[PATCH v4 1/9] drm/amdkfd: Correct SMI event read size

Fri, 25 Feb 2022 10:06:42 -0800 

sizeof(buf) is 8 bytes because it is defined as unsigned char *buf,
each SMI event read only copy max 8 bytes to user buffer. Correct this
by using the buf allocate size.

Use KFD_SMI_EVENT_MSG_SIZE to define msg size, the same size will be
used in user space to alloc the msg receive buffer.

Signed-off-by: Philip Yang <philip.y...@amd.com>
Reviewed-by: Felix Kuehling <felix.kuehl...@amd.com>
---
 drivers/gpu/drm/amd/amdkfd/kfd_smi_events.c | 11 ++++++-----
 1 file changed, 6 insertions(+), 5 deletions(-)

diff --git a/drivers/gpu/drm/amd/amdkfd/kfd_smi_events.c 
b/drivers/gpu/drm/amd/amdkfd/kfd_smi_events.c
index f9eafc796e70..ce78bbd360da 100644
--- a/drivers/gpu/drm/amd/amdkfd/kfd_smi_events.c
+++ b/drivers/gpu/drm/amd/amdkfd/kfd_smi_events.c
@@ -82,7 +82,8 @@ static ssize_t kfd_smi_ev_read(struct file *filep, char 
__user *user,
        struct kfd_smi_client *client = filep->private_data;
        unsigned char *buf;
 
-       buf = kmalloc_array(MAX_KFIFO_SIZE, sizeof(*buf), GFP_KERNEL);
+       size = min_t(size_t, size, MAX_KFIFO_SIZE);
+       buf = kmalloc(size, GFP_KERNEL);
        if (!buf)
                return -ENOMEM;
 
@@ -96,7 +97,7 @@ static ssize_t kfd_smi_ev_read(struct file *filep, char 
__user *user,
                ret = -EAGAIN;
                goto ret_err;
        }
-       to_copy = min3(size, sizeof(buf), to_copy);
+       to_copy = min(size, to_copy);
        ret = kfifo_out(&client->fifo, buf, to_copy);
        spin_unlock(&client->lock);
        if (ret <= 0) {
@@ -183,7 +184,7 @@ void kfd_smi_event_update_gpu_reset(struct kfd_dev *dev, 
bool post_reset)
         * 1 byte event + 1 byte space + 8 bytes seq num +
         * 1 byte \n + 1 byte \0 = 12
         */
-       char fifo_in[12];
+       char fifo_in[KFD_SMI_EVENT_MSG_SIZE];
        int len;
        unsigned int event;
 
@@ -215,7 +216,7 @@ void kfd_smi_event_update_thermal_throttling(struct kfd_dev 
*dev,
         * 1 byte : + 16 byte thermal_interupt_counter + 1 byte \n +
         * 1 byte \0 = 37
         */
-       char fifo_in[37];
+       char fifo_in[KFD_SMI_EVENT_MSG_SIZE];
        int len;
 
        if (list_empty(&dev->smi_clients))
@@ -235,7 +236,7 @@ void kfd_smi_event_update_vmfault(struct kfd_dev *dev, 
uint16_t pasid)
        /* 1 byte event + 1 byte space + 25 bytes msg + 1 byte \n +
         * 1 byte \0 = 29
         */
-       char fifo_in[29];
+       char fifo_in[KFD_SMI_EVENT_MSG_SIZE];
        int len;
 
        if (list_empty(&dev->smi_clients))
-- 
2.17.1

Reply via email to