| Message ID | 20200912102558.656-1-zhenzhong.duan@gmail.com |
|---|---|
| State | Accepted |
| Commit | 08d3ab4b46339bc6f97e83b54a3fb4f8bf8f4cd9 |
| Headers | show |
| Series | drm/msm/a6xx: fix a potential overflow issue | expand |
On Sat, Sep 12, 2020 at 06:25:58PM +0800, Zhenzhong Duan wrote: > It's allocating an array of a6xx_gpu_state_obj structure rathor than > its pointers. > > This patch fix it. > > Signed-off-by: Zhenzhong Duan <zhenzhong.duan@gmail.com> LGTM but should have a Fixes: tag for the stable trees Fixes: d6852b4b2d01 ("drm/msm/a6xx: Track and manage a6xx state memory") Reviewed-by: Jordan Crouse <jcrouse@codeaurora.org> > --- > drivers/gpu/drm/msm/adreno/a6xx_gpu_state.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/drivers/gpu/drm/msm/adreno/a6xx_gpu_state.c b/drivers/gpu/drm/msm/adreno/a6xx_gpu_state.c > index b12f5b4..e9ede19 100644 > --- a/drivers/gpu/drm/msm/adreno/a6xx_gpu_state.c > +++ b/drivers/gpu/drm/msm/adreno/a6xx_gpu_state.c > @@ -875,7 +875,7 @@ static void a6xx_get_indexed_registers(struct msm_gpu *gpu, > int i; > > a6xx_state->indexed_regs = state_kcalloc(a6xx_state, count, > - sizeof(a6xx_state->indexed_regs)); > + sizeof(*a6xx_state->indexed_regs)); > if (!a6xx_state->indexed_regs) > return; > > -- > 1.8.3.1 >
On Sat 12 Sep 10:25 UTC 2020, Zhenzhong Duan wrote: > It's allocating an array of a6xx_gpu_state_obj structure rathor than > its pointers. > > This patch fix it. > Reviewed-by: Bjorn Andersson <bjorn.andersson@linaro.org> > Signed-off-by: Zhenzhong Duan <zhenzhong.duan@gmail.com> > --- > drivers/gpu/drm/msm/adreno/a6xx_gpu_state.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/drivers/gpu/drm/msm/adreno/a6xx_gpu_state.c b/drivers/gpu/drm/msm/adreno/a6xx_gpu_state.c > index b12f5b4..e9ede19 100644 > --- a/drivers/gpu/drm/msm/adreno/a6xx_gpu_state.c > +++ b/drivers/gpu/drm/msm/adreno/a6xx_gpu_state.c > @@ -875,7 +875,7 @@ static void a6xx_get_indexed_registers(struct msm_gpu *gpu, > int i; > > a6xx_state->indexed_regs = state_kcalloc(a6xx_state, count, > - sizeof(a6xx_state->indexed_regs)); > + sizeof(*a6xx_state->indexed_regs)); > if (!a6xx_state->indexed_regs) > return; > > -- > 1.8.3.1 >
On Tue, Sep 15, 2020 at 12:20 AM Jordan Crouse <jcrouse@codeaurora.org> wrote: > > On Sat, Sep 12, 2020 at 06:25:58PM +0800, Zhenzhong Duan wrote: > > It's allocating an array of a6xx_gpu_state_obj structure rathor than > > its pointers. > > > > This patch fix it. > > > > Signed-off-by: Zhenzhong Duan <zhenzhong.duan@gmail.com> > > LGTM but should have a Fixes: tag for the stable trees > > Fixes: d6852b4b2d01 ("drm/msm/a6xx: Track and manage a6xx state memory") > Reviewed-by: Jordan Crouse <jcrouse@codeaurora.org> I had sent a v2 version with same change as you suggested on Sep 14, could you help review it? Thanks https://lkml.org/lkml/2020/9/13/311
diff --git a/drivers/gpu/drm/msm/adreno/a6xx_gpu_state.c b/drivers/gpu/drm/msm/adreno/a6xx_gpu_state.c index b12f5b4..e9ede19 100644 --- a/drivers/gpu/drm/msm/adreno/a6xx_gpu_state.c +++ b/drivers/gpu/drm/msm/adreno/a6xx_gpu_state.c @@ -875,7 +875,7 @@ static void a6xx_get_indexed_registers(struct msm_gpu *gpu, int i; a6xx_state->indexed_regs = state_kcalloc(a6xx_state, count, - sizeof(a6xx_state->indexed_regs)); + sizeof(*a6xx_state->indexed_regs)); if (!a6xx_state->indexed_regs) return;
It's allocating an array of a6xx_gpu_state_obj structure rathor than its pointers. This patch fix it. Signed-off-by: Zhenzhong Duan <zhenzhong.duan@gmail.com> --- drivers/gpu/drm/msm/adreno/a6xx_gpu_state.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)