Commit 3065e6a4 authored by Huiwen He's avatar Huiwen He Committed by Rob Clark
Browse files

drm/msm: fix missing NULL check after kcalloc in crashstate_get_bos() 



The crashstate_get_bos() function allocates memory for `state->bos`
using kcalloc(), but the vmbind path does not check for allocation
failure before dereferencing it in the following drm_gpuvm_for_each_va()
loop. This could lead to a NULL pointer dereference if memory allocation
fails.

Fix this by wrapping the drm_gpuvm_for_each_va() loop with a NULL check
on state->bos, similar to the safety check in the non-vmbind path.

Fixes: af9aa6f3 ("drm/msm: Crashdump support for sparse")
Signed-off-by: default avatarHuiwen He <hehuiwen@kylinos.cn>
Patchwork: https://patchwork.freedesktop.org/patch/687556/


Signed-off-by: default avatarRob Clark <robin.clark@oss.qualcomm.com>
parent 3099e024

drivers/gpu/drm/msm/msm_gpu.c

+9 −8
Original line number Diff line number Diff line
@@ -287,6 +287,7 @@ static void crashstate_get_bos(struct msm_gpu_state *state, struct msm_gem_submi 


		state->bos = kcalloc(cnt, sizeof(struct msm_gpu_state_bo), GFP_KERNEL);



		if (state->bos)

			drm_gpuvm_for_each_va(vma, submit->vm) {

				bool dump = rd_full || (vma->flags & MSM_VMA_DUMP);