drm/amdkfd: Fix NULL Pointer Dereference in KFD queue

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

Through KFD IOCTL Fuzzing we encountered a NULL pointer derefrence
when calling kfd_queue_acquire_buffers.

Fixes: 629568d25fea ("drm/amdkfd: Validate queue cwsr area and eop buffer size")
Signed-off-by: Andrew Martin <Andrew.Martin@amd.com>
Reviewed-by: Philip Yang <Philip.Yang@amd.com>
Signed-off-by: Andrew Martin <Andrew.Martin@amd.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>

authored by

Andrew Martin and committed by

Alex Deucher 1 year ago 049e5bf3 ab23db6d

+2 -2

1 changed file

expand all

drivers

gpu

drm

amd

amdkfd

kfd_queue.c

+2 -2

drivers/gpu/drm/amd/amdkfd/kfd_queue.c

··· 276 276 /* EOP buffer is not required for all ASICs */ 277 277 if (properties->eop_ring_buffer_address) { 278 278 if (properties->eop_ring_buffer_size != topo_dev->node_props.eop_buffer_size) { 279 - pr_debug("queue eop bo size 0x%lx not equal to node eop buf size 0x%x\n", 280 - properties->eop_buf_bo->tbo.base.size, 279 + pr_debug("queue eop bo size 0x%x not equal to node eop buf size 0x%x\n", 280 + properties->eop_ring_buffer_size, 281 281 topo_dev->node_props.eop_buffer_size); 282 282 err = -EINVAL; 283 283 goto out_err_unreserve;

Configure Feed

Configure Feed