Commit 6ad42dad authored May 25, 2024 by Gong Yuanjun Committed by Liu Chuang May 25, 2024

drm/radeon: fix a possible null pointer dereference

mainline inclusion
from mainline-v5.19-rc1
commit a2b28708
category: bugfix
bugzilla: https://gitee.com/src-openeuler/kernel/issues/I9R4KL
CVE: CVE-2022-48710

Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=a2b28708b645c5632dc93669ab06e97874c8244f



--------------------------------

In radeon_fp_native_mode(), the return value of drm_mode_duplicate()
is assigned to mode, which will lead to a NULL pointer dereference
on failure of drm_mode_duplicate(). Add a check to avoid npd.

The failure status of drm_cvt_mode() on the other path is checked too.

Signed-off-by: Gong Yuanjun <ruc_gongyuanjun@163.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Signed-off-by: Liu Chuang <liuchuang40@huawei.com>

parent dde5bc8e

drivers/gpu/drm/radeon/radeon_connectors.c

+4 −0

Original line number	Diff line number	Diff line
		@@ -476,6 +476,8 @@ static struct drm_display_mode radeon_fp_native_mode(struct drm_encoder encode
		native_mode->vdisplay != 0 &&
		native_mode->clock != 0) {
		mode = drm_mode_duplicate(dev, native_mode);
		if (!mode)
		return NULL;
		mode->type = DRM_MODE_TYPE_PREFERRED \| DRM_MODE_TYPE_DRIVER;
		drm_mode_set_name(mode);

		@@ -490,6 +492,8 @@ static struct drm_display_mode radeon_fp_native_mode(struct drm_encoder encode
		* simpler.
		*/
		mode = drm_cvt_mode(dev, native_mode->hdisplay, native_mode->vdisplay, 60, true, false, false);
		if (!mode)
		return NULL;
		mode->type = DRM_MODE_TYPE_PREFERRED \| DRM_MODE_TYPE_DRIVER;
		DRM_DEBUG_KMS("Adding cvt approximation of native panel mode %s\n", mode->name);
		}