diff options
Diffstat (limited to 'common/recipes-kernel/linux/linux-yocto-4.14.71/4644-drm-amdgpu-fix-parsing-indirect-register-list-v2.patch')
-rw-r--r-- | common/recipes-kernel/linux/linux-yocto-4.14.71/4644-drm-amdgpu-fix-parsing-indirect-register-list-v2.patch | 71 |
1 files changed, 71 insertions, 0 deletions
diff --git a/common/recipes-kernel/linux/linux-yocto-4.14.71/4644-drm-amdgpu-fix-parsing-indirect-register-list-v2.patch b/common/recipes-kernel/linux/linux-yocto-4.14.71/4644-drm-amdgpu-fix-parsing-indirect-register-list-v2.patch new file mode 100644 index 00000000..b8f5e927 --- /dev/null +++ b/common/recipes-kernel/linux/linux-yocto-4.14.71/4644-drm-amdgpu-fix-parsing-indirect-register-list-v2.patch @@ -0,0 +1,71 @@ +From 3d6c9f00ceb322ba49087adef8fd892fb5704951 Mon Sep 17 00:00:00 2001 +From: Evan Quan <evan.quan@amd.com> +Date: Tue, 29 May 2018 16:31:05 +0800 +Subject: [PATCH 4644/5725] drm/amdgpu: fix parsing indirect register list v2 + +WARN_ON possible buffer overflow and avoid unnecessary dereference. + +v2: change BUG_ON to WARN_ON + +Change-Id: I6666d7dcf60acf524f290460d2ffe3f1f5f46354 +Signed-off-by: Evan Quan <evan.quan@amd.com> +Reviewed-by: Huang Rui <ray.huang@amd.com> +--- + drivers/gpu/drm/amd/amdgpu/gfx_v9_0.c | 15 +++++++++------ + 1 file changed, 9 insertions(+), 6 deletions(-) + +diff --git a/drivers/gpu/drm/amd/amdgpu/gfx_v9_0.c b/drivers/gpu/drm/amd/amdgpu/gfx_v9_0.c +index b093777..4527150 100644 +--- a/drivers/gpu/drm/amd/amdgpu/gfx_v9_0.c ++++ b/drivers/gpu/drm/amd/amdgpu/gfx_v9_0.c +@@ -1843,13 +1843,15 @@ static void gfx_v9_1_parse_ind_reg_list(int *register_list_format, + int indirect_offset, + int list_size, + int *unique_indirect_regs, +- int *unique_indirect_reg_count, ++ int unique_indirect_reg_count, + int *indirect_start_offsets, +- int *indirect_start_offsets_count) ++ int *indirect_start_offsets_count, ++ int max_start_offsets_count) + { + int idx; + + for (; indirect_offset < list_size; indirect_offset++) { ++ WARN_ON(*indirect_start_offsets_count >= max_start_offsets_count); + indirect_start_offsets[*indirect_start_offsets_count] = indirect_offset; + *indirect_start_offsets_count = *indirect_start_offsets_count + 1; + +@@ -1857,14 +1859,14 @@ static void gfx_v9_1_parse_ind_reg_list(int *register_list_format, + indirect_offset += 2; + + /* look for the matching indice */ +- for (idx = 0; idx < *unique_indirect_reg_count; idx++) { ++ for (idx = 0; idx < unique_indirect_reg_count; idx++) { + if (unique_indirect_regs[idx] == + register_list_format[indirect_offset] || + !unique_indirect_regs[idx]) + break; + } + +- BUG_ON(idx >= *unique_indirect_reg_count); ++ BUG_ON(idx >= unique_indirect_reg_count); + + if (!unique_indirect_regs[idx]) + unique_indirect_regs[idx] = register_list_format[indirect_offset]; +@@ -1899,9 +1901,10 @@ static int gfx_v9_1_init_rlc_save_restore_list(struct amdgpu_device *adev) + adev->gfx.rlc.reg_list_format_direct_reg_list_length, + adev->gfx.rlc.reg_list_format_size_bytes >> 2, + unique_indirect_regs, +- &unique_indirect_reg_count, ++ unique_indirect_reg_count, + indirect_start_offsets, +- &indirect_start_offsets_count); ++ &indirect_start_offsets_count, ++ ARRAY_SIZE(indirect_start_offsets)); + + /* enable auto inc in case it is disabled */ + tmp = RREG32(SOC15_REG_OFFSET(GC, 0, mmRLC_SRM_CNTL)); +-- +2.7.4 + |