On 29-Jan-26 3:00 PM, Christian König wrote:
On 1/29/26 10:05, Zilin Guan wrote:
amdgpu_discovery_get_nps_info() internally allocates memory for ranges
using kvcalloc(), which may use vmalloc() for large allocation. Using
kfree() to release vmalloc memory will lead to a memory corruption.
Use kvfree() to safely handle both kmalloc and vmalloc allocations.
Compile tested only. Issue found using a prototype static analysis tool
and code review.
Fixes: b194d21b9bcc ("drm/amdgpu: Use NPS ranges from discovery table")
Signed-off-by: Zilin Guan <[email protected]>
Good catch!
But i think we rather need to question why amdgpu_discovery_get_nps_info() is
using kvcalloc()? I have strong doubts that we need vmalloc() here.
Yes, vmalloc is enough. That change can be made separately or modified
along with this.
As for this as a standalone change -
Reviewed-by: Lijo Lazar <[email protected]>
Thanks,
Lijo
Regards,
Christian.
---
drivers/gpu/drm/amd/amdgpu/amdgpu_gmc.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_gmc.c
b/drivers/gpu/drm/amd/amdgpu/amdgpu_gmc.c
index 7e623f91f2d7..cb0d1ac148e9 100644
--- a/drivers/gpu/drm/amd/amdgpu/amdgpu_gmc.c
+++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_gmc.c
@@ -1382,7 +1382,7 @@ int amdgpu_gmc_get_nps_memranges(struct amdgpu_device
*adev,
if (!*exp_ranges)
*exp_ranges = range_cnt;
err:
- kfree(ranges);
+ kvfree(ranges);
return ret;
}
