Commit fd617ea3 authored by Andrew Martin's avatar Andrew Martin Committed by Alex Deucher
Browse files

drm/amdkfd: Fix NULL Pointer Dereference in KFD queue 



Through KFD IOCTL Fuzzing we encountered a NULL pointer derefrence
when calling kfd_queue_acquire_buffers.

Fixes: 629568d2 ("drm/amdkfd: Validate queue cwsr area and eop buffer size")
Signed-off-by: default avatarAndrew Martin <Andrew.Martin@amd.com>
Reviewed-by: default avatarPhilip Yang <Philip.Yang@amd.com>
Signed-off-by: default avatarAndrew Martin <Andrew.Martin@amd.com>
Signed-off-by: default avatarAlex Deucher <alexander.deucher@amd.com>
(cherry picked from commit 049e5bf3)
Cc: stable@vger.kernel.org
parent 374c9faa

drivers/gpu/drm/amd/amdkfd/kfd_queue.c

+2 −2
Original line number Diff line number Diff line
@@ -266,8 +266,8 @@ int kfd_queue_acquire_buffers(struct kfd_process_device *pdd, struct queue_prope 
	/* EOP buffer is not required for all ASICs */

	if (properties->eop_ring_buffer_address) {

		if (properties->eop_ring_buffer_size != topo_dev->node_props.eop_buffer_size) {

			pr_debug("queue eop bo size 0x%lx not equal to node eop buf size 0x%x\n",

				properties->eop_buf_bo->tbo.base.size,

			pr_debug("queue eop bo size 0x%x not equal to node eop buf size 0x%x\n",

				properties->eop_ring_buffer_size,

				topo_dev->node_props.eop_buffer_size);

			err = -EINVAL;

			goto out_err_unreserve;