Re: [PATCH 2/2] drm/amdkfd: Check bounds for allocate_sdma_queue restore_sdma_id

Wed, 13 May 2026 06:19:01 -0700 

> +                       if (restore_sdma_id >= get_num_sdma_queues(dqm))

Just realized that an amend didn't go through; this should be *restore_sdma_id 
because
restore_sdma_id is a pointer. (and similarly for the other changed line)

David Francis

________________________________________
From: Kasiviswanathan, Harish <[email protected]>
Sent: Tuesday, May 12, 2026 5:25 PM
To: Francis, David; [email protected]
Subject: Re: [PATCH 2/2] drm/amdkfd: Check bounds for allocate_sdma_queue 
restore_sdma_id

AMD General

This series Reviewed-by: Harish Kasiviswanathan <[email protected]>
________________________________
From: amd-gfx <[email protected]> on behalf of David 
Francis <[email protected]>
Sent: Tuesday, May 12, 2026 3:28 PM
To: [email protected] <[email protected]>
Cc: Francis, David <[email protected]>
Subject: [PATCH 2/2] drm/amdkfd: Check bounds for allocate_sdma_queue 
restore_sdma_id

allocate_sdma_queue has an option where the sdma queue id can be
specified (used by CRIU). We weren't bounds-checking that
value.

Confirm it's less than the maximum number of queues.

Signed-off-by: David Francis <[email protected]>
---
 drivers/gpu/drm/amd/amdkfd/kfd_device_queue_manager.c | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/drivers/gpu/drm/amd/amdkfd/kfd_device_queue_manager.c 
b/drivers/gpu/drm/amd/amdkfd/kfd_device_queue_manager.c
index b4cc74138f1e..ddbc4bd8ab10 100644
--- a/drivers/gpu/drm/amd/amdkfd/kfd_device_queue_manager.c
+++ b/drivers/gpu/drm/amd/amdkfd/kfd_device_queue_manager.c
@@ -1727,6 +1727,9 @@ static int allocate_sdma_queue(struct 
device_queue_manager *dqm,
                 }

                 if (restore_sdma_id) {
+                       if (restore_sdma_id >= get_num_sdma_queues(dqm))
+                               return -EINVAL;
+
                         /* Re-use existing sdma_id */
                         if (!test_bit(*restore_sdma_id, dqm->sdma_bitmap)) {
                                 dev_err(dev, "SDMA queue already in use\n");
@@ -1753,6 +1756,9 @@ static int allocate_sdma_queue(struct 
device_queue_manager *dqm,
                         return -ENOMEM;
                 }
                 if (restore_sdma_id) {
+                       if (restore_sdma_id >= get_num_xgmi_sdma_queues(dqm))
+                               return -EINVAL;
+
                         /* Re-use existing sdma_id */
                         if (!test_bit(*restore_sdma_id, 
dqm->xgmi_sdma_bitmap)) {
                                 dev_err(dev, "SDMA queue already in use\n");
--
2.34.1

Reply via email to