| Message ID | 20230419122233.3440-1-hackyzh002@gmail.com |
|---|---|
| State | Accepted |
| Commit | 87c2213e85bd81e4a9a4d0880c256568794ae388 |
| Headers | show |
| Series | [V3,1/2] drm/radeon: Fix integer overflow in radeon_cs_parser_init | expand |
hello What is the current status of this patch, has it been applied? hackyzh002 <hackyzh002@gmail.com> 于2023年4月19日周三 20:23写道: > > The type of size is unsigned int, if size is 0x40000000, there will > be an integer overflow, size will be zero after size *= sizeof(uint32_t), > will cause uninitialized memory to be referenced later. > > Signed-off-by: hackyzh002 <hackyzh002@gmail.com> > --- > drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c b/drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c > index 08eced097..89bcacc65 100644 > --- a/drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c > +++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c > @@ -192,7 +192,7 @@ static int amdgpu_cs_pass1(struct amdgpu_cs_parser *p, > uint64_t *chunk_array_user; > uint64_t *chunk_array; > uint32_t uf_offset = 0; > - unsigned int size; > + size_t size; > int ret; > int i; > > -- > 2.34.1 >
As per my prior reply, it has been applied. Thanks, Alex On Thu, Apr 27, 2023 at 8:39 AM whitehat002 whitehat002 <hackyzh002@gmail.com> wrote: > > hello > What is the current status of this patch, has it been applied? > > > hackyzh002 <hackyzh002@gmail.com> 于2023年4月19日周三 20:23写道: > > > > The type of size is unsigned int, if size is 0x40000000, there will > > be an integer overflow, size will be zero after size *= sizeof(uint32_t), > > will cause uninitialized memory to be referenced later. > > > > Signed-off-by: hackyzh002 <hackyzh002@gmail.com> > > --- > > drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c | 2 +- > > 1 file changed, 1 insertion(+), 1 deletion(-) > > > > diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c b/drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c > > index 08eced097..89bcacc65 100644 > > --- a/drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c > > +++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c > > @@ -192,7 +192,7 @@ static int amdgpu_cs_pass1(struct amdgpu_cs_parser *p, > > uint64_t *chunk_array_user; > > uint64_t *chunk_array; > > uint32_t uf_offset = 0; > > - unsigned int size; > > + size_t size; > > int ret; > > int i; > > > > -- > > 2.34.1 > >
these? https://patchwork.freedesktop.org/series/116699/ https://patchwork.freedesktop.org/series/116695/ On Thu, Apr 27, 2023 at 8:45 PM whitehat002 whitehat002 <hackyzh002@gmail.com> wrote: > > Alex,I have a question, why I don't see it on the > https://patchwork.freedesktop.org/ > > Alex Deucher <alexdeucher@gmail.com> 于2023年4月27日周四 20:40写道: > > > > As per my prior reply, it has been applied. > > > > Thanks, > > > > Alex > > > > On Thu, Apr 27, 2023 at 8:39 AM whitehat002 whitehat002 > > <hackyzh002@gmail.com> wrote: > > > > > > hello > > > What is the current status of this patch, has it been applied? > > > > > > > > > hackyzh002 <hackyzh002@gmail.com> 于2023年4月19日周三 20:23写道: > > > > > > > > The type of size is unsigned int, if size is 0x40000000, there will > > > > be an integer overflow, size will be zero after size *= sizeof(uint32_t), > > > > will cause uninitialized memory to be referenced later. > > > > > > > > Signed-off-by: hackyzh002 <hackyzh002@gmail.com> > > > > --- > > > > drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c | 2 +- > > > > 1 file changed, 1 insertion(+), 1 deletion(-) > > > > > > > > diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c b/drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c > > > > index 08eced097..89bcacc65 100644 > > > > --- a/drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c > > > > +++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c > > > > @@ -192,7 +192,7 @@ static int amdgpu_cs_pass1(struct amdgpu_cs_parser *p, > > > > uint64_t *chunk_array_user; > > > > uint64_t *chunk_array; > > > > uint32_t uf_offset = 0; > > > > - unsigned int size; > > > > + size_t size; > > > > int ret; > > > > int i; > > > > > > > > -- > > > > 2.34.1 > > > >
diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c b/drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c index 08eced097..89bcacc65 100644 --- a/drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c +++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c @@ -192,7 +192,7 @@ static int amdgpu_cs_pass1(struct amdgpu_cs_parser *p, uint64_t *chunk_array_user; uint64_t *chunk_array; uint32_t uf_offset = 0; - unsigned int size; + size_t size; int ret; int i;
The type of size is unsigned int, if size is 0x40000000, there will be an integer overflow, size will be zero after size *= sizeof(uint32_t), will cause uninitialized memory to be referenced later. Signed-off-by: hackyzh002 <hackyzh002@gmail.com> --- drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)