[lvc-project] [PATCH v4 0/3] drm/amd/display: Fix dangling pointers in state reset functions

Mario Limonciello mario.limonciello at amd.com
Mon Jun 29 23:52:20 MSK 2026



On 6/29/26 04:04, Evgenii Burenchev wrote:
> This series fixes a dangling pointer issue in three reset functions:
> - amdgpu_dm_plane_drm_plane_reset()
> - amdgpu_dm_crtc_reset_state()
> - amdgpu_dm_connector_funcs_reset()
> 
> Each function frees the old state before allocating a new one. If
> kzalloc_obj() fails, the function returns without updating the state
> pointer, leaving a dangling pointer to already freed memory.
> 
> The fix is to allocate the new state first. On allocation failure,
> the old state remains untouched and the function safely returns.
> 
> For the connector function, additionally restore the explicit
> kfree(old_state) which was lost during refactoring.
> 
> Found by Linux Verification Center (linuxtesting.org) with SVACE.
> 
> Signed-off-by: Evgenii Burenchev <evg28bur at yandex.ru>
> ---
> Evgenii Burenchev (3):
>    drm/amd/display: Fix dangling pointer in plane reset function
>    drm/amd/display: Fix dangling pointer in CRTC reset function
>    drm/amd/display: Fix dangling pointer in connector reset function
> 
>   .../gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 39 ++++++++++---------
>   .../amd/display/amdgpu_dm/amdgpu_dm_crtc.c    |  8 ++--
>   .../amd/display/amdgpu_dm/amdgpu_dm_plane.c   | 10 ++---
>   3 files changed, 28 insertions(+), 29 deletions(-)
> ---
> Changes in v4:
> - Split into three separate patches as requested (reviewer Fedor Pchelkin)
> - Remove WARN_ON on memory allocation failure (reviewer Fedor Pchelkin)
> - Remove redundant comments (reviewer Fedor Pchelkin)
> - Fix empty line in local variable declaration block (reviewer Fedor Pchelkin)
> 
> Changes in v3:
> - Restore explicit kfree(old_state) in amdgpu_dm_connector_funcs_reset()
>    to prevent memory leak (reviewer Mario Limonciello)
> 
> Changes in v2:
> - Also fix amdgpu_dm_crtc_reset_state() and amdgpu_dm_connector_funcs_reset()

Reviewed-by: Mario Limonciello (AMD) <superm1 at kernel.org>

I will apply the series to amd-staging-drm-next and it will come in a 
future to drm-fixes.



More information about the lvc-project mailing list