[Bug,194579] AMDGPU: Possible size overflow detected by PaX in ttm_bo_handle_move_mem (drivers/gpu/drm/ttm/ttm_bo.c:388)
diff mbox

Message ID bug-194579-2300-j2vPFEQRiu@https.bugzilla.kernel.org/
State New
Headers show

Commit Message

bugzilla-daemon@bugzilla.kernel.org Feb. 18, 2017, 12:21 a.m. UTC
https://bugzilla.kernel.org/show_bug.cgi?id=194579

--- Comment #9 from PaX Team (pageexec@freemail.hu) ---
would the following workaround do the job of not triggering the overflow and
not causing any other logic bugs for our purposes:

Patch
diff mbox

--- a/drivers/gpu/drm/ttm/ttm_bo.c      2016-12-13 12:11:19.867579755 +0100
+++ b/drivers/gpu/drm/ttm/ttm_bo.c        2017-02-18 01:19:44.122817874 +0100
@@ -384,7 +384,7 @@ 
                bo->evicted = false;
        }

-       if (bo->mem.mm_node) {
+       if (bo->mem.mm_node && bo->mem.start != AMDGPU_BO_INVALID_OFFSET) {
                bo->offset = (bo->mem.start << PAGE_SHIFT) +
                    bdev->man[bo->mem.mem_type].gpu_offset;
                bo->cur_placement = bo->mem.placement;