[AMD Official Use Only - Internal Distribution Only] Thanks for the catch, Reviewed-by: Mikita Lipski <Mikita.Lipski@xxxxxxx> From: Wayne Lin <Wayne.Lin@xxxxxxx> Sent: Wednesday, December 25, 2019 9:31 PM To: dri-devel@xxxxxxxxxxxxxxxxxxxxx <dri-devel@xxxxxxxxxxxxxxxxxxxxx>; amd-gfx@xxxxxxxxxxxxxxxxxxxxx <amd-gfx@xxxxxxxxxxxxxxxxxxxxx> Cc: lyude@xxxxxxxxxx <lyude@xxxxxxxxxx>; Kazlauskas, Nicholas <Nicholas.Kazlauskas@xxxxxxx>; Wentland, Harry <Harry.Wentland@xxxxxxx>; Lipski, Mikita <Mikita.Lipski@xxxxxxx>; Zuo, Jerry <Jerry.Zuo@xxxxxxx>; stable@xxxxxxxxxxxxxxx <stable@xxxxxxxxxxxxxxx>; Lin, Wayne <Wayne.Lin@xxxxxxx> Subject: [PATCH] drm/dp_mst: Avoid NULL pointer dereference [Why] Found kernel NULL pointer dereference under the below situation: src — HDMI_Monitor src — HDMI_Monitor e.g.: \ => MSTB — MSTB (unplug) MSTB — MSTB When display 1 HDMI and 2 DP daisy chain monitors, unplugging the dp cable connected to source causes kernel NULL pointer dereference at drm_dp_mst_atomic_check_bw_limit(). When calculating pbn_limit, if branch is null, accessing "&branch->ports" causes the problem. [How] Judge branch is null or not at the beginning. If it is null, return 0. Signed-off-by: Wayne Lin <Wayne.Lin@xxxxxxx> Cc: stable@xxxxxxxxxxxxxxx --- drivers/gpu/drm/drm_dp_mst_topology.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/drivers/gpu/drm/drm_dp_mst_topology.c b/drivers/gpu/drm/drm_dp_mst_topology.c index 7d2d31eaf003..a6473e3ab448 100644 --- a/drivers/gpu/drm/drm_dp_mst_topology.c +++ b/drivers/gpu/drm/drm_dp_mst_topology.c @@ -4707,6 +4707,9 @@ int drm_dp_mst_atomic_check_bw_limit(struct drm_dp_mst_branch *branch, struct drm_dp_vcpi_allocation *vcpi; int pbn_limit = 0, pbn_used = 0; + if (!branch) + return 0; + list_for_each_entry(port, &branch->ports, next) { if (port->mstb) if (drm_dp_mst_atomic_check_bw_limit(port->mstb, mst_state)) -- 2.17.1