www.infradead.org Git - users/hch/misc.git/commit

author	Imre Deak <imre.deak@intel.com>
	Wed, 4 Dec 2024 13:20:07 +0000 (15:20 +0200)
committer	Imre Deak <imre.deak@intel.com>
	Thu, 5 Dec 2024 14:19:30 +0000 (16:19 +0200)
commit	e54b00086f7473dbda1a7d6fc47720ced157c6a8
tree	dfad2c21438c15ced3a66c869747a5ec312003f3	tree
parent	3f611855031f94385c2eeb32b1f99dd7a9fa566b	commit \| diff

drm/dp_mst: Ensure mst_primary pointer is valid in drm_dp_mst_handle_up_req()

While receiving an MST up request message from one thread in
drm_dp_mst_handle_up_req(), the MST topology could be removed from
another thread via drm_dp_mst_topology_mgr_set_mst(false), freeing
mst_primary and setting drm_dp_mst_topology_mgr::mst_primary to NULL.
This could lead to a NULL deref/use-after-free of mst_primary in
drm_dp_mst_handle_up_req().

Avoid the above by holding a reference for mst_primary in
drm_dp_mst_handle_up_req() while it's used.

v2: Fix kfreeing the request if getting an mst_primary reference fails.

Cc: Lyude Paul <lyude@redhat.com>
Reviewed-by: Lyude Paul <lyude@redhat.com> (v1)
Signed-off-by: Imre Deak <imre.deak@intel.com>
Link: https://patchwork.freedesktop.org/patch/msgid/20241204132007.3132494-1-imre.deak@intel.com