All of lore.kernel.org
 help / color / mirror / Atom feed
* [PATCH] Fix out-of-bound access for gfx_v10_0_ring_test_ib()
@ 2022-04-25  8:56 Haohui Mai
  2022-04-25 10:52 ` Christian König
  0 siblings, 1 reply; 4+ messages in thread
From: Haohui Mai @ 2022-04-25  8:56 UTC (permalink / raw)
  To: amd-gfx; +Cc: emily.deng, ckoenig.leichtzumerken

The gfx_v10_0_ring_test_ib() function uses 20 bytes instead of 16
bytes during the test. The patch sets the size of the allocation to be
4-byte larger to match the actual usage.

Signed-off-by: Haohui Mai <ricetons@gmail.com>
---
 drivers/gpu/drm/amd/amdgpu/gfx_v10_0.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/gpu/drm/amd/amdgpu/gfx_v10_0.c
b/drivers/gpu/drm/amd/amdgpu/gfx_v10_0.c
index 9426e252d8aa..b131235826b1 100644
--- a/drivers/gpu/drm/amd/amdgpu/gfx_v10_0.c
+++ b/drivers/gpu/drm/amd/amdgpu/gfx_v10_0.c
@@ -3830,7 +3830,7 @@ static int gfx_v10_0_ring_test_ib(struct
amdgpu_ring *ring, long timeout)
        gpu_addr = adev->wb.gpu_addr + (index * 4);
        adev->wb.wb[index] = cpu_to_le32(0xCAFEDEAD);
        memset(&ib, 0, sizeof(ib));
-       r = amdgpu_ib_get(adev, NULL, 16,
+       r = amdgpu_ib_get(adev, NULL, 20,
                                        AMDGPU_IB_POOL_DIRECT, &ib);
        if (r)
                goto err1;
--
2.25.1

^ permalink raw reply related	[flat|nested] 4+ messages in thread
* Re: [PATCH] Fix out-of-bound access for gfx_v10_0_ring_test_ib()
  2022-04-25  8:56 [PATCH] Fix out-of-bound access for gfx_v10_0_ring_test_ib() Haohui Mai
@ 2022-04-25 10:52 ` Christian König
  2022-04-25 11:02   ` Haohui Mai
  0 siblings, 1 reply; 4+ messages in thread
From: Christian König @ 2022-04-25 10:52 UTC (permalink / raw)
  To: Haohui Mai, amd-gfx; +Cc: emily.deng

Am 25.04.22 um 10:56 schrieb Haohui Mai:
> The gfx_v10_0_ring_test_ib() function uses 20 bytes instead of 16
> bytes during the test. The patch sets the size of the allocation to be
> 4-byte larger to match the actual usage.
>
> Signed-off-by: Haohui Mai <ricetons@gmail.com>
> ---
>   drivers/gpu/drm/amd/amdgpu/gfx_v10_0.c | 2 +-
>   1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/drivers/gpu/drm/amd/amdgpu/gfx_v10_0.c
> b/drivers/gpu/drm/amd/amdgpu/gfx_v10_0.c
> index 9426e252d8aa..b131235826b1 100644
> --- a/drivers/gpu/drm/amd/amdgpu/gfx_v10_0.c
> +++ b/drivers/gpu/drm/amd/amdgpu/gfx_v10_0.c
> @@ -3830,7 +3830,7 @@ static int gfx_v10_0_ring_test_ib(struct
> amdgpu_ring *ring, long timeout)
>          gpu_addr = adev->wb.gpu_addr + (index * 4);
>          adev->wb.wb[index] = cpu_to_le32(0xCAFEDEAD);
>          memset(&ib, 0, sizeof(ib));
> -       r = amdgpu_ib_get(adev, NULL, 16,
> +       r = amdgpu_ib_get(adev, NULL, 20,
>                                          AMDGPU_IB_POOL_DIRECT, &ib);

Good catch, but while at it please fix the coding style and move the 
"AMDGPU_IB_POOL_DIRECT, &ib);" on the same line as well.

With that done, the patch is Reviewed-by: Christian König 
<christian.koenig@amd.com>

>          if (r)
>                  goto err1;
> --
> 2.25.1


^ permalink raw reply	[flat|nested] 4+ messages in thread
* Re: [PATCH] Fix out-of-bound access for gfx_v10_0_ring_test_ib()
  2022-04-25 10:52 ` Christian König
@ 2022-04-25 11:02   ` Haohui Mai
  2022-04-25 17:59     ` Alex Deucher
  0 siblings, 1 reply; 4+ messages in thread
From: Haohui Mai @ 2022-04-25 11:02 UTC (permalink / raw)
  To: Christian König; +Cc: emily.deng, amd-gfx

Thanks for the prompt reviews. Here is the updated patch.

Signed-off-by: Haohui Mai <ricetons@gmail.com>
---
 drivers/gpu/drm/amd/amdgpu/gfx_v10_0.c | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/drivers/gpu/drm/amd/amdgpu/gfx_v10_0.c
b/drivers/gpu/drm/amd/amdgpu/gfx_v10_0.c
index 9426e252d8aa..c15549bbe636 100644
--- a/drivers/gpu/drm/amd/amdgpu/gfx_v10_0.c
+++ b/drivers/gpu/drm/amd/amdgpu/gfx_v10_0.c
@@ -3830,8 +3830,7 @@ static int gfx_v10_0_ring_test_ib(struct
amdgpu_ring *ring, long timeout)
        gpu_addr = adev->wb.gpu_addr + (index * 4);
        adev->wb.wb[index] = cpu_to_le32(0xCAFEDEAD);
        memset(&ib, 0, sizeof(ib));
-       r = amdgpu_ib_get(adev, NULL, 16,
-                                       AMDGPU_IB_POOL_DIRECT, &ib);
+       r = amdgpu_ib_get(adev, NULL, 20, AMDGPU_IB_POOL_DIRECT, &ib);
        if (r)
                goto err1;

--
2.25.1

On Mon, Apr 25, 2022 at 6:52 PM Christian König
<ckoenig.leichtzumerken@gmail.com> wrote:
>
> Am 25.04.22 um 10:56 schrieb Haohui Mai:
> > The gfx_v10_0_ring_test_ib() function uses 20 bytes instead of 16
> > bytes during the test. The patch sets the size of the allocation to be
> > 4-byte larger to match the actual usage.
> >
> > Signed-off-by: Haohui Mai <ricetons@gmail.com>
> > ---
> >   drivers/gpu/drm/amd/amdgpu/gfx_v10_0.c | 2 +-
> >   1 file changed, 1 insertion(+), 1 deletion(-)
> >
> > diff --git a/drivers/gpu/drm/amd/amdgpu/gfx_v10_0.c
> > b/drivers/gpu/drm/amd/amdgpu/gfx_v10_0.c
> > index 9426e252d8aa..b131235826b1 100644
> > --- a/drivers/gpu/drm/amd/amdgpu/gfx_v10_0.c
> > +++ b/drivers/gpu/drm/amd/amdgpu/gfx_v10_0.c
> > @@ -3830,7 +3830,7 @@ static int gfx_v10_0_ring_test_ib(struct
> > amdgpu_ring *ring, long timeout)
> >          gpu_addr = adev->wb.gpu_addr + (index * 4);
> >          adev->wb.wb[index] = cpu_to_le32(0xCAFEDEAD);
> >          memset(&ib, 0, sizeof(ib));
> > -       r = amdgpu_ib_get(adev, NULL, 16,
> > +       r = amdgpu_ib_get(adev, NULL, 20,
> >                                          AMDGPU_IB_POOL_DIRECT, &ib);
>
> Good catch, but while at it please fix the coding style and move the
> "AMDGPU_IB_POOL_DIRECT, &ib);" on the same line as well.
>
> With that done, the patch is Reviewed-by: Christian König
> <christian.koenig@amd.com>
>
> >          if (r)
> >                  goto err1;
> > --
> > 2.25.1
>

^ permalink raw reply related	[flat|nested] 4+ messages in thread
* Re: [PATCH] Fix out-of-bound access for gfx_v10_0_ring_test_ib()
  2022-04-25 11:02   ` Haohui Mai
@ 2022-04-25 17:59     ` Alex Deucher
  0 siblings, 0 replies; 4+ messages in thread
From: Alex Deucher @ 2022-04-25 17:59 UTC (permalink / raw)
  To: Haohui Mai; +Cc: Christian König, amd-gfx list, Emily Deng

Applied, but please fix your mailer.  Also, please prepend patch
titles with "drm/amdgpu".

Thanks,

Alex


On Mon, Apr 25, 2022 at 7:03 AM Haohui Mai <ricetons@gmail.com> wrote:
>
> Thanks for the prompt reviews. Here is the updated patch.
>
> Signed-off-by: Haohui Mai <ricetons@gmail.com>
> ---
>  drivers/gpu/drm/amd/amdgpu/gfx_v10_0.c | 3 +--
>  1 file changed, 1 insertion(+), 2 deletions(-)
>
> diff --git a/drivers/gpu/drm/amd/amdgpu/gfx_v10_0.c
> b/drivers/gpu/drm/amd/amdgpu/gfx_v10_0.c
> index 9426e252d8aa..c15549bbe636 100644
> --- a/drivers/gpu/drm/amd/amdgpu/gfx_v10_0.c
> +++ b/drivers/gpu/drm/amd/amdgpu/gfx_v10_0.c
> @@ -3830,8 +3830,7 @@ static int gfx_v10_0_ring_test_ib(struct
> amdgpu_ring *ring, long timeout)
>         gpu_addr = adev->wb.gpu_addr + (index * 4);
>         adev->wb.wb[index] = cpu_to_le32(0xCAFEDEAD);
>         memset(&ib, 0, sizeof(ib));
> -       r = amdgpu_ib_get(adev, NULL, 16,
> -                                       AMDGPU_IB_POOL_DIRECT, &ib);
> +       r = amdgpu_ib_get(adev, NULL, 20, AMDGPU_IB_POOL_DIRECT, &ib);
>         if (r)
>                 goto err1;
>
> --
> 2.25.1
>
> On Mon, Apr 25, 2022 at 6:52 PM Christian König
> <ckoenig.leichtzumerken@gmail.com> wrote:
> >
> > Am 25.04.22 um 10:56 schrieb Haohui Mai:
> > > The gfx_v10_0_ring_test_ib() function uses 20 bytes instead of 16
> > > bytes during the test. The patch sets the size of the allocation to be
> > > 4-byte larger to match the actual usage.
> > >
> > > Signed-off-by: Haohui Mai <ricetons@gmail.com>
> > > ---
> > >   drivers/gpu/drm/amd/amdgpu/gfx_v10_0.c | 2 +-
> > >   1 file changed, 1 insertion(+), 1 deletion(-)
> > >
> > > diff --git a/drivers/gpu/drm/amd/amdgpu/gfx_v10_0.c
> > > b/drivers/gpu/drm/amd/amdgpu/gfx_v10_0.c
> > > index 9426e252d8aa..b131235826b1 100644
> > > --- a/drivers/gpu/drm/amd/amdgpu/gfx_v10_0.c
> > > +++ b/drivers/gpu/drm/amd/amdgpu/gfx_v10_0.c
> > > @@ -3830,7 +3830,7 @@ static int gfx_v10_0_ring_test_ib(struct
> > > amdgpu_ring *ring, long timeout)
> > >          gpu_addr = adev->wb.gpu_addr + (index * 4);
> > >          adev->wb.wb[index] = cpu_to_le32(0xCAFEDEAD);
> > >          memset(&ib, 0, sizeof(ib));
> > > -       r = amdgpu_ib_get(adev, NULL, 16,
> > > +       r = amdgpu_ib_get(adev, NULL, 20,
> > >                                          AMDGPU_IB_POOL_DIRECT, &ib);
> >
> > Good catch, but while at it please fix the coding style and move the
> > "AMDGPU_IB_POOL_DIRECT, &ib);" on the same line as well.
> >
> > With that done, the patch is Reviewed-by: Christian König
> > <christian.koenig@amd.com>
> >
> > >          if (r)
> > >                  goto err1;
> > > --
> > > 2.25.1
> >

^ permalink raw reply	[flat|nested] 4+ messages in thread
end of thread, other threads:[~2022-04-25 18:00 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-04-25  8:56 [PATCH] Fix out-of-bound access for gfx_v10_0_ring_test_ib() Haohui Mai
2022-04-25 10:52 ` Christian König
2022-04-25 11:02   ` Haohui Mai
2022-04-25 17:59     ` Alex Deucher

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.