[PATCH] drm/amdkfd: Fix NULL Pointer Dereference in KFD queue

[Martin, Andrew]

[AMD Official Use Only - AMD Internal Distribution Only]

@Yang, Philip

Thanks!

> -----Original Message-----
> From: Yang, Philip <Philip.Yang at amd.com>
> Sent: Friday, February 28, 2025 1:16 PM
> To: Martin, Andrew <Andrew.Martin at amd.com>; amd-
> gfx at lists.freedesktop.org
> Cc: Yang, Philip <Philip.Yang at amd.com>
> Subject: Re: [PATCH] drm/amdkfd: Fix NULL Pointer Dereference in KFD queue
>
>
> On 2025-02-28 11:39, Andrew Martin wrote:
> >      Through KFD IOCTL Fuzzing we encountered a NULL pointer derefrence
> >      when calling kfd_queue_acquire_buffers.
>
> Please remove the extra leading space character in subject and comment, and
> add tag
>
> Fixes: 629568d25fea ("drm/amdkfd: Validate queue cwsr area and eop buffer
> size")

Will do!
>
> This patch is
>
> Reviewed-by: Philip Yang <Philip.Yang at amd.com>
>
> > Signed-off-by: Andrew Martin <Andrew.Martin at amd.com>
> > ---
> >   drivers/gpu/drm/amd/amdkfd/kfd_queue.c | 2 +-
> >   1 file changed, 1 insertion(+), 1 deletion(-)
> >
> > diff --git a/drivers/gpu/drm/amd/amdkfd/kfd_queue.c
> > b/drivers/gpu/drm/amd/amdkfd/kfd_queue.c
> > index 62c635e9d1aa..dc2cdc48e28d 100644
> > --- a/drivers/gpu/drm/amd/amdkfd/kfd_queue.c
> > +++ b/drivers/gpu/drm/amd/amdkfd/kfd_queue.c
> > @@ -277,7 +277,7 @@ int kfd_queue_acquire_buffers(struct
> kfd_process_device *pdd, struct queue_prope
> >     if (properties->eop_ring_buffer_address) {
> >             if (properties->eop_ring_buffer_size != topo_dev-
> >node_props.eop_buffer_size) {
> >                     pr_debug("queue eop bo size 0x%lx not equal to
> node eop buf size 0x%x\n",
> > -                           properties->eop_buf_bo->tbo.base.size,
> > +                           properties->eop_ring_buffer_size,
> >                             topo_dev->node_props.eop_buffer_size);
> >                     err = -EINVAL;
> >                     goto out_err_unreserve;