Commit dd6bd0a3 authored by Alex Hung's avatar Alex Hung Committed by Zheng Zucheng
Browse files

drm/amd/display: Check null-initialized variables 

mainline inclusion
from mainline-v6.12-rc1
commit 367cd9ceba1933b63bc1d87d967baf6d9fd241d2
category: bugfix
bugzilla: https://gitee.com/src-openeuler/kernel/issues/IAYR8V
CVE: CVE-2024-49898

Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=367cd9ceba1933b63bc1d87d967baf6d9fd241d2



--------------------------------

[WHAT & HOW]
drr_timing and subvp_pipe are initialized to null and they are not
always assigned new values. It is necessary to check for null before
dereferencing.

This fixes 2 FORWARD_NULL issues reported by Coverity.

Reviewed-by: default avatarNevenko Stupar <nevenko.stupar@amd.com>
Reviewed-by: default avatarRodrigo Siqueira <rodrigo.siqueira@amd.com>
Signed-off-by: default avatarJerry Zuo <jerry.zuo@amd.com>
Signed-off-by: default avatarAlex Hung <alex.hung@amd.com>
Tested-by: default avatarDaniel Wheeler <daniel.wheeler@amd.com>
Signed-off-by: default avatarAlex Deucher <alexander.deucher@amd.com>

Conflicts:
    drivers/gpu/drm/amd/display/dc/dml/dcn32/dcn32_fpu.c
[Some contexts subvp_vblank_schedulable different. No functional impact.]
Signed-off-by: default avatarZheng Zucheng <zhengzucheng@huawei.com>
parent 75c70648

drivers/gpu/drm/amd/display/dc/dml/dcn32/dcn32_fpu.c

+4 −3
Original line number Diff line number Diff line
@@ -932,7 +932,8 @@ static bool subvp_drr_schedulable(struct dc *dc, struct dc_state *context) 
	 * for VBLANK: (VACTIVE region of the SubVP pipe can fit the MALL prefetch, VBLANK frame time,

	 * and the max of (VBLANK blanking time, MALL region)).

	 */

	if (stretched_drr_us < (1 / (double)drr_timing->min_refresh_in_uhz) * 1000000 * 1000000 &&

	if (drr_timing &&

	    stretched_drr_us < (1 / (double)drr_timing->min_refresh_in_uhz) * 1000000 * 1000000 &&

	    subvp_active_us - prefetch_us - stretched_drr_us - max_vblank_mallregion > 0)

		schedulable = true;
@@ -995,7 +996,7 @@ static bool subvp_vblank_schedulable(struct dc *dc, struct dc_state *context) 
		if (!subvp_pipe && pipe->stream->mall_stream_config.type == SUBVP_MAIN)

			subvp_pipe = pipe;

	}

	if (found) {

	if (found && subvp_pipe) {

		main_timing = &subvp_pipe->stream->timing;

		phantom_timing = &subvp_pipe->stream->mall_stream_config.paired_stream->timing;

		vblank_timing = &context->res_ctx.pipe_ctx[vblank_index].stream->timing;