Re: [PATCH] drm/amd/display: Add NULL check for 'afb' before dereferencing in amdgpu_dm_plane_handle_cursor_update

Harry Wentland <harry.wentland@xxxxxxx> · Wed, 5 Jun 2024 11:56:32 -0400



On 2024-06-05 11:46, Srinivasan Shanmugam wrote:
> This commit adds a null check for the 'afb' variable in the
> amdgpu_dm_plane_handle_cursor_update function. Previously, 'afb' was
> assumed to be null, but was used later in the code without a null check.
> This could potentially lead to a null pointer dereference.
> 
> Fixes the below:
> drivers/gpu/drm/amd/amdgpu/../display/amdgpu_dm/amdgpu_dm_plane.c:1298 amdgpu_dm_plane_handle_cursor_update() error: we previously assumed 'afb' could be null (see line 1252)
> 
> Cc: Tom Chung <chiahsuan.chung@xxxxxxx>
> Cc: Rodrigo Siqueira <Rodrigo.Siqueira@xxxxxxx>
> Cc: Roman Li <roman.li@xxxxxxx>
> Cc: Hersen Wu <hersenxs.wu@xxxxxxx>
> Cc: Alex Hung <alex.hung@xxxxxxx>
> Cc: Aurabindo Pillai <aurabindo.pillai@xxxxxxx>
> Cc: Harry Wentland <harry.wentland@xxxxxxx>
> Signed-off-by: Srinivasan Shanmugam <srinivasan.shanmugam@xxxxxxx>

Reviewed-by: Harry Wentland <harry.wentland@xxxxxxx>

Harry

> ---
>  .../drm/amd/display/amdgpu_dm/amdgpu_dm_plane.c  | 16 ++++++++++++----
>  1 file changed, 12 insertions(+), 4 deletions(-)
> 
> diff --git a/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_plane.c b/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_plane.c
> index a64f20fcddaa..b339642b86c0 100644
> --- a/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_plane.c
> +++ b/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_plane.c
> @@ -1246,14 +1246,22 @@ void amdgpu_dm_plane_handle_cursor_update(struct drm_plane *plane,
>  {
>  	struct amdgpu_device *adev = drm_to_adev(plane->dev);
>  	struct amdgpu_framebuffer *afb = to_amdgpu_framebuffer(plane->state->fb);
> -	struct drm_crtc *crtc = afb ? plane->state->crtc : old_plane_state->crtc;
> -	struct dm_crtc_state *crtc_state = crtc ? to_dm_crtc_state(crtc->state) : NULL;
> -	struct amdgpu_crtc *amdgpu_crtc = to_amdgpu_crtc(crtc);
> -	uint64_t address = afb ? afb->address : 0;
> +	struct drm_crtc *crtc;
> +	struct dm_crtc_state *crtc_state;
> +	struct amdgpu_crtc *amdgpu_crtc;
> +	u64 address;
>  	struct dc_cursor_position position = {0};
>  	struct dc_cursor_attributes attributes;
>  	int ret;
>  
> +	if (!afb)
> +		return;
> +
> +	crtc = plane->state->crtc ? plane->state->crtc : old_plane_state->crtc;
> +	crtc_state = crtc ? to_dm_crtc_state(crtc->state) : NULL;
> +	amdgpu_crtc = to_amdgpu_crtc(crtc);
> +	address = afb->address;
> +
>  	if (!plane->state->fb && !old_plane_state->fb)
>  		return;
>