Patch "drm/mediatek: Fix access violation in mtk_drm_crtc_dma_dev_get" has been added to the 6.6-stable tree

<gregkh@xxxxxxxxxxxxxxxxxxx> · Mon, 18 Dec 2023 08:33:27 +0100

This is a note to let you know that I've just added the patch titled

    drm/mediatek: Fix access violation in mtk_drm_crtc_dma_dev_get

to the 6.6-stable tree which can be found at:
    http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary

The filename of the patch is:
     drm-mediatek-fix-access-violation-in-mtk_drm_crtc_dma_dev_get.patch
and it can be found in the queue-6.6 subdirectory.

If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.


>From b6961d187fcd138981b8707dac87b9fcdbfe75d1 Mon Sep 17 00:00:00 2001
From: Stuart Lee <stuart.lee@xxxxxxxxxxxx>
Date: Fri, 10 Nov 2023 09:29:14 +0800
Subject: drm/mediatek: Fix access violation in mtk_drm_crtc_dma_dev_get

From: Stuart Lee <stuart.lee@xxxxxxxxxxxx>

commit b6961d187fcd138981b8707dac87b9fcdbfe75d1 upstream.

Add error handling to check NULL input in
mtk_drm_crtc_dma_dev_get function.

While display path is not configured correctly, none of crtc is
established. So the caller of mtk_drm_crtc_dma_dev_get may pass
input parameter *crtc as NULL, Which may cause coredump when
we try to get the container of NULL pointer.

Fixes: cb1d6bcca542 ("drm/mediatek: Add dma dev get function")
Signed-off-by: Stuart Lee <stuart.lee@xxxxxxxxxxxx>
Cc: stable@xxxxxxxxxxxxxxx
Reviewed-by: AngeloGioacchino DEl Regno <angelogioacchino.delregno@xxxxxxxxxxxxx>
Tested-by: Macpaul Lin <macpaul.lin@xxxxxxxxxxxx>
Link: https://patchwork.kernel.org/project/dri-devel/patch/20231110012914.14884-2-stuart.lee@xxxxxxxxxxxx/
Signed-off-by: Chun-Kuang Hu <chunkuang.hu@xxxxxxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
---
 drivers/gpu/drm/mediatek/mtk_drm_crtc.c |    9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

--- a/drivers/gpu/drm/mediatek/mtk_drm_crtc.c
+++ b/drivers/gpu/drm/mediatek/mtk_drm_crtc.c
@@ -885,7 +885,14 @@ static int mtk_drm_crtc_init_comp_planes
 
 struct device *mtk_drm_crtc_dma_dev_get(struct drm_crtc *crtc)
 {
-	struct mtk_drm_crtc *mtk_crtc = to_mtk_crtc(crtc);
+	struct mtk_drm_crtc *mtk_crtc = NULL;
+
+	if (!crtc)
+		return NULL;
+
+	mtk_crtc = to_mtk_crtc(crtc);
+	if (!mtk_crtc)
+		return NULL;
 
 	return mtk_crtc->dma_dev;
 }


Patches currently in stable-queue which might be from stuart.lee@xxxxxxxxxxxx are

queue-6.6/drm-mediatek-fix-access-violation-in-mtk_drm_crtc_dma_dev_get.patch







