On Thu, Jan 29, 2026 at 5:12 AM Lazar, Lijo <[email protected]> wrote: > > > > On 29-Jan-26 3:00 PM, Christian König wrote: > > On 1/29/26 10:05, Zilin Guan wrote: > >> amdgpu_discovery_get_nps_info() internally allocates memory for ranges > >> using kvcalloc(), which may use vmalloc() for large allocation. Using > >> kfree() to release vmalloc memory will lead to a memory corruption. > >> > >> Use kvfree() to safely handle both kmalloc and vmalloc allocations. > >> > >> Compile tested only. Issue found using a prototype static analysis tool > >> and code review. > >> > >> Fixes: b194d21b9bcc ("drm/amdgpu: Use NPS ranges from discovery table") > >> Signed-off-by: Zilin Guan <[email protected]> > > > > Good catch! > > > > But i think we rather need to question why amdgpu_discovery_get_nps_info() > > is using kvcalloc()? I have strong doubts that we need vmalloc() here. > > > > Yes, vmalloc is enough. That change can be made separately or modified > along with this. > > As for this as a standalone change - > Reviewed-by: Lijo Lazar <[email protected]>
Applied. Thanks! Alex > > Thanks, > Lijo > > > > Regards, > > Christian. > > > >> --- > >> drivers/gpu/drm/amd/amdgpu/amdgpu_gmc.c | 2 +- > >> 1 file changed, 1 insertion(+), 1 deletion(-) > >> > >> diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_gmc.c > >> b/drivers/gpu/drm/amd/amdgpu/amdgpu_gmc.c > >> index 7e623f91f2d7..cb0d1ac148e9 100644 > >> --- a/drivers/gpu/drm/amd/amdgpu/amdgpu_gmc.c > >> +++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_gmc.c > >> @@ -1382,7 +1382,7 @@ int amdgpu_gmc_get_nps_memranges(struct > >> amdgpu_device *adev, > >> if (!*exp_ranges) > >> *exp_ranges = range_cnt; > >> err: > >> - kfree(ranges); > >> + kvfree(ranges); > >> > >> return ret; > >> } > > >
