From f77fc86ffb84f7596df0b436961a127344ab0832 Mon Sep 17 00:00:00 2001 From: Matthew Auld Date: Wed, 21 Aug 2024 18:19:18 +0100 Subject: [PATCH] drm/xe: fixup xe_alloc_pf_queue BugLink: https://bugs.launchpad.net/bugs/2089884 [ Upstream commit 321d6b4b9cbe3dd0bc99937d5e5b4d730b5b5798 ] kzalloc expects number of bytes, therefore we should convert the number of dw into bytes, otherwise we are likely just accessing beyond the array causing all kinds of carnage. Also fixup the error handling while we are here. v2: - Prefer kcalloc (dim) Fixes: 3338e4f90c14 ("drm/xe: Use topology to determine page fault queue size") Signed-off-by: Matthew Auld Cc: Stuart Summers Cc: Matthew Brost Reviewed-by: Nirmoy Das Signed-off-by: Matthew Brost Link: https://patchwork.freedesktop.org/patch/msgid/20240821171917.417386-2-matthew.auld@intel.com Signed-off-by: Sasha Levin Signed-off-by: Koichiro Den Signed-off-by: Roxana Nicolescu --- drivers/gpu/drm/xe/xe_gt_pagefault.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/drivers/gpu/drm/xe/xe_gt_pagefault.c b/drivers/gpu/drm/xe/xe_gt_pagefault.c index fe65ed5ff8a8..86452cac0089 100644 --- a/drivers/gpu/drm/xe/xe_gt_pagefault.c +++ b/drivers/gpu/drm/xe/xe_gt_pagefault.c @@ -438,7 +438,10 @@ static int xe_alloc_pf_queue(struct xe_gt *gt, struct pf_queue *pf_queue) (num_eus + XE_NUM_HW_ENGINES) * PF_MSG_LEN_DW; pf_queue->gt = gt; - pf_queue->data = kzalloc(pf_queue->num_dw, GFP_KERNEL); + pf_queue->data = kcalloc(pf_queue->num_dw, sizeof(u32), GFP_KERNEL); + if (!pf_queue->data) + return -ENOMEM; + spin_lock_init(&pf_queue->lock); INIT_WORK(&pf_queue->worker, pf_queue_work_func);