From: Peilin Ye <yepeilin.cs@gmail.com>
To: "Alex Deucher" <alexander.deucher@amd.com>,
"Christian König" <christian.koenig@amd.com>,
"David Airlie" <airlied@linux.ie>,
"Daniel Vetter" <daniel@ffwll.ch>
Cc: "Peilin Ye" <yepeilin.cs@gmail.com>,
"Dan Carpenter" <dan.carpenter@oracle.com>,
"Arnd Bergmann" <arnd@arndb.de>,
"Greg Kroah-Hartman" <gregkh@linuxfoundation.org>,
"Evan Quan" <evan.quan@amd.com>,
"Felix Kuehling" <Felix.Kuehling@amd.com>,
"Xiaojie Yuan" <xiaojie.yuan@amd.com>,
"Marek Olšák" <marek.olsak@amd.com>, Trek <trek00@inbox.ru>,
"Leo Liu" <leo.liu@amd.com>,
"Thomas Zimmermann" <tzimmermann@suse.de>,
"Nicholas Kazlauskas" <nicholas.kazlauskas@amd.com>,
"Hans de Goede" <hdegoede@redhat.com>,
linux-kernel-mentees@lists.linuxfoundation.org,
amd-gfx@lists.freedesktop.org, dri-devel@lists.freedesktop.org,
linux-kernel@vger.kernel.org
Subject: [Linux-kernel-mentees] [PATCH] drm/amdgpu: Prevent kernel-infoleak in amdgpu_info_ioctl()
Date: Tue, 28 Jul 2020 15:29:24 -0400 [thread overview]
Message-ID: <20200728192924.441570-1-yepeilin.cs@gmail.com> (raw)
Compiler leaves a 4-byte hole near the end of `dev_info`, causing
amdgpu_info_ioctl() to copy uninitialized kernel stack memory to userspace
when `size` is greater than 356.
In 2015 we tried to fix this issue by doing `= {};` on `dev_info`, which
unfortunately does not initialize that 4-byte hole. Fix it by using
memset() instead.
Cc: stable@vger.kernel.org
Fixes: c193fa91b918 ("drm/amdgpu: information leak in amdgpu_info_ioctl()")
Fixes: d38ceaf99ed0 ("drm/amdgpu: add core driver (v4)")
Suggested-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Peilin Ye <yepeilin.cs@gmail.com>
---
$ pahole -C "drm_amdgpu_info_device" drivers/gpu/drm/amd/amdgpu/amdgpu_kms.o
struct drm_amdgpu_info_device {
__u32 device_id; /* 0 4 */
__u32 chip_rev; /* 4 4 */
__u32 external_rev; /* 8 4 */
__u32 pci_rev; /* 12 4 */
__u32 family; /* 16 4 */
__u32 num_shader_engines; /* 20 4 */
__u32 num_shader_arrays_per_engine; /* 24 4 */
__u32 gpu_counter_freq; /* 28 4 */
__u64 max_engine_clock; /* 32 8 */
__u64 max_memory_clock; /* 40 8 */
__u32 cu_active_number; /* 48 4 */
__u32 cu_ao_mask; /* 52 4 */
__u32 cu_bitmap[4][4]; /* 56 64 */
/* --- cacheline 1 boundary (64 bytes) was 56 bytes ago --- */
__u32 enabled_rb_pipes_mask; /* 120 4 */
__u32 num_rb_pipes; /* 124 4 */
/* --- cacheline 2 boundary (128 bytes) --- */
__u32 num_hw_gfx_contexts; /* 128 4 */
__u32 _pad; /* 132 4 */
__u64 ids_flags; /* 136 8 */
__u64 virtual_address_offset; /* 144 8 */
__u64 virtual_address_max; /* 152 8 */
__u32 virtual_address_alignment; /* 160 4 */
__u32 pte_fragment_size; /* 164 4 */
__u32 gart_page_size; /* 168 4 */
__u32 ce_ram_size; /* 172 4 */
__u32 vram_type; /* 176 4 */
__u32 vram_bit_width; /* 180 4 */
__u32 vce_harvest_config; /* 184 4 */
__u32 gc_double_offchip_lds_buf; /* 188 4 */
/* --- cacheline 3 boundary (192 bytes) --- */
__u64 prim_buf_gpu_addr; /* 192 8 */
__u64 pos_buf_gpu_addr; /* 200 8 */
__u64 cntl_sb_buf_gpu_addr; /* 208 8 */
__u64 param_buf_gpu_addr; /* 216 8 */
__u32 prim_buf_size; /* 224 4 */
__u32 pos_buf_size; /* 228 4 */
__u32 cntl_sb_buf_size; /* 232 4 */
__u32 param_buf_size; /* 236 4 */
__u32 wave_front_size; /* 240 4 */
__u32 num_shader_visible_vgprs; /* 244 4 */
__u32 num_cu_per_sh; /* 248 4 */
__u32 num_tcc_blocks; /* 252 4 */
/* --- cacheline 4 boundary (256 bytes) --- */
__u32 gs_vgt_table_depth; /* 256 4 */
__u32 gs_prim_buffer_depth; /* 260 4 */
__u32 max_gs_waves_per_vgt; /* 264 4 */
__u32 _pad1; /* 268 4 */
__u32 cu_ao_bitmap[4][4]; /* 272 64 */
/* --- cacheline 5 boundary (320 bytes) was 16 bytes ago --- */
__u64 high_va_offset; /* 336 8 */
__u64 high_va_max; /* 344 8 */
__u32 pa_sc_tile_steering_override; /* 352 4 */
/* XXX 4 bytes hole, try to pack */
__u64 tcc_disabled_mask; /* 360 8 */
/* size: 368, cachelines: 6, members: 49 */
/* sum members: 364, holes: 1, sum holes: 4 */
/* last cacheline: 48 bytes */
};
drivers/gpu/drm/amd/amdgpu/amdgpu_kms.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_kms.c b/drivers/gpu/drm/amd/amdgpu/amdgpu_kms.c
index a8c47aecd342..0047da06041f 100644
--- a/drivers/gpu/drm/amd/amdgpu/amdgpu_kms.c
+++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_kms.c
@@ -707,9 +707,10 @@ static int amdgpu_info_ioctl(struct drm_device *dev, void *data, struct drm_file
return n ? -EFAULT : 0;
}
case AMDGPU_INFO_DEV_INFO: {
- struct drm_amdgpu_info_device dev_info = {};
+ struct drm_amdgpu_info_device dev_info;
uint64_t vm_size;
+ memset(&dev_info, 0, sizeof(dev_info));
dev_info.device_id = dev->pdev->device;
dev_info.chip_rev = adev->rev_id;
dev_info.external_rev = adev->external_rev_id;
--
2.25.1
WARNING: multiple messages have this Message-ID (diff)
From: Peilin Ye <yepeilin.cs@gmail.com>
To: "Alex Deucher" <alexander.deucher@amd.com>,
"Christian König" <christian.koenig@amd.com>,
"David Airlie" <airlied@linux.ie>,
"Daniel Vetter" <daniel@ffwll.ch>
Cc: "Arnd Bergmann" <arnd@arndb.de>,
"Felix Kuehling" <Felix.Kuehling@amd.com>,
linux-kernel@vger.kernel.org, amd-gfx@lists.freedesktop.org,
"Nicholas Kazlauskas" <nicholas.kazlauskas@amd.com>,
"Marek Olšák" <marek.olsak@amd.com>,
"Hans de Goede" <hdegoede@redhat.com>,
linux-kernel-mentees@lists.linuxfoundation.org,
Trek <trek00@inbox.ru>,
dri-devel@lists.freedesktop.org,
"Thomas Zimmermann" <tzimmermann@suse.de>,
"Evan Quan" <evan.quan@amd.com>, "Leo Liu" <leo.liu@amd.com>,
"Peilin Ye" <yepeilin.cs@gmail.com>,
"Dan Carpenter" <dan.carpenter@oracle.com>,
"Xiaojie Yuan" <xiaojie.yuan@amd.com>
Subject: [Linux-kernel-mentees] [PATCH] drm/amdgpu: Prevent kernel-infoleak in amdgpu_info_ioctl()
Date: Tue, 28 Jul 2020 15:29:24 -0400 [thread overview]
Message-ID: <20200728192924.441570-1-yepeilin.cs@gmail.com> (raw)
Compiler leaves a 4-byte hole near the end of `dev_info`, causing
amdgpu_info_ioctl() to copy uninitialized kernel stack memory to userspace
when `size` is greater than 356.
In 2015 we tried to fix this issue by doing `= {};` on `dev_info`, which
unfortunately does not initialize that 4-byte hole. Fix it by using
memset() instead.
Cc: stable@vger.kernel.org
Fixes: c193fa91b918 ("drm/amdgpu: information leak in amdgpu_info_ioctl()")
Fixes: d38ceaf99ed0 ("drm/amdgpu: add core driver (v4)")
Suggested-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Peilin Ye <yepeilin.cs@gmail.com>
---
$ pahole -C "drm_amdgpu_info_device" drivers/gpu/drm/amd/amdgpu/amdgpu_kms.o
struct drm_amdgpu_info_device {
__u32 device_id; /* 0 4 */
__u32 chip_rev; /* 4 4 */
__u32 external_rev; /* 8 4 */
__u32 pci_rev; /* 12 4 */
__u32 family; /* 16 4 */
__u32 num_shader_engines; /* 20 4 */
__u32 num_shader_arrays_per_engine; /* 24 4 */
__u32 gpu_counter_freq; /* 28 4 */
__u64 max_engine_clock; /* 32 8 */
__u64 max_memory_clock; /* 40 8 */
__u32 cu_active_number; /* 48 4 */
__u32 cu_ao_mask; /* 52 4 */
__u32 cu_bitmap[4][4]; /* 56 64 */
/* --- cacheline 1 boundary (64 bytes) was 56 bytes ago --- */
__u32 enabled_rb_pipes_mask; /* 120 4 */
__u32 num_rb_pipes; /* 124 4 */
/* --- cacheline 2 boundary (128 bytes) --- */
__u32 num_hw_gfx_contexts; /* 128 4 */
__u32 _pad; /* 132 4 */
__u64 ids_flags; /* 136 8 */
__u64 virtual_address_offset; /* 144 8 */
__u64 virtual_address_max; /* 152 8 */
__u32 virtual_address_alignment; /* 160 4 */
__u32 pte_fragment_size; /* 164 4 */
__u32 gart_page_size; /* 168 4 */
__u32 ce_ram_size; /* 172 4 */
__u32 vram_type; /* 176 4 */
__u32 vram_bit_width; /* 180 4 */
__u32 vce_harvest_config; /* 184 4 */
__u32 gc_double_offchip_lds_buf; /* 188 4 */
/* --- cacheline 3 boundary (192 bytes) --- */
__u64 prim_buf_gpu_addr; /* 192 8 */
__u64 pos_buf_gpu_addr; /* 200 8 */
__u64 cntl_sb_buf_gpu_addr; /* 208 8 */
__u64 param_buf_gpu_addr; /* 216 8 */
__u32 prim_buf_size; /* 224 4 */
__u32 pos_buf_size; /* 228 4 */
__u32 cntl_sb_buf_size; /* 232 4 */
__u32 param_buf_size; /* 236 4 */
__u32 wave_front_size; /* 240 4 */
__u32 num_shader_visible_vgprs; /* 244 4 */
__u32 num_cu_per_sh; /* 248 4 */
__u32 num_tcc_blocks; /* 252 4 */
/* --- cacheline 4 boundary (256 bytes) --- */
__u32 gs_vgt_table_depth; /* 256 4 */
__u32 gs_prim_buffer_depth; /* 260 4 */
__u32 max_gs_waves_per_vgt; /* 264 4 */
__u32 _pad1; /* 268 4 */
__u32 cu_ao_bitmap[4][4]; /* 272 64 */
/* --- cacheline 5 boundary (320 bytes) was 16 bytes ago --- */
__u64 high_va_offset; /* 336 8 */
__u64 high_va_max; /* 344 8 */
__u32 pa_sc_tile_steering_override; /* 352 4 */
/* XXX 4 bytes hole, try to pack */
__u64 tcc_disabled_mask; /* 360 8 */
/* size: 368, cachelines: 6, members: 49 */
/* sum members: 364, holes: 1, sum holes: 4 */
/* last cacheline: 48 bytes */
};
drivers/gpu/drm/amd/amdgpu/amdgpu_kms.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_kms.c b/drivers/gpu/drm/amd/amdgpu/amdgpu_kms.c
index a8c47aecd342..0047da06041f 100644
--- a/drivers/gpu/drm/amd/amdgpu/amdgpu_kms.c
+++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_kms.c
@@ -707,9 +707,10 @@ static int amdgpu_info_ioctl(struct drm_device *dev, void *data, struct drm_file
return n ? -EFAULT : 0;
}
case AMDGPU_INFO_DEV_INFO: {
- struct drm_amdgpu_info_device dev_info = {};
+ struct drm_amdgpu_info_device dev_info;
uint64_t vm_size;
+ memset(&dev_info, 0, sizeof(dev_info));
dev_info.device_id = dev->pdev->device;
dev_info.chip_rev = adev->rev_id;
dev_info.external_rev = adev->external_rev_id;
--
2.25.1
_______________________________________________
Linux-kernel-mentees mailing list
Linux-kernel-mentees@lists.linuxfoundation.org
https://lists.linuxfoundation.org/mailman/listinfo/linux-kernel-mentees
WARNING: multiple messages have this Message-ID (diff)
From: Peilin Ye <yepeilin.cs@gmail.com>
To: "Alex Deucher" <alexander.deucher@amd.com>,
"Christian König" <christian.koenig@amd.com>,
"David Airlie" <airlied@linux.ie>,
"Daniel Vetter" <daniel@ffwll.ch>
Cc: "Arnd Bergmann" <arnd@arndb.de>,
"Greg Kroah-Hartman" <gregkh@linuxfoundation.org>,
"Felix Kuehling" <Felix.Kuehling@amd.com>,
linux-kernel@vger.kernel.org, amd-gfx@lists.freedesktop.org,
"Nicholas Kazlauskas" <nicholas.kazlauskas@amd.com>,
"Marek Olšák" <marek.olsak@amd.com>,
"Hans de Goede" <hdegoede@redhat.com>,
linux-kernel-mentees@lists.linuxfoundation.org,
Trek <trek00@inbox.ru>,
dri-devel@lists.freedesktop.org,
"Thomas Zimmermann" <tzimmermann@suse.de>,
"Evan Quan" <evan.quan@amd.com>, "Leo Liu" <leo.liu@amd.com>,
"Peilin Ye" <yepeilin.cs@gmail.com>,
"Dan Carpenter" <dan.carpenter@oracle.com>,
"Xiaojie Yuan" <xiaojie.yuan@amd.com>
Subject: [Linux-kernel-mentees] [PATCH] drm/amdgpu: Prevent kernel-infoleak in amdgpu_info_ioctl()
Date: Tue, 28 Jul 2020 15:29:24 -0400 [thread overview]
Message-ID: <20200728192924.441570-1-yepeilin.cs@gmail.com> (raw)
Compiler leaves a 4-byte hole near the end of `dev_info`, causing
amdgpu_info_ioctl() to copy uninitialized kernel stack memory to userspace
when `size` is greater than 356.
In 2015 we tried to fix this issue by doing `= {};` on `dev_info`, which
unfortunately does not initialize that 4-byte hole. Fix it by using
memset() instead.
Cc: stable@vger.kernel.org
Fixes: c193fa91b918 ("drm/amdgpu: information leak in amdgpu_info_ioctl()")
Fixes: d38ceaf99ed0 ("drm/amdgpu: add core driver (v4)")
Suggested-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Peilin Ye <yepeilin.cs@gmail.com>
---
$ pahole -C "drm_amdgpu_info_device" drivers/gpu/drm/amd/amdgpu/amdgpu_kms.o
struct drm_amdgpu_info_device {
__u32 device_id; /* 0 4 */
__u32 chip_rev; /* 4 4 */
__u32 external_rev; /* 8 4 */
__u32 pci_rev; /* 12 4 */
__u32 family; /* 16 4 */
__u32 num_shader_engines; /* 20 4 */
__u32 num_shader_arrays_per_engine; /* 24 4 */
__u32 gpu_counter_freq; /* 28 4 */
__u64 max_engine_clock; /* 32 8 */
__u64 max_memory_clock; /* 40 8 */
__u32 cu_active_number; /* 48 4 */
__u32 cu_ao_mask; /* 52 4 */
__u32 cu_bitmap[4][4]; /* 56 64 */
/* --- cacheline 1 boundary (64 bytes) was 56 bytes ago --- */
__u32 enabled_rb_pipes_mask; /* 120 4 */
__u32 num_rb_pipes; /* 124 4 */
/* --- cacheline 2 boundary (128 bytes) --- */
__u32 num_hw_gfx_contexts; /* 128 4 */
__u32 _pad; /* 132 4 */
__u64 ids_flags; /* 136 8 */
__u64 virtual_address_offset; /* 144 8 */
__u64 virtual_address_max; /* 152 8 */
__u32 virtual_address_alignment; /* 160 4 */
__u32 pte_fragment_size; /* 164 4 */
__u32 gart_page_size; /* 168 4 */
__u32 ce_ram_size; /* 172 4 */
__u32 vram_type; /* 176 4 */
__u32 vram_bit_width; /* 180 4 */
__u32 vce_harvest_config; /* 184 4 */
__u32 gc_double_offchip_lds_buf; /* 188 4 */
/* --- cacheline 3 boundary (192 bytes) --- */
__u64 prim_buf_gpu_addr; /* 192 8 */
__u64 pos_buf_gpu_addr; /* 200 8 */
__u64 cntl_sb_buf_gpu_addr; /* 208 8 */
__u64 param_buf_gpu_addr; /* 216 8 */
__u32 prim_buf_size; /* 224 4 */
__u32 pos_buf_size; /* 228 4 */
__u32 cntl_sb_buf_size; /* 232 4 */
__u32 param_buf_size; /* 236 4 */
__u32 wave_front_size; /* 240 4 */
__u32 num_shader_visible_vgprs; /* 244 4 */
__u32 num_cu_per_sh; /* 248 4 */
__u32 num_tcc_blocks; /* 252 4 */
/* --- cacheline 4 boundary (256 bytes) --- */
__u32 gs_vgt_table_depth; /* 256 4 */
__u32 gs_prim_buffer_depth; /* 260 4 */
__u32 max_gs_waves_per_vgt; /* 264 4 */
__u32 _pad1; /* 268 4 */
__u32 cu_ao_bitmap[4][4]; /* 272 64 */
/* --- cacheline 5 boundary (320 bytes) was 16 bytes ago --- */
__u64 high_va_offset; /* 336 8 */
__u64 high_va_max; /* 344 8 */
__u32 pa_sc_tile_steering_override; /* 352 4 */
/* XXX 4 bytes hole, try to pack */
__u64 tcc_disabled_mask; /* 360 8 */
/* size: 368, cachelines: 6, members: 49 */
/* sum members: 364, holes: 1, sum holes: 4 */
/* last cacheline: 48 bytes */
};
drivers/gpu/drm/amd/amdgpu/amdgpu_kms.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_kms.c b/drivers/gpu/drm/amd/amdgpu/amdgpu_kms.c
index a8c47aecd342..0047da06041f 100644
--- a/drivers/gpu/drm/amd/amdgpu/amdgpu_kms.c
+++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_kms.c
@@ -707,9 +707,10 @@ static int amdgpu_info_ioctl(struct drm_device *dev, void *data, struct drm_file
return n ? -EFAULT : 0;
}
case AMDGPU_INFO_DEV_INFO: {
- struct drm_amdgpu_info_device dev_info = {};
+ struct drm_amdgpu_info_device dev_info;
uint64_t vm_size;
+ memset(&dev_info, 0, sizeof(dev_info));
dev_info.device_id = dev->pdev->device;
dev_info.chip_rev = adev->rev_id;
dev_info.external_rev = adev->external_rev_id;
--
2.25.1
_______________________________________________
dri-devel mailing list
dri-devel@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/dri-devel
WARNING: multiple messages have this Message-ID (diff)
From: Peilin Ye <yepeilin.cs@gmail.com>
To: "Alex Deucher" <alexander.deucher@amd.com>,
"Christian König" <christian.koenig@amd.com>,
"David Airlie" <airlied@linux.ie>,
"Daniel Vetter" <daniel@ffwll.ch>
Cc: "Arnd Bergmann" <arnd@arndb.de>,
"Greg Kroah-Hartman" <gregkh@linuxfoundation.org>,
"Felix Kuehling" <Felix.Kuehling@amd.com>,
linux-kernel@vger.kernel.org, amd-gfx@lists.freedesktop.org,
"Nicholas Kazlauskas" <nicholas.kazlauskas@amd.com>,
"Marek Olšák" <marek.olsak@amd.com>,
"Hans de Goede" <hdegoede@redhat.com>,
linux-kernel-mentees@lists.linuxfoundation.org,
Trek <trek00@inbox.ru>,
dri-devel@lists.freedesktop.org,
"Thomas Zimmermann" <tzimmermann@suse.de>,
"Evan Quan" <evan.quan@amd.com>, "Leo Liu" <leo.liu@amd.com>,
"Peilin Ye" <yepeilin.cs@gmail.com>,
"Dan Carpenter" <dan.carpenter@oracle.com>,
"Xiaojie Yuan" <xiaojie.yuan@amd.com>
Subject: [Linux-kernel-mentees] [PATCH] drm/amdgpu: Prevent kernel-infoleak in amdgpu_info_ioctl()
Date: Tue, 28 Jul 2020 15:29:24 -0400 [thread overview]
Message-ID: <20200728192924.441570-1-yepeilin.cs@gmail.com> (raw)
Compiler leaves a 4-byte hole near the end of `dev_info`, causing
amdgpu_info_ioctl() to copy uninitialized kernel stack memory to userspace
when `size` is greater than 356.
In 2015 we tried to fix this issue by doing `= {};` on `dev_info`, which
unfortunately does not initialize that 4-byte hole. Fix it by using
memset() instead.
Cc: stable@vger.kernel.org
Fixes: c193fa91b918 ("drm/amdgpu: information leak in amdgpu_info_ioctl()")
Fixes: d38ceaf99ed0 ("drm/amdgpu: add core driver (v4)")
Suggested-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Peilin Ye <yepeilin.cs@gmail.com>
---
$ pahole -C "drm_amdgpu_info_device" drivers/gpu/drm/amd/amdgpu/amdgpu_kms.o
struct drm_amdgpu_info_device {
__u32 device_id; /* 0 4 */
__u32 chip_rev; /* 4 4 */
__u32 external_rev; /* 8 4 */
__u32 pci_rev; /* 12 4 */
__u32 family; /* 16 4 */
__u32 num_shader_engines; /* 20 4 */
__u32 num_shader_arrays_per_engine; /* 24 4 */
__u32 gpu_counter_freq; /* 28 4 */
__u64 max_engine_clock; /* 32 8 */
__u64 max_memory_clock; /* 40 8 */
__u32 cu_active_number; /* 48 4 */
__u32 cu_ao_mask; /* 52 4 */
__u32 cu_bitmap[4][4]; /* 56 64 */
/* --- cacheline 1 boundary (64 bytes) was 56 bytes ago --- */
__u32 enabled_rb_pipes_mask; /* 120 4 */
__u32 num_rb_pipes; /* 124 4 */
/* --- cacheline 2 boundary (128 bytes) --- */
__u32 num_hw_gfx_contexts; /* 128 4 */
__u32 _pad; /* 132 4 */
__u64 ids_flags; /* 136 8 */
__u64 virtual_address_offset; /* 144 8 */
__u64 virtual_address_max; /* 152 8 */
__u32 virtual_address_alignment; /* 160 4 */
__u32 pte_fragment_size; /* 164 4 */
__u32 gart_page_size; /* 168 4 */
__u32 ce_ram_size; /* 172 4 */
__u32 vram_type; /* 176 4 */
__u32 vram_bit_width; /* 180 4 */
__u32 vce_harvest_config; /* 184 4 */
__u32 gc_double_offchip_lds_buf; /* 188 4 */
/* --- cacheline 3 boundary (192 bytes) --- */
__u64 prim_buf_gpu_addr; /* 192 8 */
__u64 pos_buf_gpu_addr; /* 200 8 */
__u64 cntl_sb_buf_gpu_addr; /* 208 8 */
__u64 param_buf_gpu_addr; /* 216 8 */
__u32 prim_buf_size; /* 224 4 */
__u32 pos_buf_size; /* 228 4 */
__u32 cntl_sb_buf_size; /* 232 4 */
__u32 param_buf_size; /* 236 4 */
__u32 wave_front_size; /* 240 4 */
__u32 num_shader_visible_vgprs; /* 244 4 */
__u32 num_cu_per_sh; /* 248 4 */
__u32 num_tcc_blocks; /* 252 4 */
/* --- cacheline 4 boundary (256 bytes) --- */
__u32 gs_vgt_table_depth; /* 256 4 */
__u32 gs_prim_buffer_depth; /* 260 4 */
__u32 max_gs_waves_per_vgt; /* 264 4 */
__u32 _pad1; /* 268 4 */
__u32 cu_ao_bitmap[4][4]; /* 272 64 */
/* --- cacheline 5 boundary (320 bytes) was 16 bytes ago --- */
__u64 high_va_offset; /* 336 8 */
__u64 high_va_max; /* 344 8 */
__u32 pa_sc_tile_steering_override; /* 352 4 */
/* XXX 4 bytes hole, try to pack */
__u64 tcc_disabled_mask; /* 360 8 */
/* size: 368, cachelines: 6, members: 49 */
/* sum members: 364, holes: 1, sum holes: 4 */
/* last cacheline: 48 bytes */
};
drivers/gpu/drm/amd/amdgpu/amdgpu_kms.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_kms.c b/drivers/gpu/drm/amd/amdgpu/amdgpu_kms.c
index a8c47aecd342..0047da06041f 100644
--- a/drivers/gpu/drm/amd/amdgpu/amdgpu_kms.c
+++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_kms.c
@@ -707,9 +707,10 @@ static int amdgpu_info_ioctl(struct drm_device *dev, void *data, struct drm_file
return n ? -EFAULT : 0;
}
case AMDGPU_INFO_DEV_INFO: {
- struct drm_amdgpu_info_device dev_info = {};
+ struct drm_amdgpu_info_device dev_info;
uint64_t vm_size;
+ memset(&dev_info, 0, sizeof(dev_info));
dev_info.device_id = dev->pdev->device;
dev_info.chip_rev = adev->rev_id;
dev_info.external_rev = adev->external_rev_id;
--
2.25.1
_______________________________________________
amd-gfx mailing list
amd-gfx@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/amd-gfx
next reply other threads:[~2020-07-28 19:31 UTC|newest]
Thread overview: 44+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-07-28 19:29 Peilin Ye [this message]
2020-07-28 19:29 ` [Linux-kernel-mentees] [PATCH] drm/amdgpu: Prevent kernel-infoleak in amdgpu_info_ioctl() Peilin Ye
2020-07-28 19:29 ` Peilin Ye
2020-07-28 19:29 ` Peilin Ye
2020-07-29 8:11 ` Christian König
2020-07-29 8:11 ` Christian König
2020-07-29 8:11 ` Christian König
2020-07-29 8:11 ` Christian König
2020-07-29 9:00 ` Daniel Vetter
2020-07-29 9:00 ` Daniel Vetter
2020-07-29 9:00 ` Daniel Vetter
2020-07-29 9:00 ` Daniel Vetter
2020-07-29 13:49 ` Alex Deucher
2020-07-29 13:49 ` Alex Deucher
2020-07-29 13:49 ` Alex Deucher
2020-07-29 13:49 ` Alex Deucher
2020-07-30 21:09 ` Luben Tuikov
2020-07-30 21:09 ` Luben Tuikov
2020-07-30 21:09 ` Luben Tuikov
2020-07-30 21:09 ` Luben Tuikov
2020-07-31 6:53 ` Greg Kroah-Hartman
2020-07-31 6:53 ` Greg Kroah-Hartman
2020-07-31 6:53 ` Greg Kroah-Hartman
2020-07-31 6:53 ` Greg Kroah-Hartman
2020-07-31 6:57 ` Christian König
2020-07-31 6:57 ` Christian König
2020-07-31 6:57 ` Christian König
2020-07-31 6:57 ` Christian König
2020-07-31 7:10 ` Greg Kroah-Hartman
2020-07-31 7:10 ` Greg Kroah-Hartman
2020-07-31 7:10 ` Greg Kroah-Hartman
2020-07-31 7:10 ` Greg Kroah-Hartman
2020-07-31 7:57 ` Christian König
2020-07-31 7:57 ` Christian König
2020-07-31 7:57 ` Christian König
2020-07-31 7:57 ` Christian König
2020-07-31 7:34 ` Arnd Bergmann
2020-07-31 7:34 ` Arnd Bergmann
2020-07-31 7:34 ` Arnd Bergmann
2020-07-31 7:34 ` Arnd Bergmann
2020-07-29 21:55 ` Alex Deucher
2020-07-29 21:55 ` Alex Deucher
2020-07-29 21:55 ` Alex Deucher
2020-07-29 21:55 ` Alex Deucher
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200728192924.441570-1-yepeilin.cs@gmail.com \
--to=yepeilin.cs@gmail.com \
--cc=Felix.Kuehling@amd.com \
--cc=airlied@linux.ie \
--cc=alexander.deucher@amd.com \
--cc=amd-gfx@lists.freedesktop.org \
--cc=arnd@arndb.de \
--cc=christian.koenig@amd.com \
--cc=dan.carpenter@oracle.com \
--cc=daniel@ffwll.ch \
--cc=dri-devel@lists.freedesktop.org \
--cc=evan.quan@amd.com \
--cc=gregkh@linuxfoundation.org \
--cc=hdegoede@redhat.com \
--cc=leo.liu@amd.com \
--cc=linux-kernel-mentees@lists.linuxfoundation.org \
--cc=linux-kernel@vger.kernel.org \
--cc=marek.olsak@amd.com \
--cc=nicholas.kazlauskas@amd.com \
--cc=trek00@inbox.ru \
--cc=tzimmermann@suse.de \
--cc=xiaojie.yuan@amd.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.