drm/amdkfd: Fix NULL Pointer Dereference in KFD queue

Through KFD IOCTL Fuzzing we encountered a NULL pointer derefrence
when calling kfd_queue_acquire_buffers.

Fixes: 629568d25fea ("drm/amdkfd: Validate queue cwsr area and eop buffer size")
Signed-off-by: Andrew Martin <Andrew.Martin@amd.com>
Reviewed-by: Philip Yang <Philip.Yang@amd.com>
Signed-off-by: Andrew Martin <Andrew.Martin@amd.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>

diff --git a/drivers/gpu/drm/amd/amdkfd/kfd_queue.c b/drivers/gpu/drm/amd/amdkfd/kfd_queue.c
index 62c635e9d1aa735fe90f90974df4991e323ee79e..4afff7094cafcdc64efcae179a599cbd23fa991a 100644 (file)
--- a/drivers/gpu/drm/amd/amdkfd/kfd_queue.c
+++ b/drivers/gpu/drm/amd/amdkfd/kfd_queue.c
@@ -276,8 +276,8 @@ int kfd_queue_acquire_buffers(struct kfd_process_device *pdd, struct queue_prope
        /* EOP buffer is not required for all ASICs */
        if (properties->eop_ring_buffer_address) {
                if (properties->eop_ring_buffer_size != topo_dev->node_props.eop_buffer_size) {
-                       pr_debug("queue eop bo size 0x%lx not equal to node eop buf size 0x%x\n",
-                               properties->eop_buf_bo->tbo.base.size,
+                       pr_debug("queue eop bo size 0x%x not equal to node eop buf size 0x%x\n",
+                               properties->eop_ring_buffer_size,
                                topo_dev->node_props.eop_buffer_size);
                        err = -EINVAL;
                        goto out_err_unreserve;