr 2024 13:33:50 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1713274430; bh=y44+MXwINffl7FTl3NXZCF8gOj5eIknEcj0Cw0D79Fw=; h=References:In-Reply-To:From:Date:Subject:To:Cc:From; b=AduxKibg/vDcJqZusYFbU/zYf17VVlXSEFHn3n7QO/hCx88Ljde5kSw+tNICWDatO WmUe/X8pXd56vuO4c4NJE1vMjbcKr8U7jAIP/TomPMRWpK8CXnF9qxodnm3ur9Es9u H7WJyeDxrgks62NFh0ITi1mbvxsLomydGOle69YtFNokanT2uO//ukWLqTncHJuohQ fwM+sfVlGzrc7TcZN0NxDsJjtkcJBqOxQ7wTWuvq4rD1X3++4xy0zlGizYwQ66C3e2 wyUyWQ5oBRXvNFlVO43OaiWbNcOes7TPP25yYojZ6E/VNZzKAl/A+hznbZ6QHF32v/ XYezOy3HXHjMw== Received: by mail-ot1-f41.google.com with SMTP id 46e09a7af769-6eb77e56b20so1908071a34.3 for ; Tue, 16 Apr 2024 06:33:50 -0700 (PDT) X-Forwarded-Encrypted: i=1; AJvYcCVkrUEPoOWlRkWhP52oPv4z9CU421K88bb1SCMMcGEQGt/66fndOGZwMaSg5JLfSSHVPS0qGkqvc4LGdJgEldGs9vn1iTybVLMjPEJl X-Gm-Message-State: AOJu0YyrWoZJkndrqp3vQeCMwoE0sqVKGkvCb9EYsUWt2BpIN8PKQIbi L5u1hokE6LSwy0Wba9K/swD5Wr+mOJayWv6M+CKtCeySh0DsdtFlrZTyZRs9jbik5VuMPpftyOQ RfzoOTBkF8wKbQxyZ12GXYFG9hNgLRfkk0IYggA== X-Received: by 2002:a25:c54f:0:b0:dd9:20d6:fd2 with SMTP id v76-20020a25c54f000000b00dd920d60fd2mr10893104ybe.27.1713274409056; Tue, 16 Apr 2024 06:33:29 -0700 (PDT) Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 References: <20240412083532.11540-1-amishin@t-argos.ru> In-Reply-To: <20240412083532.11540-1-amishin@t-argos.ru> From: Robert Foss Date: Tue, 16 Apr 2024 15:33:18 +0200 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: [PATCH v2] drm: bridge: cdns-mhdp8546: Fix possible null pointer dereference To: Aleksandr Mishin Cc: Swapnil Jakhade , Andrzej Hajda , Neil Armstrong , Laurent Pinchart , Jonas Karlman , Jernej Skrabec , Maarten Lankhorst , Maxime Ripard , Thomas Zimmermann , David Airlie , Daniel Vetter , Tomi Valkeinen , =?UTF-8?Q?Uwe_Kleine=2DK=C3=B6nig?= , Nikhil Devshatwar , Aradhya Bhatia , Jani Nikula , Rob Herring , Zhu Wang , Yuti Amonkar , Jyri Sarha , Quentin Schulz , dri-devel@lists.freedesktop.org, linux-kernel@vger.kernel.org, lvc-project@linuxtesting.org Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Hey Aleksandr, On Fri, Apr 12, 2024 at 10:40=E2=80=AFAM Aleksandr Mishin wrote: > > In cdns_mhdp_atomic_enable(), the return value of drm_mode_duplicate() is > assigned to mhdp_state->current_mode, and there is a dereference of it in > drm_mode_set_name(), which will lead to a NULL pointer dereference on > failure of drm_mode_duplicate(). > > Fix this bug by adding a check of mhdp_state->current_mode. > > Fixes: fb43aa0acdfd ("drm: bridge: Add support for Cadence MHDP8546 DPI/D= P bridge") > Signed-off-by: Aleksandr Mishin > --- > v2: Fix a mistake where the mutex remained locked > > drivers/gpu/drm/bridge/cadence/cdns-mhdp8546-core.c | 5 +++++ > 1 file changed, 5 insertions(+) > > diff --git a/drivers/gpu/drm/bridge/cadence/cdns-mhdp8546-core.c b/driver= s/gpu/drm/bridge/cadence/cdns-mhdp8546-core.c > index e226acc5c15e..5b831d6d7764 100644 > --- a/drivers/gpu/drm/bridge/cadence/cdns-mhdp8546-core.c > +++ b/drivers/gpu/drm/bridge/cadence/cdns-mhdp8546-core.c > @@ -2059,6 +2059,11 @@ static void cdns_mhdp_atomic_enable(struct drm_bri= dge *bridge, > mhdp_state =3D to_cdns_mhdp_bridge_state(new_state); > > mhdp_state->current_mode =3D drm_mode_duplicate(bridge->dev, mode= ); > + if (!mhdp_state->current_mode) { > + ret =3D -EINVAL; > + goto out; > + } > + This chunk no longer applies on drm-misc-next. I think the approach here is still better than what is in drm-misc-next since it unlocks link_mutex. Can you rebase + reword the commit message and send that out as v3? > drm_mode_set_name(mhdp_state->current_mode); > > dev_dbg(mhdp->dev, "%s: Enabling mode %s\n", __func__, mode->name= ); > -- > 2.30.2 >