Message ID | 20221025072822.129940-1-yang.lee@linux.alibaba.com |
---|---|
State | New |
Headers |
Return-Path: <linux-kernel-owner@vger.kernel.org> Delivered-To: ouuuleilei@gmail.com Received: by 2002:a5d:6687:0:0:0:0:0 with SMTP id l7csp860382wru; Tue, 25 Oct 2022 00:35:15 -0700 (PDT) X-Google-Smtp-Source: AMsMyM59F08ruXeg1juFIWiFlJWCOOUexl8O7yqFJWiNQAVx7EyUVp6gAaEWPunN2fFFetHCWxzf X-Received: by 2002:a17:902:f687:b0:185:4163:3368 with SMTP id l7-20020a170902f68700b0018541633368mr38034050plg.25.1666683315351; Tue, 25 Oct 2022 00:35:15 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1666683315; cv=none; d=google.com; s=arc-20160816; b=PFgZFdO2nWOuEOOTq9DVVmqOsGFrnVvOjKSWo5b8mrrfIrhX4I5OdcOu/HD1vvQ9Yw oUgI6yq8Gt2Ouo6aRjDVWMGXTWWIgz66Q/K76NoJfElmCV6Ik3DwAQ4E3FYvLLGTwWNg pOlxMUC+MAqV2vctugV7gnupXYGhVOiLDeZwLDxnPENwm6LDqSWCL+BoZnJT2nB8rhv1 RTBPkOXIE55ehfezAodHTvm47RHvvvb8gqeRZmy0NpM3leZj5Gl4TMBLZ8Ahfj6Fd1zT ilvPYy8QYLNq+tOOK+EAemQYoydizO051qbtzWAwMpdSe4Efo0zH3e4tkjCYIqafGdqK jhgw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :message-id:date:subject:cc:to:from; bh=YTFA3J4WxwqgxiRTtfGiGLb9zB7aQf6IrsISsTT4/LE=; b=KCepoSytcsyd4xN4rGntXQg7iB7RKJswrNC4C9/SvdoGXpIxwsYEplCaH9o2FPjH60 lhMaTgtFYfn70R7FqPp4YEeHZEu3PYW35a2jRDRiPxxKxA7skjoUfXYayjgSmATZAjZ1 rs9QZTkpoIXudQqPYubnK5ukpbUTewkWIqWYvV7jhCIlIy8cjZGWRfFqOrtkOPpdCDcV gn7oFHoHVl1n5htWTcPFloGSfHOBJKvgRrnyb4HnoOSfkOGarP9cN7m9Lxnwt4FbtyOd NgqgEhGTcJnO0Rwk7A6hmlbLBWFUeMEIOHutqnrpOFfVK/AkwjHWJHxg3psFOWu39ScJ AhtQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=alibaba.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id g8-20020a170902740800b001709c82ca08si1918464pll.297.2022.10.25.00.35.02; Tue, 25 Oct 2022 00:35:15 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=alibaba.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230225AbiJYH2a (ORCPT <rfc822;lucius.rs.storz@gmail.com> + 99 others); Tue, 25 Oct 2022 03:28:30 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:38464 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229544AbiJYH21 (ORCPT <rfc822;linux-kernel@vger.kernel.org>); Tue, 25 Oct 2022 03:28:27 -0400 Received: from out30-131.freemail.mail.aliyun.com (out30-131.freemail.mail.aliyun.com [115.124.30.131]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id D3AFB31DD0 for <linux-kernel@vger.kernel.org>; Tue, 25 Oct 2022 00:28:26 -0700 (PDT) X-Alimail-AntiSpam: AC=PASS;BC=-1|-1;BR=01201311R201e4;CH=green;DM=||false|;DS=||;FP=0|-1|-1|-1|0|-1|-1|-1;HT=ay29a033018046059;MF=yang.lee@linux.alibaba.com;NM=1;PH=DS;RN=11;SR=0;TI=SMTPD_---0VT1uIFE_1666682903; Received: from localhost(mailfrom:yang.lee@linux.alibaba.com fp:SMTPD_---0VT1uIFE_1666682903) by smtp.aliyun-inc.com; Tue, 25 Oct 2022 15:28:24 +0800 From: Yang Li <yang.lee@linux.alibaba.com> To: alexander.deucher@amd.com Cc: Felix.Kuehling@amd.com, christian.koenig@amd.com, Xinhui.Pan@amd.com, airlied@gmail.com, daniel@ffwll.ch, amd-gfx@lists.freedesktop.org, dri-devel@lists.freedesktop.org, linux-kernel@vger.kernel.org, Yang Li <yang.lee@linux.alibaba.com>, Abaci Robot <abaci@linux.alibaba.com> Subject: [PATCH -next] drm/amdkfd: Fix NULL pointer dereference in svm_migrate_to_ram() Date: Tue, 25 Oct 2022 15:28:22 +0800 Message-Id: <20221025072822.129940-1-yang.lee@linux.alibaba.com> X-Mailer: git-send-email 2.20.1.7.g153144c MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Spam-Status: No, score=-9.9 required=5.0 tests=BAYES_00, ENV_AND_HDR_SPF_MATCH,RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_PASS, UNPARSEABLE_RELAY,URIBL_BLOCKED,USER_IN_DEF_SPF_WL autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: <linux-kernel.vger.kernel.org> X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1747644123923790477?= X-GMAIL-MSGID: =?utf-8?q?1747644123923790477?= |
Series |
[-next] drm/amdkfd: Fix NULL pointer dereference in svm_migrate_to_ram()
|
|
Commit Message
Yang Li
Oct. 25, 2022, 7:28 a.m. UTC
./drivers/gpu/drm/amd/amdkfd/kfd_migrate.c:985:58-62: ERROR: p is NULL but dereferenced.
Link: https://bugzilla.openanolis.cn/show_bug.cgi?id=2549
Reported-by: Abaci Robot <abaci@linux.alibaba.com>
Signed-off-by: Yang Li <yang.lee@linux.alibaba.com>
---
drivers/gpu/drm/amd/amdkfd/kfd_migrate.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
Comments
Am 2022-10-25 um 03:28 schrieb Yang Li: > ./drivers/gpu/drm/amd/amdkfd/kfd_migrate.c:985:58-62: ERROR: p is NULL but dereferenced. > > Link: https://bugzilla.openanolis.cn/show_bug.cgi?id=2549 > Reported-by: Abaci Robot <abaci@linux.alibaba.com> > Signed-off-by: Yang Li <yang.lee@linux.alibaba.com> > --- > drivers/gpu/drm/amd/amdkfd/kfd_migrate.c | 3 ++- > 1 file changed, 2 insertions(+), 1 deletion(-) > > diff --git a/drivers/gpu/drm/amd/amdkfd/kfd_migrate.c b/drivers/gpu/drm/amd/amdkfd/kfd_migrate.c > index cddf259875c0..405dd51521dc 100644 > --- a/drivers/gpu/drm/amd/amdkfd/kfd_migrate.c > +++ b/drivers/gpu/drm/amd/amdkfd/kfd_migrate.c > @@ -981,7 +981,8 @@ static vm_fault_t svm_migrate_to_ram(struct vm_fault *vmf) > out_mmput: > mmput(mm); > > - pr_debug("CPU fault svms 0x%p address 0x%lx done\n", &p->svms, addr); > + if (p) > + pr_debug("CPU fault svms 0x%p address 0x%lx done\n", &p->svms, addr); Thank you for catching and reporting this problem. I think the correct solution would be to move the pr_debug up before the kfd_unref_process call. That way you're sure that the pointer is initialized and that it represents a valid reference to the kfd_process structure. Regards, Felix > > return r ? VM_FAULT_SIGBUS : 0; > }
diff --git a/drivers/gpu/drm/amd/amdkfd/kfd_migrate.c b/drivers/gpu/drm/amd/amdkfd/kfd_migrate.c index cddf259875c0..405dd51521dc 100644 --- a/drivers/gpu/drm/amd/amdkfd/kfd_migrate.c +++ b/drivers/gpu/drm/amd/amdkfd/kfd_migrate.c @@ -981,7 +981,8 @@ static vm_fault_t svm_migrate_to_ram(struct vm_fault *vmf) out_mmput: mmput(mm); - pr_debug("CPU fault svms 0x%p address 0x%lx done\n", &p->svms, addr); + if (p) + pr_debug("CPU fault svms 0x%p address 0x%lx done\n", &p->svms, addr); return r ? VM_FAULT_SIGBUS : 0; }