From: Dmitry Osipenko <digetx-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
To: Mikko Perttunen <cyndis-/1wQRMveznE@public.gmane.org>,
Thierry Reding
<thierry.reding-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
Cc: linux-tegra-u79uwXL29TY76Z2rM5mHXA@public.gmane.org,
DRI Development
<dri-devel-PD4FTy7X32lNgt0PjOBp9y5qC8QIuHrW@public.gmane.org>,
Erik Faye-Lund
<kusmabite-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
Subject: Re: [PATCH 03/22] drm/tegra: Check whether page belongs to BO in tegra_bo_kmap()
Date: Thu, 1 Jun 2017 21:32:43 +0300 [thread overview]
Message-ID: <44ee1a86-fe5e-ef18-94e2-2b7e787312ef@gmail.com> (raw)
In-Reply-To: <451c46eb-7e5e-8f3a-9197-adffba014559-/1wQRMveznE@public.gmane.org>
On 01.06.2017 21:01, Mikko Perttunen wrote:
> On 05/23/2017 03:14 AM, Dmitry Osipenko wrote:
>> This fixes an OOPS in case of out-of-bounds accessing of a kmap'ed cmdbuf
>> (non-IOMMU allocation) while patching the relocations in do_relocs().
>>
>> Signed-off-by: Dmitry Osipenko <digetx-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
>> ---
>> drivers/gpu/drm/tegra/gem.c | 3 +++
>> 1 file changed, 3 insertions(+)
>>
>> diff --git a/drivers/gpu/drm/tegra/gem.c b/drivers/gpu/drm/tegra/gem.c
>> index 424569b53e57..ca0d4439e97b 100644
>> --- a/drivers/gpu/drm/tegra/gem.c
>> +++ b/drivers/gpu/drm/tegra/gem.c
>> @@ -74,6 +74,9 @@ static void *tegra_bo_kmap(struct host1x_bo *bo, unsigned
>> int page)
>> {
>> struct tegra_bo *obj = host1x_to_tegra_bo(bo);
>> + if (page * PAGE_SIZE >= obj->gem.size)
>> + return NULL;
>> +
>
> The multiplication here could overflow, so it needs the same u64 treatment to
> catch all problem situations. I'm not sure if this is required, though, with the
> other bounds check patches in this series.
>
Right, I'll checks once more if this patch is still needed, thank you.
>> if (obj->vaddr)
>> return obj->vaddr + page * PAGE_SIZE;
>> else if (obj->gem.import_attach)
>>
--
Dmitry
next prev parent reply other threads:[~2017-06-01 18:32 UTC|newest]
Thread overview: 69+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-05-23 0:14 [PATCH 00/22] Tegra DRM fixes Dmitry Osipenko
[not found] ` <cover.1495498184.git.digetx-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
2017-05-23 0:14 ` [PATCH 01/22] drm/tegra: Fix lockup on a use of staging API Dmitry Osipenko
2017-05-23 0:14 ` [PATCH 02/22] drm/tegra: Correct idr_alloc() minimum id Dmitry Osipenko
2017-05-23 0:14 ` [PATCH 03/22] drm/tegra: Check whether page belongs to BO in tegra_bo_kmap() Dmitry Osipenko
[not found] ` <04637a55694493bdd8267a7f19798d7968568087.1495498184.git.digetx-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
2017-05-23 0:21 ` Erik Faye-Lund
2017-06-01 18:01 ` Mikko Perttunen
[not found] ` <451c46eb-7e5e-8f3a-9197-adffba014559-/1wQRMveznE@public.gmane.org>
2017-06-01 18:32 ` Dmitry Osipenko [this message]
2017-05-23 0:14 ` [PATCH 04/22] drm/tegra: Check for malformed offsets and sizes in the 'submit' IOCTL Dmitry Osipenko
[not found] ` <801e3023e6fe11744c7e675ca7b9c5890e3210f2.1495498184.git.digetx-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
2017-05-31 18:39 ` Mikko Perttunen
2017-05-23 0:14 ` [PATCH 05/22] drm/tegra: Correct copying of waitchecks and disable them " Dmitry Osipenko
[not found] ` <380fc14d114ac9abb15e447c90a4363913d34a52.1495498184.git.digetx-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
2017-05-31 18:43 ` Mikko Perttunen
2017-05-23 0:14 ` [PATCH 06/22] drm/tegra: Check syncpoint ID " Dmitry Osipenko
[not found] ` <f116e4fbab1391ed59a7401f2838e95bcc3025d9.1495498184.git.digetx-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
2017-05-31 18:46 ` Mikko Perttunen
2017-05-23 0:14 ` [PATCH 07/22] drm/tegra: Remove module ownership from the tegra_fb_ops Dmitry Osipenko
2017-06-13 13:43 ` Thierry Reding
[not found] ` <20170613134340.GG16758-m5CkvRiFyV9wFLYp8hBm2A@public.gmane.org>
2017-06-13 14:00 ` Dmitry Osipenko
[not found] ` <827dcffe-b25c-75b1-d988-5977de1dd83f-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
2017-06-13 15:07 ` Thierry Reding
[not found] ` <20170613150720.GD20577-m5CkvRiFyV9wFLYp8hBm2A@public.gmane.org>
2017-06-13 17:39 ` Dmitry Osipenko
2017-05-23 0:14 ` [PATCH 08/22] drm/tegra: dc: Drop the reset asserts to workaround a bug Dmitry Osipenko
[not found] ` <35e1ef44da98701b2c507c31ecc0812530303d2d.1495498184.git.digetx-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
2017-06-13 13:45 ` Thierry Reding
[not found] ` <20170613134546.GH16758-m5CkvRiFyV9wFLYp8hBm2A@public.gmane.org>
2017-06-13 14:18 ` Dmitry Osipenko
[not found] ` <8d131ad2-5d1a-635e-4a6c-73b69cbf8e72-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
2017-06-13 15:07 ` Thierry Reding
2017-05-23 0:14 ` [PATCH 09/22] drm/tegra: dc: Apply clipping to the plane Dmitry Osipenko
2017-05-23 0:14 ` [PATCH 10/22] drm/tegra: Disable plane if it is invisible Dmitry Osipenko
2017-05-23 0:14 ` [PATCH 11/22] gpu: host1x: Initialize firewall class to the jobs one Dmitry Osipenko
2017-05-23 0:14 ` [PATCH 12/22] gpu: host1x: Correct host1x_job_pin() error handling Dmitry Osipenko
[not found] ` <a153e811388386c26d21e26ac4deb72a4d01ae74.1495498184.git.digetx-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
2017-05-23 0:32 ` Erik Faye-Lund
2017-05-31 18:50 ` Mikko Perttunen
2017-05-23 0:14 ` [PATCH 13/22] gpu: host1x: Do not leak BO's phys address to userspace Dmitry Osipenko
[not found] ` <0a7594fdecc4298f684ed55fda5c5b1be9c443ec.1495498184.git.digetx-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
2017-06-13 17:31 ` Mikko Perttunen
[not found] ` <00e5e6d5-def4-a4f6-df93-9505be13c4be-/1wQRMveznE@public.gmane.org>
2017-06-13 18:21 ` Dmitry Osipenko
[not found] ` <5e197807-ef57-604f-879d-7be691785a60-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
2017-06-13 19:03 ` Mikko Perttunen
[not found] ` <3c0df318-d1d9-60fc-81e4-0cfa871b28e1-/1wQRMveznE@public.gmane.org>
2017-06-13 19:56 ` Dmitry Osipenko
2017-05-23 0:14 ` [PATCH 14/22] gpu: host1x: Forbid relocation address shifting in the firewall Dmitry Osipenko
[not found] ` <15311f1c044c3ff26624e2a980b0c477b1cf33b2.1495498184.git.digetx-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
2017-05-23 0:33 ` Erik Faye-Lund
2017-05-23 10:14 ` Mikko Perttunen
[not found] ` <3c5d7896-6753-78c5-5a74-25061244acff-/1wQRMveznE@public.gmane.org>
2017-05-23 10:58 ` Dmitry Osipenko
[not found] ` <b481d7f3-d82a-407b-4eb0-6ed24ca32199-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
2017-05-23 11:19 ` Mikko Perttunen
[not found] ` <d5197c08-516b-0687-e2ec-61adda99caa1-/1wQRMveznE@public.gmane.org>
2017-05-23 11:28 ` Dmitry Osipenko
2017-06-01 17:39 ` Mikko Perttunen
[not found] ` <56ee62e7-a53b-0270-837a-2ae6f0a848cc-/1wQRMveznE@public.gmane.org>
2017-06-01 18:37 ` Dmitry Osipenko
[not found] ` <0a4181f5-2e19-31ed-2a8b-3314a0481c81-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
2017-06-01 18:44 ` Dmitry Osipenko
[not found] ` <58379261-a17a-fc59-e29b-c670eafbbce5-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
2017-06-01 18:51 ` Mikko Perttunen
[not found] ` <34b2d0b4-0e53-98b6-6859-34b8f3e32251-/1wQRMveznE@public.gmane.org>
2017-06-01 19:15 ` Dmitry Osipenko
2017-05-23 0:14 ` [PATCH 15/22] gpu: host1x: Forbid RESTART opcode " Dmitry Osipenko
[not found] ` <b214fc1c2e3952511eb97a404795b786c08bdeed.1495498184.git.digetx-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
2017-06-01 17:41 ` Mikko Perttunen
2017-05-23 0:14 ` [PATCH 16/22] gpu: host1x: Forbid unrelated SETCLASS " Dmitry Osipenko
[not found] ` <741d3bbfb74b5455e016164a3a30d9e3101bdc24.1495498184.git.digetx-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
2017-05-23 0:39 ` Erik Faye-Lund
[not found] ` <CABPQNSbEXGHUv8kHr2sLjOLrVAiNXdStKUapMZX+CX5RWi0cfg-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2017-05-23 0:45 ` Dmitry Osipenko
2017-06-13 14:06 ` Thierry Reding
[not found] ` <20170613140653.GI16758-m5CkvRiFyV9wFLYp8hBm2A@public.gmane.org>
2017-06-13 14:15 ` Dmitry Osipenko
2017-06-01 17:46 ` Mikko Perttunen
[not found] ` <11a042e3-a220-556f-ecdb-a2d9f93910eb-/1wQRMveznE@public.gmane.org>
2017-06-01 18:36 ` Dmitry Osipenko
2017-05-23 0:14 ` [PATCH 17/22] gpu: host1x: Check waits " Dmitry Osipenko
[not found] ` <1c406c0f1ed144abb3d4b5f52272c5cd6faa2d3a.1495498184.git.digetx-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
2017-06-01 17:51 ` Mikko Perttunen
2017-05-23 0:14 ` [PATCH 18/22] gpu: host1x: Remove unused 'struct host1x_cmdbuf' Dmitry Osipenko
2017-05-23 0:42 ` Erik Faye-Lund
[not found] ` <f744341274b5749761550d14e37cac57cd0e63fc.1495498184.git.digetx-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
2017-06-01 17:52 ` Mikko Perttunen
2017-05-23 0:14 ` [PATCH 19/22] gpu: host1x: Remove unused host1x_cdma_stop() definition Dmitry Osipenko
2017-05-23 0:43 ` Erik Faye-Lund
[not found] ` <2c22b2d1cedcfe75f66aa8500c2b9425e10724d0.1495498184.git.digetx-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
2017-06-01 17:52 ` Mikko Perttunen
2017-05-23 0:14 ` [PATCH 20/22] gpu: host1x: Refactor channel allocation code Dmitry Osipenko
2017-05-23 0:16 ` [PATCH 21/22] drm/tegra: Don't use IOMMU on Tegra20 Dmitry Osipenko
[not found] ` <fb3b357fbbdf61a20609f38a817c3f45ebc238fc.1495498184.git.digetx-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
2017-05-23 0:16 ` [PATCH 22/22] Revert "iommu/tegra: gart: Do not register with bus" Dmitry Osipenko
[not found] ` <781477cf9ac61301e639f71236d65a8b31586827.1495498184.git.digetx-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
2017-05-30 9:21 ` Joerg Roedel
2017-05-30 9:21 ` [PATCH 21/22] drm/tegra: Don't use IOMMU on Tegra20 Joerg Roedel
[not found] ` <20170530092109.GA2818-zLv9SwRftAIdnm+yROfE0A@public.gmane.org>
2017-05-30 10:08 ` Dmitry Osipenko
2017-06-01 8:36 ` Dmitry Osipenko
[not found] ` <a61919f1-df1f-9cd0-3059-53daa3a88ff7-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
2017-06-01 17:57 ` Mikko Perttunen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=44ee1a86-fe5e-ef18-94e2-2b7e787312ef@gmail.com \
--to=digetx-re5jqeeqqe8avxtiumwx3w@public.gmane.org \
--cc=cyndis-/1wQRMveznE@public.gmane.org \
--cc=dri-devel-PD4FTy7X32lNgt0PjOBp9y5qC8QIuHrW@public.gmane.org \
--cc=kusmabite-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org \
--cc=linux-tegra-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=thierry.reding-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.