From patchwork Sat Feb 18 00:21:22 2017
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: bugzilla-daemon@bugzilla.kernel.org
X-Patchwork-Id: 9580905
Return-Path: <dri-devel-bounces@lists.freedesktop.org>
Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org
	[172.30.200.125])
	by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id
	F0277600F6 for <patchwork-dri-devel@patchwork.kernel.org>;
	Sat, 18 Feb 2017 00:21:27 +0000 (UTC)
Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id D97522879B
	for <patchwork-dri-devel@patchwork.kernel.org>;
	Sat, 18 Feb 2017 00:21:27 +0000 (UTC)
Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486)
	id CE090287A4; Sat, 18 Feb 2017 00:21:27 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
	pdx-wl-mail.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-4.2 required=2.0 tests=BAYES_00, RCVD_IN_DNSWL_MED
	autolearn=ham version=3.3.1
Received: from gabe.freedesktop.org (gabe.freedesktop.org [131.252.210.177])
	(using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256
	bits)) (No client certificate requested)
	by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id 951D32879B
	for <patchwork-dri-devel@patchwork.kernel.org>;
	Sat, 18 Feb 2017 00:21:27 +0000 (UTC)
Received: from gabe.freedesktop.org (localhost [127.0.0.1])
	by gabe.freedesktop.org (Postfix) with ESMTP id 3484E6E092;
	Sat, 18 Feb 2017 00:21:25 +0000 (UTC)
X-Original-To: dri-devel@lists.freedesktop.org
Delivered-To: dri-devel@lists.freedesktop.org
Received: from mail.wl.linuxfoundation.org (mail.wl.linuxfoundation.org
	[198.145.29.98])
	by gabe.freedesktop.org (Postfix) with ESMTPS id D51B26E092
	for <dri-devel@lists.freedesktop.org>;
	Sat, 18 Feb 2017 00:21:23 +0000 (UTC)
Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 9C149287AD
	for <dri-devel@lists.freedesktop.org>;
	Sat, 18 Feb 2017 00:21:23 +0000 (UTC)
Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486)
	id 910E1287A8; Sat, 18 Feb 2017 00:21:23 +0000 (UTC)
Received: from pdx-korg-bugzilla-1.web.codeaurora.org (unknown
	[172.30.200.120])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 4882D287A4
	for <dri-devel@lists.freedesktop.org>;
	Sat, 18 Feb 2017 00:21:22 +0000 (UTC)
Received: by pdx-korg-bugzilla-1.web.codeaurora.org (Postfix, from userid 48)
	id 4DE268353B; Sat, 18 Feb 2017 00:21:22 +0000 (UTC)
From: bugzilla-daemon@bugzilla.kernel.org
To: dri-devel@lists.freedesktop.org
Subject: [Bug 194579] AMDGPU: Possible size overflow detected by PaX in
	ttm_bo_handle_move_mem (drivers/gpu/drm/ttm/ttm_bo.c:388)
Date: Sat, 18 Feb 2017 00:21:22 +0000
X-Bugzilla-Reason: None
X-Bugzilla-Type: changed
X-Bugzilla-Watch-Reason: AssignedTo drivers_video-dri@kernel-bugs.osdl.org
X-Bugzilla-Product: Drivers
X-Bugzilla-Component: Video(DRI - non Intel)
X-Bugzilla-Version: 2.5
X-Bugzilla-Keywords: 
X-Bugzilla-Severity: normal
X-Bugzilla-Who: pageexec@freemail.hu
X-Bugzilla-Status: NEW
X-Bugzilla-Resolution: 
X-Bugzilla-Priority: P1
X-Bugzilla-Assigned-To: drivers_video-dri@kernel-bugs.osdl.org
X-Bugzilla-Flags: 
X-Bugzilla-Changed-Fields: 
Message-ID: <bug-194579-2300-j2vPFEQRiu@https.bugzilla.kernel.org/>
In-Reply-To: <bug-194579-2300@https.bugzilla.kernel.org/>
References: <bug-194579-2300@https.bugzilla.kernel.org/>
X-Bugzilla-URL: https://bugzilla.kernel.org/
Auto-Submitted: auto-generated
MIME-Version: 1.0
X-Virus-Scanned: ClamAV using ClamSMTP
X-BeenThere: dri-devel@lists.freedesktop.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: Direct Rendering Infrastructure - Development
	<dri-devel.lists.freedesktop.org>
List-Unsubscribe: <https://lists.freedesktop.org/mailman/options/dri-devel>,
	<mailto:dri-devel-request@lists.freedesktop.org?subject=unsubscribe>
List-Archive: <https://lists.freedesktop.org/archives/dri-devel>
List-Post: <mailto:dri-devel@lists.freedesktop.org>
List-Help: <mailto:dri-devel-request@lists.freedesktop.org?subject=help>
List-Subscribe: <https://lists.freedesktop.org/mailman/listinfo/dri-devel>,
	<mailto:dri-devel-request@lists.freedesktop.org?subject=subscribe>
Errors-To: dri-devel-bounces@lists.freedesktop.org
Sender: "dri-devel" <dri-devel-bounces@lists.freedesktop.org>
X-Virus-Scanned: ClamAV using ClamSMTP

https://bugzilla.kernel.org/show_bug.cgi?id=194579

--- Comment #9 from PaX Team (pageexec@freemail.hu) ---
would the following workaround do the job of not triggering the overflow and
not causing any other logic bugs for our purposes:

--- a/drivers/gpu/drm/ttm/ttm_bo.c      2016-12-13 12:11:19.867579755 +0100
+++ b/drivers/gpu/drm/ttm/ttm_bo.c        2017-02-18 01:19:44.122817874 +0100
@@ -384,7 +384,7 @@
                bo->evicted = false;
        }

-       if (bo->mem.mm_node) {
+       if (bo->mem.mm_node && bo->mem.start != AMDGPU_BO_INVALID_OFFSET) {
                bo->offset = (bo->mem.start << PAGE_SHIFT) +
                    bdev->man[bo->mem.mem_type].gpu_offset;
                bo->cur_placement = bo->mem.placement;