6.10-stable review patch. If anyone has any objections, please let me know. ------------------ From: Srinivasan Shanmugam <srinivasan.shanmugam@xxxxxxx> [ Upstream commit cd9e9e0852d501f169aa3bb34e4b413d2eb48c37 ] This commit adds a null check for the 'afb' variable in the amdgpu_dm_plane_handle_cursor_update function. Previously, 'afb' was assumed to be null, but was used later in the code without a null check. This could potentially lead to a null pointer dereference. Changes since v1: - Moved the null check for 'afb' to the line where 'afb' is used. (Alex) Fixes the below: drivers/gpu/drm/amd/amdgpu/../display/amdgpu_dm/amdgpu_dm_plane.c:1298 amdgpu_dm_plane_handle_cursor_update() error: we previously assumed 'afb' could be null (see line 1252) Cc: Tom Chung <chiahsuan.chung@xxxxxxx> Cc: Rodrigo Siqueira <Rodrigo.Siqueira@xxxxxxx> Cc: Roman Li <roman.li@xxxxxxx> Cc: Alex Hung <alex.hung@xxxxxxx> Cc: Aurabindo Pillai <aurabindo.pillai@xxxxxxx> Cc: Harry Wentland <harry.wentland@xxxxxxx> Co-developed-by: Alex Hung <alex.hung@xxxxxxx> Signed-off-by: Alex Hung <alex.hung@xxxxxxx> Signed-off-by: Srinivasan Shanmugam <srinivasan.shanmugam@xxxxxxx> Reviewed-by: Tom Chung <chiahsuan.chung@xxxxxxx> Signed-off-by: Alex Deucher <alexander.deucher@xxxxxxx> Signed-off-by: Sasha Levin <sashal@xxxxxxxxxx> --- drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_plane.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_plane.c b/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_plane.c index 7d47acdd11d55..fe7a99aee47dd 100644 --- a/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_plane.c +++ b/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_plane.c @@ -1285,7 +1285,8 @@ void amdgpu_dm_plane_handle_cursor_update(struct drm_plane *plane, adev->dm.dc->caps.color.dpp.gamma_corr) attributes.attribute_flags.bits.ENABLE_CURSOR_DEGAMMA = 1; - attributes.pitch = afb->base.pitches[0] / afb->base.format->cpp[0]; + if (afb) + attributes.pitch = afb->base.pitches[0] / afb->base.format->cpp[0]; if (crtc_state->stream) { mutex_lock(&adev->dm.dc_lock); -- 2.43.0