CL submitted https://chromium-review.googlesource.com/c/chromiumos/third_party/kernel/+/1023421

This bug requires manual review: M67 has already been promoted to the beta branch, so this requires manual review
Please contact the milestone owner if you have questions.
Owners: cmasso@(Android), cmasso@(iOS), kbleicher@(ChromeOS), govind@(Desktop)

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

Buildbots are having a bad day so the original commit hasn't landed in ToT yet. Hopefully we can get the approval when it does. It is getting a bit late here in STO, and we would like to merge this tomorrow. 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromiumos/third_party/kernel/+/00b629e400742f6cbc9568024968286ed66889d5

commit 00b629e400742f6cbc9568024968286ed66889d5
Author: Emil Lundmark <lndmrk@chromium.org>
Date: Thu Apr 26 20:01:53 2018

BACKPORT: FROMLIST: drm: udl: Destroy framebuffer only if it was initialized

This fixes a NULL pointer dereference that can happen if the UDL
driver is unloaded before the framebuffer is initialized. This can
happen e.g. if the USB device is unplugged right after it was plugged
in.

Signed-off-by: Emil Lundmark <lndmrk@chromium.org>
Reviewed-by: Sean Paul <seanpaul@chromium.org>

(am from https://patchwork.kernel.org/patch/10352491/)

Conflicts:
	drivers/gpu/drm/udl/udl_fb.c

BUG= chromium:835746 
TEST=emerge-fizz chromeos-kernel-4_4

Change-Id: I9caac5442fe3854838c028d8c57a970f91f76d86
Reviewed-on: https://chromium-review.googlesource.com/1023421
Commit-Ready: Emil Lundmark <lndmrk@chromium.org>
Tested-by: Emil Lundmark <lndmrk@chromium.org>
Reviewed-by: Stéphane Marchesin <marcheu@chromium.org>

[modify] https://crrev.com/00b629e400742f6cbc9568024968286ed66889d5/drivers/gpu/drm/udl/udl_fb.c

Did this get merged prior to the review?

Also, couple of questions for context:
- M67 regression?  At what point did this originate?
- Fix tested against ToT or similar to verify modification?

Not sure which review you mean. This is a regression between 3.18 and 4.4 kernel. It has been tested against ToT.

I have tested this for several time, I believe it works.
The crash issue is gone.+

Approving merge to M67 Chrome OS.

Thanks!

The following revision refers to this bug:
  https://chromium.googlesource.com/chromiumos/third_party/kernel/+/af11e90a206feca77b03c69ef92fcb2124ca2b32

commit af11e90a206feca77b03c69ef92fcb2124ca2b32
Author: Emil Lundmark <lndmrk@chromium.org>
Date: Fri Apr 27 02:43:54 2018

BACKPORT: FROMLIST: drm: udl: Destroy framebuffer only if it was initialized

This fixes a NULL pointer dereference that can happen if the UDL
driver is unloaded before the framebuffer is initialized. This can
happen e.g. if the USB device is unplugged right after it was plugged
in.

Signed-off-by: Emil Lundmark <lndmrk@chromium.org>
Reviewed-by: Sean Paul <seanpaul@chromium.org>

(am from https://patchwork.kernel.org/patch/10352491/)

Conflicts:
	drivers/gpu/drm/udl/udl_fb.c

BUG= chromium:835746 
TEST=emerge-fizz chromeos-kernel-4_4

Change-Id: I9caac5442fe3854838c028d8c57a970f91f76d86
Reviewed-on: https://chromium-review.googlesource.com/1030411
Reviewed-by: Katie Roberts-Hoffman <katierh@chromium.org>
Commit-Queue: Stefan Adolfsson <sadolfsson@chromium.org>
Tested-by: Stefan Adolfsson <sadolfsson@chromium.org>

[modify] https://crrev.com/af11e90a206feca77b03c69ef92fcb2124ca2b32/drivers/gpu/drm/udl/udl_fb.c

Thanks all for getting this in :)

Please follow up with upstream to get this merged there. It seems like you just need to revise the commit message to explain _how_ this can happen (Daniel and Stephane have given you pretty good templates).

Once it's merged upstream, it should also be backported to 4.14.

chatting with marcheu, he reminded me that udl is supported on other kernels as well, so we'll need this backported to all other kernels with udl enabled.

Issue 834332 has been merged into this issue.