From 7e430527e7a614f2b524609bfb1b627be15b64f9 Mon Sep 17 00:00:00 2001
From: Alex Hung <alex.hung@amd.com>
Date: Tue, 3 Dec 2024 11:30:26 +0800
Subject: [PATCH] drm/amd/display: Pass non-null to
 dcn20_validate_apply_pipe_split_flags

mainline inclusion
from mainline-v6.12-rc1
commit 5559598742fb4538e4c51c48ef70563c49c2af23
category: bugfix
bugzilla: https://gitee.com/src-openeuler/kernel/issues/IAYRD1
CVE: CVE-2024-49923

Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=5559598742fb4538e4c51c48ef70563c49c2af23

--------------------------------

[WHAT & HOW]
"dcn20_validate_apply_pipe_split_flags" dereferences merge, and thus it
cannot be a null pointer. Let's pass a valid pointer to avoid null
dereference.

This fixes 2 FORWARD_NULL issues reported by Coverity.

Reviewed-by: Rodrigo Siqueira <rodrigo.siqueira@amd.com>
Signed-off-by: Jerry Zuo <jerry.zuo@amd.com>
Signed-off-by: Alex Hung <alex.hung@amd.com>
Tested-by: Daniel Wheeler <daniel.wheeler@amd.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Conflicts:
	drivers/gpu/drm/amd/display/dc/dcn20/dcn20_resource.c
	drivers/gpu/drm/amd/display/dc/resource/dcn20/dcn20_resource.c
	drivers/gpu/drm/amd/display/dc/resource/dcn21/dcn21_resource.c
[Path changed and there is no logical conflict.]
Signed-off-by: Tirui Yin <yintirui@huawei.com>
Reviewed-by: Chen Jun <chenjun102@huawei.com>
---
 drivers/gpu/drm/amd/display/dc/dcn20/dcn20_resource.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/drivers/gpu/drm/amd/display/dc/dcn20/dcn20_resource.c b/drivers/gpu/drm/amd/display/dc/dcn20/dcn20_resource.c
index 2990793e86a2..559602336f67 100644
--- a/drivers/gpu/drm/amd/display/dc/dcn20/dcn20_resource.c
+++ b/drivers/gpu/drm/amd/display/dc/dcn20/dcn20_resource.c
@@ -2845,6 +2845,7 @@ bool dcn20_fast_validate_bw(
 {
 	bool out = false;
 	int split[MAX_PIPES] = { 0 };
+	bool merge[MAX_PIPES] = { false };
 	int pipe_cnt, i, pipe_idx, vlevel;
 
 	ASSERT(pipes);
@@ -2867,7 +2868,7 @@ bool dcn20_fast_validate_bw(
 	if (vlevel > context->bw_ctx.dml.soc.num_states)
 		goto validate_fail;
 
-	vlevel = dcn20_validate_apply_pipe_split_flags(dc, context, vlevel, split, NULL);
+	vlevel = dcn20_validate_apply_pipe_split_flags(dc, context, vlevel, split, merge);
 
 	/*initialize pipe_just_split_from to invalid idx*/
 	for (i = 0; i < MAX_PIPES; i++)
-- 
Gitee