Re: [PATCH v2] drm/amd/display: set new_stream to NULL after release

Next message: Varun R Mallya: "Re: [PATCH bpf-next 2/3] riscv, bpf: Add support for BPF exceptions"
Previous message: WenTao Liang: "Re: [PATCH] fix: net/batman-adv: batadv_interface_kill_vid: extra batadv_meshif_vlan_put after destroy"
In reply to: WenTao Liang: "[PATCH v2] drm/amd/display: set new_stream to NULL after release"
Next in thread: Mario Limonciello: "Re: [PATCH v2] drm/amd/display: set new_stream to NULL after release"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Greg KH

Date: Sun Jun 28 2026 - 03:34:56 EST

On Sun, Jun 28, 2026 at 03:27:40PM +0800, WenTao Liang wrote:
> In dm_update_crtc_state(), the skip_modeset path releases new_stream
> via dc_stream_release() but does not set the pointer to NULL.
>
> If a later error (e.g., color management failure) triggers the fail
> label, the error path calls dc_stream_release() again on the same
> dangling pointer, causing a double release and potential use-after-free.
>
> Fix this by setting new_stream to NULL after the initial release.
>
> Fixes: 9b690ef3c7042 ("drm/amd/display: Avoid full modeset when not required")
> Cc: stable@xxxxxxxxxxxxxxx
> Signed-off-by: WenTao Liang <vulab@xxxxxxxxxxx>
> ---
> Changes in v2:
> - Correct Fixes hash based on reviewer feedback

Did you forget to include an Assisted-by: tag?