Patch "drm/rockchip: vop2: Don't crash for invalid duplicate_state" has been added to the 6.5-stable tree

Sasha Levin <sashal@xxxxxxxxxx> · Fri, 10 Nov 2023 13:28:11 -0500

This is a note to let you know that I've just added the patch titled

    drm/rockchip: vop2: Don't crash for invalid duplicate_state

to the 6.5-stable tree which can be found at:
    http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary

The filename of the patch is:
     drm-rockchip-vop2-don-t-crash-for-invalid-duplicate_.patch
and it can be found in the queue-6.5 subdirectory.

If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.



commit bda8a7e03245e1c2a1193bf6e1f5aa0697aa08e8
Author: Jonas Karlman <jonas@xxxxxxxxx>
Date:   Wed Jun 21 22:33:21 2023 +0000

    drm/rockchip: vop2: Don't crash for invalid duplicate_state
    
    [ Upstream commit 342f7e4967d02b0ec263b15916304fc54841b608 ]
    
    It's possible for users to try to duplicate the CRTC state even when the
    state doesn't exist. drm_atomic_helper_crtc_duplicate_state() (and other
    users of __drm_atomic_helper_crtc_duplicate_state()) already guard this
    with a WARN_ON() instead of crashing, so let's do that here too.
    
    Fixes: 604be85547ce ("drm/rockchip: Add VOP2 driver")
    Signed-off-by: Jonas Karlman <jonas@xxxxxxxxx>
    Reviewed-by: Sascha Hauer <s.hauer@xxxxxxxxxxxxxx>
    Signed-off-by: Heiko Stuebner <heiko@xxxxxxxxx>
    Link: https://patchwork.freedesktop.org/patch/msgid/20230621223311.2239547-5-jonas@xxxxxxxxx
    Signed-off-by: Sasha Levin <sashal@xxxxxxxxxx>

diff --git a/drivers/gpu/drm/rockchip/rockchip_drm_vop2.c b/drivers/gpu/drm/rockchip/rockchip_drm_vop2.c
index ca73b8ccc29f4..f725487d02ef3 100644
--- a/drivers/gpu/drm/rockchip/rockchip_drm_vop2.c
+++ b/drivers/gpu/drm/rockchip/rockchip_drm_vop2.c
@@ -2099,11 +2099,13 @@ static void vop2_crtc_reset(struct drm_crtc *crtc)
 
 static struct drm_crtc_state *vop2_crtc_duplicate_state(struct drm_crtc *crtc)
 {
-	struct rockchip_crtc_state *vcstate, *old_vcstate;
+	struct rockchip_crtc_state *vcstate;
 
-	old_vcstate = to_rockchip_crtc_state(crtc->state);
+	if (WARN_ON(!crtc->state))
+		return NULL;
 
-	vcstate = kmemdup(old_vcstate, sizeof(*old_vcstate), GFP_KERNEL);
+	vcstate = kmemdup(to_rockchip_crtc_state(crtc->state),
+			  sizeof(*vcstate), GFP_KERNEL);
 	if (!vcstate)
 		return NULL;
 






