CVE-2022-49221

In the Linux kernel, the following vulnerability has been resolved:

drm/msm/dp: populate connector of struct dp_panel

DP CTS test case 4.2.2.6 has valid edid with bad checksum on purpose and expect DP source return correct checksum. During drm edid read, correct edid checksum is calculated and stored at connector::realedidchecksum.

The problem is struct dppanel::connector never be assigned, instead the connector is stored in struct msmdp::connector. When we run compliance testing test case 4.2.2.6 dppanelhandlesinkrequest() won't have a valid edid set in struct dppanel::edid so we'll try to use the connectors realedid_checksum and hit a NULL pointer dereference error because the connector pointer is never assigned.

Changes in V2: -- populate panel connector at msmdpmodesetinit() instead of at dppanelreadsink_caps()

Changes in V3: -- remove unhelpful kernel crash trace commit text -- remove renaming dp_display parameter to dp

Changes in V4: -- add more details to commit text

Changes in v10: -- group into one series

Changes in v11: -- drop drm/msm/dp: dplinkparsesinkcount() return immediately if aux read

Signee-off-by: Kuogee Hsieh quic_khsieh@quicinc.com