1. Patchew
  2. linux
  3. View series

[PATCH] drm/display/dp_mst: Fix missing check for return value of drm_atomic_get_mst_payload_state()

Chenyuan Mi posted 1 patch 2 years, 7 months ago 
drivers/gpu/drm/display/drm_dp_mst_topology.c | 2 ++
1 file changed, 2 insertions(+)
[PATCH] drm/display/dp_mst: Fix missing check for return value of drm_atomic_get_mst_payload_state()
Posted by Chenyuan Mi 2 years, 7 months ago 
The drm_atomic_get_mst_payload_state() function may
return NULL, which may cause null pointer deference,
and most other callsites of drm_atomic_get_mst_payload_state()
do Null check. Add Null check for return value of
drm_atomic_get_mst_payload_state().

Found by our static analysis tool.

Signed-off-by: Chenyuan Mi <cymi20@fudan.edu.cn>
---
 drivers/gpu/drm/display/drm_dp_mst_topology.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/drivers/gpu/drm/display/drm_dp_mst_topology.c b/drivers/gpu/drm/display/drm_dp_mst_topology.c
index 38dab76ae69e..27f4bcf409ea 100644
--- a/drivers/gpu/drm/display/drm_dp_mst_topology.c
+++ b/drivers/gpu/drm/display/drm_dp_mst_topology.c
@@ -4434,6 +4434,8 @@ void drm_dp_mst_atomic_wait_for_dependencies(struct drm_atomic_state *state)
 
 			new_payload = drm_atomic_get_mst_payload_state(new_mst_state,
 								       old_payload->port);
+			if (!new_payload)
+				continue;
 			new_payload->vc_start_slot = old_payload->vc_start_slot;
 		}
 	}
-- 
2.17.1
Re: [PATCH] drm/display/dp_mst: Fix missing check for return value of drm_atomic_get_mst_payload_state()
Posted by Lyude Paul 2 years, 7 months ago 
Hm, I suppose it's not -impossible- for this to return NULL, but if it does
return NULL that absolutely means something broke well before this point in
the code. More comments below:

On Wed, 2023-06-14 at 09:09 -0700, Chenyuan Mi wrote:
> The drm_atomic_get_mst_payload_state() function may
> return NULL, which may cause null pointer deference,
> and most other callsites of drm_atomic_get_mst_payload_state()
> do Null check. Add Null check for return value of
> drm_atomic_get_mst_payload_state().
> 
> Found by our static analysis tool.
> 
> Signed-off-by: Chenyuan Mi <cymi20@fudan.edu.cn>
> ---
>  drivers/gpu/drm/display/drm_dp_mst_topology.c | 2 ++
>  1 file changed, 2 insertions(+)
> 
> diff --git a/drivers/gpu/drm/display/drm_dp_mst_topology.c b/drivers/gpu/drm/display/drm_dp_mst_topology.c
> index 38dab76ae69e..27f4bcf409ea 100644
> --- a/drivers/gpu/drm/display/drm_dp_mst_topology.c
> +++ b/drivers/gpu/drm/display/drm_dp_mst_topology.c
> @@ -4434,6 +4434,8 @@ void drm_dp_mst_atomic_wait_for_dependencies(struct drm_atomic_state *state)
>  
>  			new_payload = drm_atomic_get_mst_payload_state(new_mst_state,
>  								       old_payload->port);
> +			if (!new_payload)
> +				continue;

Could you change this check to:

	if (drm_WARN_ON(state->dev, !new_payload))

>  			new_payload->vc_start_slot = old_payload->vc_start_slot;
>  		}
>  	}

-- 
Cheers,
 Lyude Paul (she/her)
 Software Engineer at Red Hat

Patchew 2.1-devel-b67e4c2

© 2016 - 2026 Red Hat, Inc.