drm/msm: Fix NULL pointer dereference in crashstate_get_vm_logs()

haryven · Rob Clark · commit 3099e0247e32 · 2025-11-17T09:43:58.000-08:00
crashstate_get_vm_logs() did not check the return value of kmalloc_array(). In low-memory situations, kmalloc_array() may return NULL, leading to a NULL pointer dereference when the function later accesses state->vm_logs. Fix this by checking the return value of kmalloc_array() and setting state->nr_vm_logs to 0 if allocation fails. Fixes: 9edc529 ("drm/msm: Add VM logging for VM_BIND updates") Signed-off-by: Huiwen He <hehuiwen@kylinos.cn> Patchwork: https://patchwork.freedesktop.org/patch/687555/ Signed-off-by: Rob Clark <robin.clark@oss.qualcomm.com>
diff --git a/drivers/gpu/drm/msm/msm_gpu.c b/drivers/gpu/drm/msm/msm_gpu.c
@@ -348,6 +348,10 @@ static void crashstate_get_vm_logs(struct msm_gpu_state *state, struct msm_gem_v
 
 	state->vm_logs = kmalloc_array(
 		state->nr_vm_logs, sizeof(vm->log[0]), GFP_KERNEL);
+	if (!state->vm_logs) {
+		state->nr_vm_logs = 0;
+	}
+
 	for (int i = 0; i < state->nr_vm_logs; i++) {
 		int idx = (i + first) & vm_log_mask;
 
