Commit 3099e024 authored by Huiwen He's avatar Huiwen He Committed by Rob Clark
Browse files

drm/msm: Fix NULL pointer dereference in crashstate_get_vm_logs() 



crashstate_get_vm_logs() did not check the return value of
kmalloc_array(). In low-memory situations, kmalloc_array() may return
NULL, leading to a NULL pointer dereference when the function later
accesses state->vm_logs.

Fix this by checking the return value of kmalloc_array() and setting
state->nr_vm_logs to 0 if allocation fails.

Fixes: 9edc5296 ("drm/msm: Add VM logging for VM_BIND updates")
Signed-off-by: default avatarHuiwen He <hehuiwen@kylinos.cn>
Patchwork: https://patchwork.freedesktop.org/patch/687555/


Signed-off-by: default avatarRob Clark <robin.clark@oss.qualcomm.com>
parent 15cc59ac

drivers/gpu/drm/msm/msm_gpu.c

+4 −0
Original line number Diff line number Diff line
@@ -348,6 +348,10 @@ static void crashstate_get_vm_logs(struct msm_gpu_state *state, struct msm_gem_v 


	state->vm_logs = kmalloc_array(

		state->nr_vm_logs, sizeof(vm->log[0]), GFP_KERNEL);

	if (!state->vm_logs) {

		state->nr_vm_logs = 0;

	}



	for (int i = 0; i < state->nr_vm_logs; i++) {

		int idx = (i + first) & vm_log_mask;