drm/amd: Fix NULL pointer dereference in device cleanup

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

When GPU initialization fails due to an unsupported HW block
IP blocks may have a NULL version pointer. During cleanup in
amdgpu_device_fini_hw, the code calls amdgpu_device_set_pg_state and
amdgpu_device_set_cg_state which iterate over all IP blocks and access
adev->ip_blocks[i].version without NULL checks, leading to a kernel
NULL pointer dereference.

Add NULL checks for adev->ip_blocks[i].version in both
amdgpu_device_set_cg_state and amdgpu_device_set_pg_state to prevent
dereferencing NULL pointers during GPU teardown when initialization has
failed.

Fixes: 39fc2bc4da00 ("drm/amdgpu: Protect GPU register accesses in powergated state in some paths")
Reviewed-by: Alex Deucher <alexander.deucher@amd.com>
Signed-off-by: Mario Limonciello <mario.limonciello@amd.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>

authored by

Mario Limonciello and committed by

Alex Deucher 3 months ago b7ac7746 576a1079

1 changed file

expand all

drivers

gpu

drm

amd

amdgpu

amdgpu_device.c

drivers/gpu/drm/amd/amdgpu/amdgpu_device.c

··· 2550 2550 i = state == AMD_CG_STATE_GATE ? j : adev->num_ip_blocks - j - 1; 2551 2551 if (!adev->ip_blocks[i].status.late_initialized) 2552 2552 continue; 2553 + if (!adev->ip_blocks[i].version) 2554 + continue; 2553 2555 /* skip CG for GFX, SDMA on S0ix */ 2554 2556 if (adev->in_s0ix && 2555 2557 (adev->ip_blocks[i].version->type == AMD_IP_BLOCK_TYPE_GFX || ··· 2590 2588 for (j = 0; j < adev->num_ip_blocks; j++) { 2591 2589 i = state == AMD_PG_STATE_GATE ? j : adev->num_ip_blocks - j - 1; 2592 2590 if (!adev->ip_blocks[i].status.late_initialized) 2591 + continue; 2592 + if (!adev->ip_blocks[i].version) 2593 2593 continue; 2594 2594 /* skip PG for GFX, SDMA on S0ix */ 2595 2595 if (adev->in_s0ix &&

Configure Feed

Configure Feed