RE: [PATCH][next] drm/i915/hdcp: Fix null pointer dereference of connector->encoder

From: Gupta, Anshuman
Date: Fri Feb 26 2021 - 00:03:05 EST



> -----Original Message-----
> From: Colin King <colin.king@xxxxxxxxxxxxx>
> Sent: Wednesday, February 24, 2021 12:49 AM
> To: Jani Nikula <jani.nikula@xxxxxxxxxxxxxxx>; Joonas Lahtinen
> <joonas.lahtinen@xxxxxxxxxxxxxxx>; Vivi, Rodrigo <rodrigo.vivi@xxxxxxxxx>;
> David Airlie <airlied@xxxxxxxx>; Daniel Vetter <daniel@xxxxxxxx>; C, Ramalingam
> <ramalingam.c@xxxxxxxxx>; Gupta, Anshuman <anshuman.gupta@xxxxxxxxx>;
> intel-gfx@xxxxxxxxxxxxxxxxxxxxx; dri-devel@xxxxxxxxxxxxxxxxxxxxx
> Cc: kernel-janitors@xxxxxxxxxxxxxxx; linux-kernel@xxxxxxxxxxxxxxx
> Subject: [PATCH][next] drm/i915/hdcp: Fix null pointer dereference of
> connector->encoder
>
> From: Colin Ian King <colin.king@xxxxxxxxxxxxx>
>
> The recent commit 6c63e6e14da7 ("drm/i915/hdcp: No HDCP when encoder is't
> initialized") added a null pointer check on connector->encoder hence implying
> that it could potentially be null. This means that the initialization of dig_port via
> the call intel_attached_dig_port may cause a null pointer dereference on
> connector->encoder. Fix this by only assigning dig_port after a null check has
> been performed on connector->encoder.
>
> Addresses-Coverity: ("Dereference before null check")
> Fixes: 36e5e7042b20 ("drm/i915: Don't fully disable HDCP on a port if multiple
> pipes are using it")
> Signed-off-by: Colin Ian King <colin.king@xxxxxxxxxxxxx>
Looks good to me.
Reviewed-by: Anshuman Gupta <anshuman.gupta@xxxxxxxxx>
> ---
> drivers/gpu/drm/i915/display/intel_hdcp.c | 3 ++-
> 1 file changed, 2 insertions(+), 1 deletion(-)
>
> diff --git a/drivers/gpu/drm/i915/display/intel_hdcp.c
> b/drivers/gpu/drm/i915/display/intel_hdcp.c
> index ae1371c36a32..7525ea31766c 100644
> --- a/drivers/gpu/drm/i915/display/intel_hdcp.c
> +++ b/drivers/gpu/drm/i915/display/intel_hdcp.c
> @@ -2260,7 +2260,7 @@ int intel_hdcp_enable(struct intel_connector
> *connector,
> const struct intel_crtc_state *pipe_config, u8 content_type)
> {
> struct drm_i915_private *dev_priv = to_i915(connector->base.dev);
> - struct intel_digital_port *dig_port =
> intel_attached_dig_port(connector);
> + struct intel_digital_port *dig_port;
> struct intel_hdcp *hdcp = &connector->hdcp;
> unsigned long check_link_interval = DRM_HDCP_CHECK_PERIOD_MS;
> int ret = -EINVAL;
> @@ -2274,6 +2274,7 @@ int intel_hdcp_enable(struct intel_connector
> *connector,
> return -ENODEV;
> }
>
> + dig_port = intel_attached_dig_port(connector);
> mutex_lock(&hdcp->mutex);
> mutex_lock(&dig_port->hdcp_mutex);
> drm_WARN_ON(&dev_priv->drm,
> --
> 2.30.0

AltStyle によって変換されたページ (->オリジナル) /