6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Matthew Auld <matthew.auld@xxxxxxxxx>
[ Upstream commit 321d6b4b9cbe3dd0bc99937d5e5b4d730b5b5798 ]
kzalloc expects number of bytes, therefore we should convert the number
of dw into bytes, otherwise we are likely just accessing beyond the
array causing all kinds of carnage. Also fixup the error handling while
we are here.
v2:
- Prefer kcalloc (dim)
Fixes: 3338e4f90c14 ("drm/xe: Use topology to determine page fault queue size")
Signed-off-by: Matthew Auld <matthew.auld@xxxxxxxxx>
Cc: Stuart Summers <stuart.summers@xxxxxxxxx>
Cc: Matthew Brost <matthew.brost@xxxxxxxxx>
Reviewed-by: Nirmoy Das <nirmoy.das@xxxxxxxxx>
Signed-off-by: Matthew Brost <matthew.brost@xxxxxxxxx>
Link: https://patchwork.freedesktop.org/patch/msgid/20240821171917.417386-2-matthew.auld@xxxxxxxxx
Signed-off-by: Sasha Levin <sashal@xxxxxxxxxx>
---
drivers/gpu/drm/xe/xe_gt_pagefault.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/drivers/gpu/drm/xe/xe_gt_pagefault.c b/drivers/gpu/drm/xe/xe_gt_pagefault.c
index 401c0527d9140..0be4687bfc203 100644
--- a/drivers/gpu/drm/xe/xe_gt_pagefault.c
+++ b/drivers/gpu/drm/xe/xe_gt_pagefault.c
@@ -417,7 +417,10 @@ static int xe_alloc_pf_queue(struct xe_gt *gt, struct pf_queue *pf_queue)
(num_eus + XE_NUM_HW_ENGINES) * PF_MSG_LEN_DW;
pf_queue->gt = gt;
- pf_queue->data = kzalloc(pf_queue->num_dw, GFP_KERNEL);
+ pf_queue->data = kcalloc(pf_queue->num_dw, sizeof(u32), GFP_KERNEL);
+ if (!pf_queue->data)
+ return -ENOMEM;
+
spin_lock_init(&pf_queue->lock);
INIT_WORK(&pf_queue->worker, pf_queue_work_func);
--
2.43.0
