[PATCH v4 0/3] drm/amd/display: Fix dangling pointers in state reset functions
From: Evgenii Burenchev
Date: Mon Jun 29 2026 - 05:13:41 EST
This series fixes a dangling pointer issue in three reset functions:
- amdgpu_dm_plane_drm_plane_reset()
- amdgpu_dm_crtc_reset_state()
- amdgpu_dm_connector_funcs_reset()
Each function frees the old state before allocating a new one. If
kzalloc_obj() fails, the function returns without updating the state
pointer, leaving a dangling pointer to already freed memory.
The fix is to allocate the new state first. On allocation failure,
the old state remains untouched and the function safely returns.
For the connector function, additionally restore the explicit
kfree(old_state) which was lost during refactoring.
Found by Linux Verification Center (linuxtesting.org) with SVACE.
Signed-off-by: Evgenii Burenchev <evg28bur@xxxxxxxxx>
---
Evgenii Burenchev (3):
drm/amd/display: Fix dangling pointer in plane reset function
drm/amd/display: Fix dangling pointer in CRTC reset function
drm/amd/display: Fix dangling pointer in connector reset function
.../gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 39 ++++++++++---------
.../amd/display/amdgpu_dm/amdgpu_dm_crtc.c | 8 ++--
.../amd/display/amdgpu_dm/amdgpu_dm_plane.c | 10 ++---
3 files changed, 28 insertions(+), 29 deletions(-)
---
Changes in v4:
- Split into three separate patches as requested (reviewer Fedor Pchelkin)
- Remove WARN_ON on memory allocation failure (reviewer Fedor Pchelkin)
- Remove redundant comments (reviewer Fedor Pchelkin)
- Fix empty line in local variable declaration block (reviewer Fedor Pchelkin)
Changes in v3:
- Restore explicit kfree(old_state) in amdgpu_dm_connector_funcs_reset()
to prevent memory leak (reviewer Mario Limonciello)
Changes in v2:
- Also fix amdgpu_dm_crtc_reset_state() and amdgpu_dm_connector_funcs_reset()
--
2.43.0