drm/msm: Fix NULL pointer dereference in crashstate_get_vm_logs()

crashstate_get_vm_logs() did not check the return value of kmalloc_array(). In low-memory situations, kmalloc_array() may return NULL, leading to a NULL pointer dereference when the function later accesses state->vm_logs. Fix this by checking the return value of kmalloc_array() and setting state->nr_vm_logs to 0 if allocation fails. Fixes: 9edc52967cc7 ("drm/msm: Add VM logging for VM_BIND updates") Signed-off-by: Huiwen He <hehuiwen@kylinos.cn> Patchwork: https://patchwork.freedesktop.org/patch/687555/ Signed-off-by: Rob Clark <robin.clark@oss.qualcomm.com>
author: Huiwen He <hehuiwen@kylinos.cn> 2025-11-13 01:04:11 +0800
committer: Rob Clark <rob.clark@oss.qualcomm.com> 2025-11-17 09:43:58 -0800
commit: 3099e0247e3217e1b39c1c61766e06ec3d13835f (patch)
tree: fef2a02d3b9b1278b33c4d3f0120222c922493cf /drivers/gpu/drm/msm/msm_gpu.c
parent: 15cc59ac954eb953252d5e98852569bf22ad5d8b (diff)
1 files changed, 4 insertions, 0 deletions
diff --git a/drivers/gpu/drm/msm/msm_gpu.c b/drivers/gpu/drm/msm/msm_gpu.c
index 17759abc46d7..e23f70fbc8cb 100644
--- a/drivers/gpu/drm/msm/msm_gpu.c
+++ b/drivers/gpu/drm/msm/msm_gpu.c
@@ -348,6 +348,10 @@ static void crashstate_get_vm_logs(struct msm_gpu_state *state, struct msm_gem_v
 
 	state->vm_logs = kmalloc_array(
 		state->nr_vm_logs, sizeof(vm->log[0]), GFP_KERNEL);
+	if (!state->vm_logs) {
+		state->nr_vm_logs = 0;
+	}
+
 	for (int i = 0; i < state->nr_vm_logs; i++) {
 		int idx = (i + first) & vm_log_mask;
author	Huiwen He <hehuiwen@kylinos.cn>	2025-11-13 01:04:11 +0800
committer	Rob Clark <rob.clark@oss.qualcomm.com>	2025-11-17 09:43:58 -0800
commit	3099e0247e3217e1b39c1c61766e06ec3d13835f (patch)
tree	fef2a02d3b9b1278b33c4d3f0120222c922493cf /drivers/gpu/drm/msm/msm_gpu.c
parent	15cc59ac954eb953252d5e98852569bf22ad5d8b (diff)