[PATCH 2/2] drm/amdgpu: debugfs: fix NULL dereference in ta_if_invoke_debugfs_write()
Dan Carpenter
dan.carpenter at oracle.com
Tue Apr 26 08:49:20 UTC 2022
If the kzalloc() fails then this code will crash. Return -ENOMEM instead.
Fixes: e50d9ba0d2cd ("drm/amdgpu: Add debugfs TA load/unload/invoke support")
Signed-off-by: Dan Carpenter <dan.carpenter at oracle.com>
---
This would look nicer as:
shared_buf = memdup_user(&buf[copy_pos], shared_buf_len);
if (IS_ERR(shared_buf))
return PTR_ERR(shared_buf);
Probably eventually this will be sent as an automated Coccinelle patch?
drivers/gpu/drm/amd/amdgpu/amdgpu_psp_ta.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_psp_ta.c b/drivers/gpu/drm/amd/amdgpu/amdgpu_psp_ta.c
index 32bcc20b9e3f..6806deb098d3 100644
--- a/drivers/gpu/drm/amd/amdgpu/amdgpu_psp_ta.c
+++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_psp_ta.c
@@ -254,7 +254,7 @@ static ssize_t ta_if_invoke_debugfs_write(struct file *fp, const char *buf, size
shared_buf = kzalloc(shared_buf_len, GFP_KERNEL);
if (!shared_buf)
- ret = -ENOMEM;
+ return -ENOMEM;
if (copy_from_user((void *)shared_buf, &buf[copy_pos], shared_buf_len)) {
ret = -EFAULT;
goto err_free_shared_buf;
--
2.35.1
More information about the amd-gfx
mailing list