crashstate_get_vm_logs() did not check the return value of
kmalloc_array(). In low-memory situations, kmalloc_array() may return
NULL, leading to a NULL pointer dereference when the function later
accesses state->vm_logs.
Fix this by checking the return value of kmalloc_array() and setting
state->nr_vm_logs to 0 if allocation fails.
Fixes: 9edc52967cc7 ("drm/msm: Add VM logging for VM_BIND updates")
Signed-off-by: Huiwen He <[email protected]>
---
Changes in v2:
- Simplify the failure exit path as suggested by Rob Clark.
- Link to v1:
https://lore.kernel.org/all/[email protected]
drivers/gpu/drm/msm/msm_gpu.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/drivers/gpu/drm/msm/msm_gpu.c b/drivers/gpu/drm/msm/msm_gpu.c
index 17759abc46d7..e23f70fbc8cb 100644
--- a/drivers/gpu/drm/msm/msm_gpu.c
+++ b/drivers/gpu/drm/msm/msm_gpu.c
@@ -348,6 +348,10 @@ static void crashstate_get_vm_logs(struct msm_gpu_state
*state, struct msm_gem_v
state->vm_logs = kmalloc_array(
state->nr_vm_logs, sizeof(vm->log[0]), GFP_KERNEL);
+ if (!state->vm_logs) {
+ state->nr_vm_logs = 0;
+ }
+
for (int i = 0; i < state->nr_vm_logs; i++) {
int idx = (i + first) & vm_log_mask;
--
2.43.0
