kernel / kernel-source

Clone
Source Code
GIT

Files

  1.   a99b602ac2b8c237ced40a4769f19ed10f16288a
  2.   patches.suse
  3.   7900-drm-vgem-off-by-one-in-vgem_gem_fault
Blob Blame History Raw 
From: Dan Carpenter <dan.carpenter@oracle.com>
Date: Tue, 3 Jul 2018 15:29:21 +0300
Subject: drm/vgem: off by one in vgem_gem_fault()
Git-commit: de10eba0f68a161f3176b710b6e27d291d48aac2
Patch-mainline: v4.19-rc1
References: FATE#326289 FATE#326079 FATE#326049 FATE#322398 FATE#326166

If page_offset is == num_pages then we end up reading beyond the end of
obj->pages[].

Fixes: af33a9190d02 ("drm/vgem: Enable dmabuf import interfaces")
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Daniel Vetter <daniel.vetter@ffwll.ch>
Link: https://patchwork.freedesktop.org/patch/msgid/20180703122921.brlfxl4vx2ybvrd2@kili.mountain

Acked-by: Petr Tesarik <ptesarik@suse.com>
---
 drivers/gpu/drm/vgem/vgem_drv.c |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

--- a/drivers/gpu/drm/vgem/vgem_drv.c
+++ b/drivers/gpu/drm/vgem/vgem_drv.c
@@ -74,7 +74,7 @@ static int vgem_gem_fault(struct vm_faul
 
 	num_pages = DIV_ROUND_UP(obj->base.size, PAGE_SIZE);
 
-	if (page_offset > num_pages)
+	if (page_offset >= num_pages)
 		return VM_FAULT_SIGBUS;
 
 	ret = -ENOENT;
Powered by Pagure 5.13.3
DocumentationAbout this InstanceSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.