[Bug 194579] AMDGPU: Possible size overflow detected by PaX in ttm_bo_handle_move_mem (drivers/gpu/drm/ttm/ttm_bo.c:388)
bugzilla-daemon at bugzilla.kernel.org
bugzilla-daemon at bugzilla.kernel.org
Tue Feb 21 09:52:58 UTC 2017
https://bugzilla.kernel.org/show_bug.cgi?id=194579
--- Comment #11 from Christian König (deathsimple at vodafone.de) ---
(In reply to PaX Team from comment #9)
> would the following workaround do the job of not triggering the overflow and
> not causing any other logic bugs for our purposes:
Not really.
The issue is that the offset handling should actually be transparent to TTM. So
mem.start can have any value here which might as well overflow during the
assignment.
So even with Nicolais suggestion of using LONG_MAX I would NAK the patch.
The only clean solution I can see is to remove bo->offset altogether and move
that into a helper the drivers can call on demand.
--
You are receiving this mail because:
You are watching the assignee of the bug.
More information about the dri-devel
mailing list