From 9d236bd657c0757e07bef8480dfc2b269f06432f Mon Sep 17 00:00:00 2001 From: jsg Date: Thu, 20 Jul 2023 08:45:36 +0000 Subject: [PATCH] amdgpu: validate offset_in_bo of drm_amdgpu_gem_va From Chia-I Wu b10db1d2137415e5e7f9706d96cfe77539c499d4 in linux-6.1.y/6.1.39 9f0bcf49e9895cb005d78b33a5eebfa11711b425 in mainline linux --- sys/dev/pci/drm/amd/amdgpu/amdgpu_vm.c | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/sys/dev/pci/drm/amd/amdgpu/amdgpu_vm.c b/sys/dev/pci/drm/amd/amdgpu/amdgpu_vm.c index d3a369f6c19..1d6ff4db92a 100644 --- a/sys/dev/pci/drm/amd/amdgpu/amdgpu_vm.c +++ b/sys/dev/pci/drm/amd/amdgpu/amdgpu_vm.c @@ -1489,14 +1489,14 @@ int amdgpu_vm_bo_map(struct amdgpu_device *adev, uint64_t eaddr; /* validate the parameters */ - if (saddr & ~LINUX_PAGE_MASK || offset & ~LINUX_PAGE_MASK || - size == 0 || size & ~LINUX_PAGE_MASK) + if (saddr & ~LINUX_PAGE_MASK || offset & ~LINUX_PAGE_MASK || size & ~LINUX_PAGE_MASK) + return -EINVAL; + if (saddr + size <= saddr || offset + size <= offset) return -EINVAL; /* make sure object fit at this offset */ eaddr = saddr + size - 1; - if (saddr >= eaddr || - (bo && offset + size > amdgpu_bo_size(bo)) || + if ((bo && offset + size > amdgpu_bo_size(bo)) || (eaddr >= adev->vm_manager.max_pfn << AMDGPU_GPU_PAGE_SHIFT)) return -EINVAL; @@ -1555,14 +1555,14 @@ int amdgpu_vm_bo_replace_map(struct amdgpu_device *adev, int r; /* validate the parameters */ - if (saddr & ~LINUX_PAGE_MASK || offset & ~LINUX_PAGE_MASK || - size == 0 || size & ~LINUX_PAGE_MASK) + if (saddr & ~LINUX_PAGE_MASK || offset & ~LINUX_PAGE_MASK || size & ~LINUX_PAGE_MASK) + return -EINVAL; + if (saddr + size <= saddr || offset + size <= offset) return -EINVAL; /* make sure object fit at this offset */ eaddr = saddr + size - 1; - if (saddr >= eaddr || - (bo && offset + size > amdgpu_bo_size(bo)) || + if ((bo && offset + size > amdgpu_bo_size(bo)) || (eaddr >= adev->vm_manager.max_pfn << AMDGPU_GPU_PAGE_SHIFT)) return -EINVAL; -- 2.20.1