1. Patchew
  2. linux
  3. View series

[PATCH] drm/mst: Fix NULL pointer dereference in drm_dp_add_payload_part2 (again)

Jeff Mahoney posted 1 patch 1 year, 10 months ago 
drivers/gpu/drm/display/drm_dp_mst_topology.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
[PATCH] drm/mst: Fix NULL pointer dereference in drm_dp_add_payload_part2 (again)
Posted by Jeff Mahoney 1 year, 10 months ago 
Commit 54d217406afe (drm: use mgr->dev in drm_dbg_kms in
drm_dp_add_payload_part2) appears to have been accidentially reverted as
part of commit 5aa1dfcdf0a42 (drm/mst: Refactor the flow for payload
allocation/removement).

I've been seeing NULL pointer dereferences in drm_dp_add_payload_part2
due to state->dev being NULL in the debug message printed if the payload
allocation has failed.

This commit restores mgr->dev to avoid the Oops.

Fixes: 5aa1dfcdf0a42 ("drm/mst: Refactor the flow for payload allocation/removement")
Cc: stable@vger.kernel.org
Signed-off-by: Jeff Mahoney <jeffm@suse.com>
---
 drivers/gpu/drm/display/drm_dp_mst_topology.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/gpu/drm/display/drm_dp_mst_topology.c b/drivers/gpu/drm/display/drm_dp_mst_topology.c
index 03d528209426..3dc966f25c0c 100644
--- a/drivers/gpu/drm/display/drm_dp_mst_topology.c
+++ b/drivers/gpu/drm/display/drm_dp_mst_topology.c
@@ -3437,7 +3437,7 @@ int drm_dp_add_payload_part2(struct drm_dp_mst_topology_mgr *mgr,
 
 	/* Skip failed payloads */
 	if (payload->payload_allocation_status != DRM_DP_MST_PAYLOAD_ALLOCATION_DFP) {
-		drm_dbg_kms(state->dev, "Part 1 of payload creation for %s failed, skipping part 2\n",
+		drm_dbg_kms(mgr->dev, "Part 1 of payload creation for %s failed, skipping part 2\n",
 			    payload->port->connector->name);
 		return -EIO;
 	}
-- 
2.44.0
Re: [PATCH] drm/mst: Fix NULL pointer dereference in drm_dp_add_payload_part2 (again)
Posted by Jeff Mahoney 1 year, 10 months ago 
As a follow up, I read through the original thread before sending this 
and my understanding is that this message probably shouldn't be getting 
printed in the first place.  I've turned on KMS, ATOMIC, STATE, and DP 
debugging to see what shakes out.  I have a KVM on my desk that I use to 
switch between systems fairly frequently.  I'm speculating that the 
connecting and disconnecting is related, so I'm hopeful I can trigger it 
quickly.

-Jeff

On 4/12/24 20:22, Jeff Mahoney wrote:
> Commit 54d217406afe (drm: use mgr->dev in drm_dbg_kms in
> drm_dp_add_payload_part2) appears to have been accidentially reverted as
> part of commit 5aa1dfcdf0a42 (drm/mst: Refactor the flow for payload
> allocation/removement).
> 
> I've been seeing NULL pointer dereferences in drm_dp_add_payload_part2
> due to state->dev being NULL in the debug message printed if the payload
> allocation has failed.
> 
> This commit restores mgr->dev to avoid the Oops.
> 
> Fixes: 5aa1dfcdf0a42 ("drm/mst: Refactor the flow for payload allocation/removement")
> Cc: stable@vger.kernel.org
> Signed-off-by: Jeff Mahoney <jeffm@suse.com>
> ---
>   drivers/gpu/drm/display/drm_dp_mst_topology.c | 2 +-
>   1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/drivers/gpu/drm/display/drm_dp_mst_topology.c b/drivers/gpu/drm/display/drm_dp_mst_topology.c
> index 03d528209426..3dc966f25c0c 100644
> --- a/drivers/gpu/drm/display/drm_dp_mst_topology.c
> +++ b/drivers/gpu/drm/display/drm_dp_mst_topology.c
> @@ -3437,7 +3437,7 @@ int drm_dp_add_payload_part2(struct drm_dp_mst_topology_mgr *mgr,
>   
>   	/* Skip failed payloads */
>   	if (payload->payload_allocation_status != DRM_DP_MST_PAYLOAD_ALLOCATION_DFP) {
> -		drm_dbg_kms(state->dev, "Part 1 of payload creation for %s failed, skipping part 2\n",
> +		drm_dbg_kms(mgr->dev, "Part 1 of payload creation for %s failed, skipping part 2\n",
>   			    payload->port->connector->name);
>   		return -EIO;
>   	}

-- 
Jeff Mahoney
VP Engineering, Linux Systems

Patchew 2.1-devel-b67e4c2

© 2016 - 2026 Red Hat, Inc.