[PATCH] drm/amdgpu: Fix size overflow

xinhui pan xinhui.pan at amd.com
Wed Apr 7 11:35:47 UTC 2021


ttm->num_pages is uint32. Hit overflow when << PAGE_SHIFT directly

Fix: 230c079fd (drm/ttm: make num_pages uint32_t)

Signed-off-by: xinhui pan <xinhui.pan at amd.com>
---
 drivers/gpu/drm/amd/amdgpu/amdgpu_ttm.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_ttm.c b/drivers/gpu/drm/amd/amdgpu/amdgpu_ttm.c
index fbaa4c148cca..01a5c487505c 100644
--- a/drivers/gpu/drm/amd/amdgpu/amdgpu_ttm.c
+++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_ttm.c
@@ -830,7 +830,7 @@ static int amdgpu_ttm_tt_pin_userptr(struct ttm_device *bdev,
 
 	/* Allocate an SG array and squash pages into it */
 	r = sg_alloc_table_from_pages(ttm->sg, ttm->pages, ttm->num_pages, 0,
-				      ttm->num_pages << PAGE_SHIFT,
+				      ttm->num_pages * (1ULL << PAGE_SHIFT),
 				      GFP_KERNEL);
 	if (r)
 		goto release_sg;
-- 
2.25.1



More information about the amd-gfx mailing list