[PATCH OLK-6.6] drm/amd/display: Check null-initialized variables - Kernel

1 Nov 2024

From: Alex Hung alex.hung@amd.com
mainline inclusion
from mainline-v6.12-rc1
commit 367cd9ceba1933b63bc1d87d967baf6d9fd241d2
category: bugfix
bugzilla: https://gitee.com/src-openeuler/kernel/issues/IAYR8V
CVE: CVE-2024-49898
Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=...
--------------------------------
[WHAT & HOW]
drr_timing and subvp_pipe are initialized to null and they are not
always assigned new values. It is necessary to check for null before
dereferencing.
This fixes 2 FORWARD_NULL issues reported by Coverity.
Reviewed-by: Nevenko Stupar nevenko.stupar@amd.com
Reviewed-by: Rodrigo Siqueira rodrigo.siqueira@amd.com
Signed-off-by: Jerry Zuo jerry.zuo@amd.com
Signed-off-by: Alex Hung alex.hung@amd.com
Tested-by: Daniel Wheeler daniel.wheeler@amd.com
Signed-off-by: Alex Deucher alexander.deucher@amd.com
Conflicts:
    drivers/gpu/drm/amd/display/dc/dml/dcn32/dcn32_fpu.c
[Some contexts subvp_vblank_schedulable different. No functional impact.]
Signed-off-by: Zheng Zucheng zhengzucheng@huawei.com
---
 drivers/gpu/drm/amd/display/dc/dml/dcn32/dcn32_fpu.c | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/drivers/gpu/drm/amd/display/dc/dml/dcn32/dcn32_fpu.c b/drivers/gpu/drm/amd/display/dc/dml/dcn32/dcn32_fpu.c
index 3d82cbef1274..ac6357c089e7 100644
--- a/drivers/gpu/drm/amd/display/dc/dml/dcn32/dcn32_fpu.c
+++ b/drivers/gpu/drm/amd/display/dc/dml/dcn32/dcn32_fpu.c
@@ -932,8 +932,9 @@ static bool subvp_drr_schedulable(struct dc *dc, struct dc_state *context)
     * for VBLANK: (VACTIVE region of the SubVP pipe can fit the MALL prefetch, VBLANK frame time,
     * and the max of (VBLANK blanking time, MALL region)).
     */
-	if (stretched_drr_us < (1 / (double)drr_timing->min_refresh_in_uhz) * 1000000 * 1000000 &&
-			subvp_active_us - prefetch_us - stretched_drr_us - max_vblank_mallregion > 0)
+	if (drr_timing &&
+	    stretched_drr_us < (1 / (double)drr_timing->min_refresh_in_uhz) * 1000000 * 1000000 &&
+	    subvp_active_us - prefetch_us - stretched_drr_us - max_vblank_mallregion > 0)
    	schedulable = true;
return schedulable;
@@ -995,7 +996,7 @@ static bool subvp_vblank_schedulable(struct dc *dc, struct dc_state *context)
    	if (!subvp_pipe && pipe->stream->mall_stream_config.type == SUBVP_MAIN)
    		subvp_pipe = pipe;
    }
-	if (found) {
+	if (found && subvp_pipe) {
    	main_timing = &subvp_pipe->stream->timing;
    	phantom_timing = &subvp_pipe->stream->mall_stream_config.paired_stream->timing;
    	vblank_timing = &context->res_ctx.pipe_ctx[vblank_index].stream->timing;
-- 
2.34.1


    