Commit 4f54607c authored Jul 06, 2024 by Aleksandr Mishin Committed by Zheng Zucheng Jul 06, 2024

drm: bridge: cdns-mhdp8546: Fix possible null pointer dereference

stable inclusion
from stable-v6.6.33
commit dcf53e6103b26e7458be71491d0641f49fbd5840
category: bugfix
bugzilla: https://gitee.com/src-openeuler/kernel/issues/IA6SEW
CVE: CVE-2024-38548

Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=dcf53e6103b26e7458be71491d0641f49fbd5840



--------------------------------

[ Upstream commit 935a92a1c400285545198ca2800a4c6c519c650a ]

In cdns_mhdp_atomic_enable(), the return value of drm_mode_duplicate() is
assigned to mhdp_state->current_mode, and there is a dereference of it in
drm_mode_set_name(), which will lead to a NULL pointer dereference on
failure of drm_mode_duplicate().

Fix this bug add a check of mhdp_state->current_mode.

Fixes: fb43aa0a ("drm: bridge: Add support for Cadence MHDP8546 DPI/DP bridge")
Signed-off-by: Aleksandr Mishin <amishin@t-argos.ru>
Reviewed-by: Robert Foss <rfoss@kernel.org>
Signed-off-by: Robert Foss <rfoss@kernel.org>
Link: https://patchwork.freedesktop.org/patch/msgid/20240408125810.21899-1-amishin@t-argos.ru


Signed-off-by: Sasha Levin <sashal@kernel.org>
Signed-off-by: ZhangPeng <zhangpeng362@huawei.com>
Signed-off-by: Zheng Zucheng <zhengzucheng@huawei.com>

parent 3486fdb9

drivers/gpu/drm/bridge/cadence/cdns-mhdp8546-core.c

+3 −0

Original line number	Diff line number	Diff line
		@@ -1978,6 +1978,9 @@ static void cdns_mhdp_atomic_enable(struct drm_bridge *bridge,
		mhdp_state = to_cdns_mhdp_bridge_state(new_state);

		mhdp_state->current_mode = drm_mode_duplicate(bridge->dev, mode);
		if (!mhdp_state->current_mode)
		return;

		drm_mode_set_name(mhdp_state->current_mode);

		dev_dbg(mhdp->dev, "%s: Enabling mode %s\n", __func__, mode->name);