[Bug 194579] AMDGPU: Possible size overflow detected by PaX in ttm_bo_handle_move_mem (drivers/gpu/drm/ttm/ttm_bo.c:388)
bugzilla-daemon at bugzilla.kernel.org
bugzilla-daemon at bugzilla.kernel.org
Tue Feb 21 13:19:29 UTC 2017
https://bugzilla.kernel.org/show_bug.cgi?id=194579
--- Comment #12 from PaX Team (pageexec at freemail.hu) ---
(In reply to Christian König from comment #11)
> The issue is that the offset handling should actually be transparent to TTM.
> So mem.start can have any value here which might as well overflow during the
> assignment.
>
> So even with Nicolais suggestion of using LONG_MAX I would NAK the patch.
>
> The only clean solution I can see is to remove bo->offset altogether and
> move that into a helper the drivers can call on demand.
obviously i'm not qualified to do that kind of surgery ;), i'd just like
to keep our existing overflow checking instrumentation for
tm_buffer_object.offset
instead of getting rid of it because of just one intentional overflow. if
setting ->offset regardless of any overflows is important then couldn't we
go the other way and change the value of AMDGPU_BO_INVALID_OFFSET to something
that would not trigger the overflow here? say LONG_MAX >> PAGE_SHIFT. would
that work/not clash with otherwise valid values for this offset? (makes me
also wonder why ULONG_MAX isn't used since that would produce an even bigger
safety zone)
--
You are receiving this mail because:
You are watching the assignee of the bug.
More information about the dri-devel
mailing list