[2/2] drm/ttm: fix start page for huge page check in ttm_put_pages()

Message ID	20190408131310.3130-2-christian.koenig@amd.com (mailing list archive)
State	New, archived
Headers	show Return-Path: <dri-devel-bounces@lists.freedesktop.org> From: " =?utf-8?q?Christian_K=C3=B6nig?= " <ckoenig.leichtzumerken@gmail.com> To: Jerry.Zhang@amd.com, ray.huang@amd.com, amd-gfx@lists.freedesktop.org, dri-devel@lists.freedesktop.org Subject: [PATCH 2/2] drm/ttm: fix start page for huge page check in ttm_put_pages() Date: Mon, 8 Apr 2019 15:13:10 +0200 Message-Id: <20190408131310.3130-2-christian.koenig@amd.com> In-Reply-To: <20190408131310.3130-1-christian.koenig@amd.com> References: <20190408131310.3130-1-christian.koenig@amd.com> MIME-Version: 1.0 X-Mailman-Original-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:subject:date:message-id:in-reply-to:references:mime-version :content-transfer-encoding; bh=8GJYv5AzGlgtG15e3ZTcgvYKLDiELwzaMtQf7aHUMEg=; b=JOBgjkG9Yfv2qbKQTS7i9Gu8t87icBRYWDEKyNWSlO5XtQlKRTITLD5FCRgoWRCChu qaSl6YUJywSjuF8jLotcjA5YfyudjbiUocPCZGaAkys/U+VW3PNT0Dz3jh000YfIk/0W RwBCXLjDbZBlUBUTQRJxOnGicpxyGOVyKUB73cD00BfNCoZgZh0EpnIpmlCkwcM/oN+C 3fzwx9HMxtoT98mTf+BTvGF6CNRu+iPF5xY2G2vM0OvBWWBc8X67eq7uL1glnmMqbV7X Q7Qh4dcS7aUF8nhoryxzywWaJTsB9QRHay/oYNzprRZkec5Vkftpk7XxSSnFW1IJ7Pl4 Q4HQ== Precedence: list Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 Errors-To: dri-devel-bounces@lists.freedesktop.org Sender: "dri-devel" <dri-devel-bounces@lists.freedesktop.org>
Series	[1/2] drm/ttm: fix out-of-bounds read in ttm_put_pages() v2 \| expand [1/2] drm/ttm: fix out-of-bounds read in ttm_put_pages() v2 [2/2] drm/ttm: fix start page for huge page check in ttm_put_pages()

Message ID

20190408131310.3130-2-christian.koenig@amd.com (mailing list archive)

State

New, archived

Headers

From: " =?utf-8?q?Christian_K=C3=B6nig?= " <ckoenig.leichtzumerken@gmail.com>
To: Jerry.Zhang@amd.com, ray.huang@amd.com, amd-gfx@lists.freedesktop.org,
 dri-devel@lists.freedesktop.org
Subject: [PATCH 2/2] drm/ttm: fix start page for huge page check in
 ttm_put_pages()
Date: Mon,  8 Apr 2019 15:13:10 +0200
Message-Id: <20190408131310.3130-2-christian.koenig@amd.com>
In-Reply-To: <20190408131310.3130-1-christian.koenig@amd.com>
References: <20190408131310.3130-1-christian.koenig@amd.com>
MIME-Version: 1.0
Precedence: list
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
Errors-To: dri-devel-bounces@lists.freedesktop.org
Sender: "dri-devel" <dri-devel-bounces@lists.freedesktop.org>

Series

[1/2] drm/ttm: fix out-of-bounds read in ttm_put_pages() v2 | expand

The first page entry is always the same with itself. Signed-off-by: Christian König <christian.koenig@amd.com> --- drivers/gpu/drm/ttm/ttm_page_alloc.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-)

Comments

Huang Rui April 9, 2019, 11:13 a.m. UTC | #1

> -----Original Message-----
> From: Christian König [mailto:ckoenig.leichtzumerken@gmail.com]
> Sent: Monday, April 08, 2019 9:13 PM
> To: Zhang, Jerry <Jerry.Zhang@amd.com>; Huang, Ray
> <Ray.Huang@amd.com>; amd-gfx@lists.freedesktop.org; dri-
> devel@lists.freedesktop.org
> Subject: [PATCH 2/2] drm/ttm: fix start page for huge page check in
> ttm_put_pages()
> 
> The first page entry is always the same with itself.
> 
> Signed-off-by: Christian König <christian.koenig@amd.com>

Reviewed-by: Huang Rui <ray.huang@amd.com>

> ---
>  drivers/gpu/drm/ttm/ttm_page_alloc.c | 4 ++--
>  1 file changed, 2 insertions(+), 2 deletions(-)
> 
> diff --git a/drivers/gpu/drm/ttm/ttm_page_alloc.c
> b/drivers/gpu/drm/ttm/ttm_page_alloc.c
> index f77c81db161b..c74147f0cbe3 100644
> --- a/drivers/gpu/drm/ttm/ttm_page_alloc.c
> +++ b/drivers/gpu/drm/ttm/ttm_page_alloc.c
> @@ -732,7 +732,7 @@ static void ttm_put_pages(struct page **pages,
> unsigned npages, int flags,  #ifdef CONFIG_TRANSPARENT_HUGEPAGE
>  			if (!(flags & TTM_PAGE_FLAG_DMA32) &&
>  			    (npages - i) >= HPAGE_PMD_NR) {
> -				for (j = 0; j < HPAGE_PMD_NR; ++j)
> +				for (j = 1; j < HPAGE_PMD_NR; ++j)
>  					if (p++ != pages[i + j])
>  					    break;
> 
> @@ -767,7 +767,7 @@ static void ttm_put_pages(struct page **pages,
> unsigned npages, int flags,
>  			if (!p)
>  				break;
> 
> -			for (j = 0; j < HPAGE_PMD_NR; ++j)
> +			for (j = 1; j < HPAGE_PMD_NR; ++j)
>  				if (p++ != pages[i + j])
>  				    break;
> 
> --
> 2.17.1

diff --git a/drivers/gpu/drm/ttm/ttm_page_alloc.c b/drivers/gpu/drm/ttm/ttm_page_alloc.c
index f77c81db161b..c74147f0cbe3 100644
--- a/drivers/gpu/drm/ttm/ttm_page_alloc.c
+++ b/drivers/gpu/drm/ttm/ttm_page_alloc.c
@@ -732,7 +732,7 @@  static void ttm_put_pages(struct page **pages, unsigned npages, int flags,
 #ifdef CONFIG_TRANSPARENT_HUGEPAGE
 			if (!(flags & TTM_PAGE_FLAG_DMA32) &&
 			    (npages - i) >= HPAGE_PMD_NR) {
-				for (j = 0; j < HPAGE_PMD_NR; ++j)
+				for (j = 1; j < HPAGE_PMD_NR; ++j)
 					if (p++ != pages[i + j])
 					    break;
 
@@ -767,7 +767,7 @@  static void ttm_put_pages(struct page **pages, unsigned npages, int flags,
 			if (!p)
 				break;
 
-			for (j = 0; j < HPAGE_PMD_NR; ++j)
+			for (j = 1; j < HPAGE_PMD_NR; ++j)
 				if (p++ != pages[i + j])
 				    break;

[2/2] drm/ttm: fix start page for huge page check in ttm_put_pages()

Commit Message

Comments

Patch