Commit 5674dade authored by Dave Airlie's avatar Dave Airlie Committed by Xiang Yang
Browse files

amdkfd: use calloc instead of kzalloc to avoid integer overflow 

stable inclusion
from stable-v5.10.215
commit fcbd99b3c73309107e3be71f20dff9414df64f91
category: bugfix
bugzilla: https://gitee.com/src-openeuler/kernel/issues/I9GE8D
CVE: CVE-2024-26817

Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=fcbd99b3c73309107e3be71f20dff9414df64f91



--------------------------------

commit 3b0daecfeac0103aba8b293df07a0cbaf8b43f29 upstream.

This uses calloc instead of doing the multiplication which might
overflow.

Cc: stable@vger.kernel.org
Signed-off-by: default avatarDave Airlie <airlied@redhat.com>
Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: default avatarXiang Yang <xiangyang3@huawei.com>
parent fca9656c

drivers/gpu/drm/amd/amdkfd/kfd_chardev.c

+2 −2
Original line number Diff line number Diff line
@@ -959,8 +959,8 @@ static int kfd_ioctl_get_process_apertures_new(struct file *filp, 
	 * nodes, but not more than args->num_of_nodes as that is

	 * the amount of memory allocated by user

	 */

	pa = kzalloc((sizeof(struct kfd_process_device_apertures) *

				args->num_of_nodes), GFP_KERNEL);

	pa = kcalloc(args->num_of_nodes, sizeof(struct kfd_process_device_apertures),

		     GFP_KERNEL);

	if (!pa)

		return -ENOMEM;