linux/drivers/gpu
Jeremy Cline 8b335bff64 drm/amdkfd: Fix out-of-bounds read in kdf_create_vcrat_image_cpu()
KASAN reported a slab-out-of-bounds read of size 1 in
kdf_create_vcrat_image_cpu().

This occurs when, for example, when on an x86_64 with a single NUMA node
because kfd_fill_iolink_info_for_cpu() is a no-op, but afterwards the
sub_type_hdr->length, which is out-of-bounds, is read and multiplied by
entries. Fortunately, entries is 0 in this case so the overall
crat_table->length is still correct.

Check if there were any entries before de-referencing sub_type_hdr which
may be pointing to out-of-bounds memory.

Fixes: b7b6c38529 ("drm/amdkfd: Calculate CPU VCRAT size dynamically (v2)")
Suggested-by: Felix Kuehling <Felix.Kuehling@amd.com>
Signed-off-by: Jeremy Cline <jcline@redhat.com>
Reviewed-by: Felix Kuehling <Felix.Kuehling@amd.com>
Signed-off-by: Felix Kuehling <Felix.Kuehling@amd.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
2021-01-14 00:23:39 -05:00
..
drm drm/amdkfd: Fix out-of-bounds read in kdf_create_vcrat_image_cpu() 2021-01-14 00:23:39 -05:00
host1x gpu/host1x: bus: Add missing description for 'driver' 2020-11-05 22:12:55 +01:00
ipu-v3 gpu: ipu-v3: remove unused functions 2020-10-26 10:42:38 +01:00
trace
vga pci-v5.11-changes 2020-12-15 16:49:59 -08:00
Makefile