UBUNTU: SAUCE: drm/i915/display: Fix null deref in intel_psr_atomic_c…

…heck()

I'm seeing an oops when booting my laptop when attached to my
dock:

 RIP: 0010:intel_psr_atomic_check+0x37/0xa0 [i915]
 Code: 80 56 06 00 00 20 74 42 80 b8 74 6a 00 00 00 74 39 48 8b 72 08 48 85 f6 74 30 80 b8 38 6b 00 00 00 74 27 4c 8b 87 80 04 00 00 <41> 8b 78 78 83 ff 08 77 19 31 c9 83 ff 05 77 19 48 81 c1 28 01 00
 RSP: 0018:ffffadd0401bfb38 EFLAGS: 00010202
 RAX: ffff97425d200000 RBX: ffff974276144800 RCX: 0000000000000000
 RDX: ffff974279b9a900 RSI: ffff97425f1c7800 RDI: ffff974278308000
 RBP: ffffadd0401bfb38 R08: 0000000000000000 R09: ffff974274b08970
 R10: ffff974279b9a900 R11: 0000000000000007 R12: ffff974278308000
 R13: ffff974279b9a900 R14: ffff974279731480 R15: 0000000000000004
 FS:  0000000000000000(0000) GS:ffff9742804c0000(0000) knlGS:0000000000000000
 CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
 CR2: 0000000000000078 CR3: 000000047220a003 CR4: 00000000003606e0
 Call Trace:
  intel_digital_connector_atomic_check+0x53/0x130 [i915]
  intel_dp_mst_atomic_check+0x46/0xe0 [i915]
  drm_atomic_helper_check_modeset+0x1ea/0x460 [drm_kms_helper]
  intel_atomic_check+0x93/0x6b0 [i915]
  ? drm_atomic_plane_check+0x7a/0x3a0 [drm]
  ? drm_atomic_set_crtc_for_connector+0xcb/0x110 [drm]
  drm_atomic_check_only+0x1e9/0x360 [drm]
  drm_atomic_commit+0x18/0x50 [drm]
  drm_client_modeset_commit_atomic+0x1c9/0x200 [drm]
  drm_client_modeset_commit_locked+0x51/0x80 [drm]
  drm_client_modeset_commit+0x27/0x50 [drm]
  drm_fb_helper_set_par+0xb3/0xe0 [drm_kms_helper]
  drm_fb_helper_hotplug_event.part.0+0xb4/0xe0 [drm_kms_helper]
  drm_fb_helper_hotplug_event+0x1c/0x30 [drm_kms_helper]
  intel_fbdev_output_poll_changed+0x6f/0xa0 [i915]
  drm_kms_helper_hotplug_event+0x2c/0x40 [drm_kms_helper]
  drm_dp_mst_link_probe_work+0xd9/0x180 [drm_kms_helper]
  process_one_work+0x1e8/0x3b0
  worker_thread+0x50/0x370
  kthread+0x12f/0x150
  ? process_one_work+0x3b0/0x3b0
  ? __kthread_bind_mask+0x70/0x70
  ret_from_fork+0x1f/0x30
 Modules linked in: ...
 CR2: 0000000000000078
 ---[ end trace be497c0ed3de6229 ]---
 RIP: 0010:intel_psr_atomic_check+0x37/0xa0 [i915]
 Code: 80 56 06 00 00 20 74 42 80 b8 74 6a 00 00 00 74 39 48 8b 72 08 48 85 f6 74 30 80 b8 38 6b 00 00 00 74 27 4c 8b 87 80 04 00 00 <41> 8b 78 78 83 ff 08 77 19 31 c9 83 ff 05 77 19 48 81 c1 28 01 00
 RSP: 0018:ffffadd0401bfb38 EFLAGS: 00010202
 RAX: ffff97425d200000 RBX: ffff974276144800 RCX: 0000000000000000
 RDX: ffff974279b9a900 RSI: ffff97425f1c7800 RDI: ffff974278308000
 RBP: ffffadd0401bfb38 R08: 0000000000000000 R09: ffff974274b08970
 R10: ffff974279b9a900 R11: 0000000000000007 R12: ffff974278308000
 R13: ffff974279b9a900 R14: ffff974279731480 R15: 0000000000000004
 FS:  0000000000000000(0000) GS:ffff9742804c0000(0000) knlGS:0000000000000000
 CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
 CR2: 0000000000000078 CR3: 000000047cb9e002 CR4: 00000000003606e0

Looking through intel_psr_atomic_check(), I note that
enc_to_dig_port() may return NULL, but the pointer is not being
checked before it is dereferenced. Adding an extra check that the
returned pointer is not NULL eliminates the oops.

Signed-off-by: Seth Forshee <[email protected]>

drivers/gpu/drm/i915/display/intel_psr.c

@@ -1631,7 +1631,7 @@ void intel_psr_atomic_check(struct drm_connector *connector,
 
 	intel_connector = to_intel_connector(connector);
 	dig_port = enc_to_dig_port(intel_attached_encoder(intel_connector));
-	if (dev_priv->psr.dp != &dig_port->dp)
+	if (!dig_port || dev_priv->psr.dp != &dig_port->dp)
 		return;
 
 	crtc_state = drm_atomic_get_new_crtc_state(new_state->state,