tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
fork atom

drm/amdkfd: Fix NULL Pointer Dereference in KFD queue

Through KFD IOCTL Fuzzing we encountered a NULL pointer derefrence
when calling kfd_queue_acquire_buffers.

Fixes: 629568d25fea ("drm/amdkfd: Validate queue cwsr area and eop buffer size")
Signed-off-by: Andrew Martin <Andrew.Martin@amd.com>
Reviewed-by: Philip Yang <Philip.Yang@amd.com>
Signed-off-by: Andrew Martin <Andrew.Martin@amd.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
(cherry picked from commit 049e5bf3c8406f87c3d8e1958e0a16804fa1d530)
Cc: stable@vger.kernel.org

authored by

Andrew Martin and committed by
Alex Deucher fd617ea3 374c9faa

+2 -2
+2 -2
drivers/gpu/drm/amd/amdkfd/kfd_queue.c
··· 266 266 /* EOP buffer is not required for all ASICs */ 267 267 if (properties->eop_ring_buffer_address) { 268 268 if (properties->eop_ring_buffer_size != topo_dev->node_props.eop_buffer_size) { 269 - pr_debug("queue eop bo size 0x%lx not equal to node eop buf size 0x%x\n", 270 - properties->eop_buf_bo->tbo.base.size, 269 + pr_debug("queue eop bo size 0x%x not equal to node eop buf size 0x%x\n", 270 + properties->eop_ring_buffer_size, 271 271 topo_dev->node_props.eop_buffer_size); 272 272 err = -EINVAL; 273 273 goto out_err_unreserve;