From patchwork Mon Feb 6 20:13:18 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Jerome Glisse X-Patchwork-Id: 9558699 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id BEAB2602B1 for ; Mon, 6 Feb 2017 20:13:32 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id A4F8527FA8 for ; Mon, 6 Feb 2017 20:13:32 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 9743A28066; Mon, 6 Feb 2017 20:13:32 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-4.1 required=2.0 tests=BAYES_00, DKIM_ADSP_CUSTOM_MED, DKIM_SIGNED, FREEMAIL_FROM, RCVD_IN_DNSWL_MED, T_DKIM_INVALID autolearn=ham version=3.3.1 Received: from gabe.freedesktop.org (gabe.freedesktop.org [131.252.210.177]) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id 4A8C727FA8 for ; Mon, 6 Feb 2017 20:13:31 +0000 (UTC) Received: from gabe.freedesktop.org (localhost [127.0.0.1]) by gabe.freedesktop.org (Postfix) with ESMTP id 1E19B6E2BC; Mon, 6 Feb 2017 20:13:30 +0000 (UTC) X-Original-To: dri-devel@lists.freedesktop.org Delivered-To: dri-devel@lists.freedesktop.org Received: from mail-qt0-x241.google.com (mail-qt0-x241.google.com [IPv6:2607:f8b0:400d:c0d::241]) by gabe.freedesktop.org (Postfix) with ESMTPS id DB0EA6E2BC for ; Mon, 6 Feb 2017 20:13:28 +0000 (UTC) Received: by mail-qt0-x241.google.com with SMTP id w20so16238829qtb.1 for ; Mon, 06 Feb 2017 12:13:28 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=8FrEOaoCb8LskXPmZQ5/oxNTKHD2k001/HtSW9+M+e0=; b=ceaJbrPl61ksqlzTd/Qvqnew3734g7RpQqeloXRLXIQCWWt3mUnfJz9v5BTxldlmBR maNu9AqElnJXYps0syxspePHxid3oam5CWGx3QekITIvQRUK1RgJ6U3/kc4kiWx3gtmR IkEnBUzG6V0fAmaVUgIVaXM8OIvJjkoBuQmXEoM2sAi/Tx3hLj5RE8bh4bqha6sEFg/I OjFIK3O70/AkAvmVLIF4XurDE/0cPJJYelUH/EMrMVuFtJxhvENWQLcg037Ukn9SYjxK pJRhOb1TSc3CK+cPQi7fIZoXnNj0/8golo/i9FdHvLz9IK/Pvepi3RMNlA6SLXVo3AWP 8ZwQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=8FrEOaoCb8LskXPmZQ5/oxNTKHD2k001/HtSW9+M+e0=; b=mO16OFE2ABs6eahG+ZZRpue5OTzTDeX6u3XmYuIXjpgIq6o4YwceCF+dlXft/OrA3R W8snQK/azs7k4vKcMrycfwuNTaBTWCuu71I7cIhSCjZPw8qMMnUYqszCbSh+949Ont/3 BytGqdn5QJi/cHtNMEMhw7KZNvTTtkCWQsHck4Wn42Bkce/1vrcbuIV5YstHu/842vmr H8C7xBw26q7I9b7phpwnaDS7Y6yoFic9zJNDMpAKiv3jVC3exCLBX2r/qmTJR9XHmgK3 nqoFyVoYp3sgYRkgEtfwVHG6P1DMIUNdmhvXx9q0N8y/3vQm7yu4htCpsIw58HksPyix YMhQ== X-Gm-Message-State: AMke39k9+N6uCpD3i7VeuEpqyoNXCEJsrW1Any11P3jStXsKW7s6G9viX42YufBYKRg9Dw== X-Received: by 10.200.34.146 with SMTP id f18mr12022690qta.39.1486412007925; Mon, 06 Feb 2017 12:13:27 -0800 (PST) Received: from localhost.localdomain.com (nat-pool-bos-t.redhat.com. [66.187.233.206]) by smtp.gmail.com with ESMTPSA id y189sm1382132qky.39.2017.02.06.12.13.27 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Mon, 06 Feb 2017 12:13:27 -0800 (PST) From: j.glisse@gmail.com To: dri-devel@lists.freedesktop.org Subject: [PATCH] drm/radeon: avoid kernel segfault in vce when gpu fails to resume Date: Mon, 6 Feb 2017 15:13:18 -0500 Message-Id: <20170206201318.8520-1-j.glisse@gmail.com> X-Mailer: git-send-email 2.9.3 MIME-Version: 1.0 Cc: =?UTF-8?q?J=C3=A9r=C3=B4me=20Glisse?= X-BeenThere: dri-devel@lists.freedesktop.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: Direct Rendering Infrastructure - Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dri-devel-bounces@lists.freedesktop.org Sender: "dri-devel" X-Virus-Scanned: ClamAV using ClamSMTP From: Jérôme Glisse When GPU fails to resume we can not trust that value we write to GPU memory will post and we might get garbage (more like 0xffffffff on x86) when reading them back. This trigger out of range memory access in the kernel inside the vce resume code path. This patch use canonical value to compute offset instead of reading back value from GPU memory. Signed-off-by: Jérôme Glisse --- drivers/gpu/drm/radeon/vce_v1_0.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/gpu/drm/radeon/vce_v1_0.c b/drivers/gpu/drm/radeon/vce_v1_0.c index a01efe3..f541a4b 100644 --- a/drivers/gpu/drm/radeon/vce_v1_0.c +++ b/drivers/gpu/drm/radeon/vce_v1_0.c @@ -196,7 +196,7 @@ int vce_v1_0_load_fw(struct radeon_device *rdev, uint32_t *data) memset(&data[5], 0, 44); memcpy(&data[16], &sign[1], rdev->vce_fw->size - sizeof(*sign)); - data += le32_to_cpu(data[4]) / 4; + data += (le32_to_cpu(sign->len) + 64) / 4; data[0] = sign->val[i].sigval[0]; data[1] = sign->val[i].sigval[1]; data[2] = sign->val[i].sigval[2];