[lvc-project] [PATCH] drm/amdgpu: fix NULL dereference in gfx_v9_0_kcq() and kiq_init_queue()
SDL
sdl at nppct.ru
Wed Jun 4 22:30:43 MSK 2025
> On Sat, May 24, 2025 at 2:14 AM Alexey Nepomnyashih <sdl at nppct.ru> wrote:
>> A potential NULL pointer dereference may occur when accessing
>> tmp_mqd->cp_hqd_pq_control without verifying that tmp_mqd is non-NULL.
>> This may happen if mqd_backup[mqd_idx] is unexpectedly NULL.
>>
>> Although a NULL check for mqd_backup[mqd_idx] existed previously, it was
>> moved to a position after the dereference in a recent commit, which
>> renders it ineffective.
> I don't think it's possible for mqd_backup to be NULL at this point.
> We would have failed earlier in init if the mqd backup allocation
> failed.
>
> Alex
In scenarios such as GPU reset or power management resume, there is no
strict
guarantee that amdgpu_gfx_mqd_sw_init() (via ->sw_init()) is invoked before
gfx_v9_0_kiq_init_queue(). As a result, mqd_backup[] may remain
uninitialized,
and dereferencing it without a NULL check can lead to a crash.
Most other uses of mqd_backup[] in the driver explicitly check for NULL,
indicating that uninitialized entries are an expected condition and
should be handled
accordingly.
Alexey
More information about the lvc-project
mailing list