On 1/29/26 10:05, Zilin Guan wrote:
> amdgpu_discovery_get_nps_info() internally allocates memory for ranges
> using kvcalloc(), which may use vmalloc() for large allocation. Using
> kfree() to release vmalloc memory will lead to a memory corruption.
>
> Use kvfree() to safely handle both kmalloc and vmalloc allocations.
>
> Compile tested only. Issue found using a prototype static analysis tool
> and code review.
>
> Fixes: b194d21b9bcc ("drm/amdgpu: Use NPS ranges from discovery table")
> Signed-off-by: Zilin Guan <[email protected]>
Good catch!
But i think we rather need to question why amdgpu_discovery_get_nps_info() is
using kvcalloc()? I have strong doubts that we need vmalloc() here.
Regards,
Christian.
> ---
> drivers/gpu/drm/amd/amdgpu/amdgpu_gmc.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_gmc.c
> b/drivers/gpu/drm/amd/amdgpu/amdgpu_gmc.c
> index 7e623f91f2d7..cb0d1ac148e9 100644
> --- a/drivers/gpu/drm/amd/amdgpu/amdgpu_gmc.c
> +++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_gmc.c
> @@ -1382,7 +1382,7 @@ int amdgpu_gmc_get_nps_memranges(struct amdgpu_device
> *adev,
> if (!*exp_ranges)
> *exp_ranges = range_cnt;
> err:
> - kfree(ranges);
> + kvfree(ranges);
>
> return ret;
> }
