Commit d252c823 authored Sep 26, 2024 by Ma Ke Committed by openeuler-sync-bot Sep 27, 2024

drm/nouveau/dispnv04: fix null pointer dereference in nv17_tv_get_ld_modes

stable inclusion
from stable-v5.10.221
commit 259549b2ccf795b7f91f7b5aba47286addcfa389
category: bugfix
bugzilla: https://gitee.com/src-openeuler/kernel/issues/IAGENV
CVE: CVE-2024-41095

Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=259549b2ccf795b7f91f7b5aba47286addcfa389



--------------------------------

commit 66edf3fb331b6c55439b10f9862987b0916b3726 upstream.

In nv17_tv_get_ld_modes(), the return value of drm_mode_duplicate() is
assigned to mode, which will lead to a possible NULL pointer dereference
on failure of drm_mode_duplicate(). Add a check to avoid npd.

Cc: stable@vger.kernel.org
Signed-off-by: Ma Ke <make24@iscas.ac.cn>
Signed-off-by: Lyude Paul <lyude@redhat.com>
Link: https://patchwork.freedesktop.org/patch/msgid/20240625081828.2620794-1-make24@iscas.ac.cn


Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Yuan Can <yuancan@huawei.com>
(cherry picked from commit 501fc41c)

parent 5d0c5efa

drivers/gpu/drm/nouveau/dispnv04/tvnv17.c

+2 −0

Original line number	Diff line number	Diff line
		@@ -208,6 +208,8 @@ static int nv17_tv_get_ld_modes(struct drm_encoder *encoder,
		struct drm_display_mode *mode;

		mode = drm_mode_duplicate(encoder->dev, tv_mode);
		if (!mode)
		continue;

		mode->clock = tv_norm->tv_enc_mode.vrefresh *
		mode->htotal / 1000 *