* [Bug 188621] New: Function kfd_wait_on_events() does not set error code when the call to copy_from_user() fails @ 2016-11-25 10:42 bugzilla-daemon 2016-11-25 11:53 ` [Bug 188621] " bugzilla-daemon ` (4 more replies) 0 siblings, 5 replies; 6+ messages in thread From: bugzilla-daemon @ 2016-11-25 10:42 UTC (permalink / raw) To: dri-devel https://bugzilla.kernel.org/show_bug.cgi?id=188621 Bug ID: 188621 Summary: Function kfd_wait_on_events() does not set error code when the call to copy_from_user() fails Product: Drivers Version: 2.5 Kernel Version: linux-4.9-rc6 Hardware: All OS: Linux Tree: Mainline Status: NEW Severity: normal Priority: P1 Component: Video(DRI - non Intel) Assignee: drivers_video-dri@kernel-bugs.osdl.org Reporter: bianpan2010@ruc.edu.cn Regression: No The return value of copy_from_user() indicates the number of bytes that cannot be copied, and there may be something wrong when the value is non-zero. In function kfd_wait_on_events() defined in file drivers/gpu/drm/amd/amdkfd/kfd_events.c, variable ret takes the error code. At line 743, the value of ret must be 0, and thus it will return 0 when copy_from_user() fails. 0 indicates there is no error, which is contrary to the fact. Maybe it is better to assign "-EFAULT" to ret when the check of the return value of copy_from_user() fails at line 741. Codes related to this bug are summarised as follows. kfd_wait_on_events @@ drivers/gpu/drm/amd/amdkfd/kfd_events.c 718 int kfd_wait_on_events(struct kfd_process *p, 719 uint32_t num_events, void __user *data, 720 bool all, uint32_t user_timeout_ms, 721 enum kfd_event_wait_result *wait_result) 722 { ... 726 int ret = 0; ... 730 mutex_lock(&p->event_mutex); 731 732 event_waiters = alloc_event_waiters(num_events); 733 if (!event_waiters) { 734 ret = -ENOMEM; 735 goto fail; 736 } 737 738 for (i = 0; i < num_events; i++) { 739 struct kfd_event_data event_data; 740 741 if (copy_from_user(&event_data, &events[i], 742 sizeof(struct kfd_event_data))) 743 goto fail; // insert "ret = -EFAULT;" before this jump instruction? 744 745 ret = init_event_waiter(p, &event_waiters[i], 746 event_data.event_id, i); 747 if (ret) 748 goto fail; 749 } ... 796 fail: 797 if (event_waiters) 798 free_waiters(num_events, event_waiters); 799 800 mutex_unlock(&p->event_mutex); 801 802 *wait_result = KFD_WAIT_ERROR; 803 804 return ret; 805 } Thanks very much! -- You are receiving this mail because: You are watching the assignee of the bug. _______________________________________________ dri-devel mailing list dri-devel@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/dri-devel ^ permalink raw reply [flat|nested] 6+ messages in thread
* [Bug 188621] Function kfd_wait_on_events() does not set error code when the call to copy_from_user() fails 2016-11-25 10:42 [Bug 188621] New: Function kfd_wait_on_events() does not set error code when the call to copy_from_user() fails bugzilla-daemon @ 2016-11-25 11:53 ` bugzilla-daemon 2016-12-01 8:22 ` bugzilla-daemon ` (3 subsequent siblings) 4 siblings, 0 replies; 6+ messages in thread From: bugzilla-daemon @ 2016-11-25 11:53 UTC (permalink / raw) To: dri-devel https://bugzilla.kernel.org/show_bug.cgi?id=188621 --- Comment #1 from Oded Gabbay <oded.gabbay@gmail.com> --- I'll look into it. Thanks for the bug. Oded -- You are receiving this mail because: You are watching the assignee of the bug. _______________________________________________ dri-devel mailing list dri-devel@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/dri-devel ^ permalink raw reply [flat|nested] 6+ messages in thread
* [Bug 188621] Function kfd_wait_on_events() does not set error code when the call to copy_from_user() fails 2016-11-25 10:42 [Bug 188621] New: Function kfd_wait_on_events() does not set error code when the call to copy_from_user() fails bugzilla-daemon 2016-11-25 11:53 ` [Bug 188621] " bugzilla-daemon @ 2016-12-01 8:22 ` bugzilla-daemon 2016-12-01 8:36 ` bugzilla-daemon ` (2 subsequent siblings) 4 siblings, 0 replies; 6+ messages in thread From: bugzilla-daemon @ 2016-12-01 8:22 UTC (permalink / raw) To: dri-devel https://bugzilla.kernel.org/show_bug.cgi?id=188621 --- Comment #2 from bianpan <bianpan2010@ruc.edu.cn> --- Created attachment 246531 --> https://bugzilla.kernel.org/attachment.cgi?id=246531&action=edit A patch to fix the bug I created a patch to fix the bug. Please check whether it is suitable. Thanks! -- You are receiving this mail because: You are watching the assignee of the bug. _______________________________________________ dri-devel mailing list dri-devel@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/dri-devel ^ permalink raw reply [flat|nested] 6+ messages in thread
* [Bug 188621] Function kfd_wait_on_events() does not set error code when the call to copy_from_user() fails 2016-11-25 10:42 [Bug 188621] New: Function kfd_wait_on_events() does not set error code when the call to copy_from_user() fails bugzilla-daemon 2016-11-25 11:53 ` [Bug 188621] " bugzilla-daemon 2016-12-01 8:22 ` bugzilla-daemon @ 2016-12-01 8:36 ` bugzilla-daemon 2017-01-16 15:40 ` bugzilla-daemon 2017-05-11 9:33 ` bugzilla-daemon 4 siblings, 0 replies; 6+ messages in thread From: bugzilla-daemon @ 2016-12-01 8:36 UTC (permalink / raw) To: dri-devel https://bugzilla.kernel.org/show_bug.cgi?id=188621 --- Comment #3 from Oded Gabbay <oded.gabbay@gmail.com> --- I'll take a look. Thanks! Oded -- You are receiving this mail because: You are watching the assignee of the bug. _______________________________________________ dri-devel mailing list dri-devel@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/dri-devel ^ permalink raw reply [flat|nested] 6+ messages in thread
* [Bug 188621] Function kfd_wait_on_events() does not set error code when the call to copy_from_user() fails 2016-11-25 10:42 [Bug 188621] New: Function kfd_wait_on_events() does not set error code when the call to copy_from_user() fails bugzilla-daemon ` (2 preceding siblings ...) 2016-12-01 8:36 ` bugzilla-daemon @ 2017-01-16 15:40 ` bugzilla-daemon 2017-05-11 9:33 ` bugzilla-daemon 4 siblings, 0 replies; 6+ messages in thread From: bugzilla-daemon @ 2017-01-16 15:40 UTC (permalink / raw) To: dri-devel https://bugzilla.kernel.org/show_bug.cgi?id=188621 --- Comment #4 from Oded Gabbay <oded.gabbay@gmail.com> --- Hi, Sent the patch to upstream for kernel 4.11 merge window. Oded -- You are receiving this mail because: You are watching the assignee of the bug. _______________________________________________ dri-devel mailing list dri-devel@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/dri-devel ^ permalink raw reply [flat|nested] 6+ messages in thread
* [Bug 188621] Function kfd_wait_on_events() does not set error code when the call to copy_from_user() fails 2016-11-25 10:42 [Bug 188621] New: Function kfd_wait_on_events() does not set error code when the call to copy_from_user() fails bugzilla-daemon ` (3 preceding siblings ...) 2017-01-16 15:40 ` bugzilla-daemon @ 2017-05-11 9:33 ` bugzilla-daemon 4 siblings, 0 replies; 6+ messages in thread From: bugzilla-daemon @ 2017-05-11 9:33 UTC (permalink / raw) To: dri-devel https://bugzilla.kernel.org/show_bug.cgi?id=188621 bianpan (bianpan2010@ruc.edu.cn) changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution|--- |CODE_FIX --- Comment #5 from bianpan (bianpan2010@ruc.edu.cn) --- Bug fixed. Thanks. I will close it. -- You are receiving this mail because: You are watching the assignee of the bug. _______________________________________________ dri-devel mailing list dri-devel@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/dri-devel ^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2017-05-11 9:33 UTC | newest] Thread overview: 6+ messages (download: mbox.gz / follow: Atom feed) -- links below jump to the message on this page -- 2016-11-25 10:42 [Bug 188621] New: Function kfd_wait_on_events() does not set error code when the call to copy_from_user() fails bugzilla-daemon 2016-11-25 11:53 ` [Bug 188621] " bugzilla-daemon 2016-12-01 8:22 ` bugzilla-daemon 2016-12-01 8:36 ` bugzilla-daemon 2017-01-16 15:40 ` bugzilla-daemon 2017-05-11 9:33 ` bugzilla-daemon
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.