[PATCH OLK-6.6] drm/amd/display: Add null check for head_pipe in dcn201_acquire_free_pipe_for_layer

From: Srinivasan Shanmugam srinivasan.shanmugam@amd.com

mainline inclusion from mainline-v6.12-rc1 commit f22f4754aaa47d8c59f166ba3042182859e5dff7 category: bugfix bugzilla: https://gitee.com/src-openeuler/kernel/issues/IAYR8R CVE: CVE-2024-49919

Reference: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?i...

--------------------------------

This commit addresses a potential null pointer dereference issue in the `dcn201_acquire_free_pipe_for_layer` function. The issue could occur when `head_pipe` is null.

The fix adds a check to ensure `head_pipe` is not null before asserting it. If `head_pipe` is null, the function returns NULL to prevent a potential null pointer dereference.

Reported by smatch: drivers/gpu/drm/amd/amdgpu/../display/dc/resource/dcn201/dcn201_resource.c:1016 dcn201_acquire_free_pipe_for_layer() error: we previously assumed 'head_pipe' could be null (see line 1010)

Cc: Tom Chung chiahsuan.chung@amd.com Cc: Rodrigo Siqueira Rodrigo.Siqueira@amd.com Cc: Roman Li roman.li@amd.com Cc: Alex Hung alex.hung@amd.com Cc: Aurabindo Pillai aurabindo.pillai@amd.com Cc: Harry Wentland harry.wentland@amd.com Cc: Hamza Mahfooz hamza.mahfooz@amd.com Signed-off-by: Srinivasan Shanmugam srinivasan.shanmugam@amd.com Reviewed-by: Tom Chung chiahsuan.chung@amd.com Signed-off-by: Alex Deucher alexander.deucher@amd.com Conflicts: drivers/gpu/drm/amd/display/dc/dcn201/dcn201_resource.c drivers/gpu/drm/amd/display/dc/resource/dcn201/dcn201_resource.c, [commit 8b8eed05a1c6 ("drm/amd/display: Refactor resource into component directory") is not backported, which moved dcn201_resource.c] Signed-off-by: Yu Kuai yukuai3@huawei.com --- drivers/gpu/drm/amd/display/dc/dcn201/dcn201_resource.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/drivers/gpu/drm/amd/display/dc/dcn201/dcn201_resource.c b/drivers/gpu/drm/amd/display/dc/dcn201/dcn201_resource.c index 2dc4d2c1410b..8efe3f32a0e7 100644 --- a/drivers/gpu/drm/amd/display/dc/dcn201/dcn201_resource.c +++ b/drivers/gpu/drm/amd/display/dc/dcn201/dcn201_resource.c @@ -1002,8 +1002,10 @@ static struct pipe_ctx *dcn201_acquire_free_pipe_for_layer( struct pipe_ctx *head_pipe = resource_get_otg_master_for_stream(res_ctx, opp_head_pipe->stream); struct pipe_ctx *idle_pipe = resource_find_free_secondary_pipe_legacy(res_ctx, pool, head_pipe);

- if (!head_pipe) + if (!head_pipe) { ASSERT(0); + return NULL; + }

if (!idle_pipe) return NULL;