[PATCH 1/2] drm/ttm: fix out-of-bounds read in ttm_put_pages() v2

Jann Horn jannh at google.com
Tue Apr 2 14:57:51 UTC 2019


On Tue, Apr 2, 2019 at 9:40 AM Christian König
<ckoenig.leichtzumerken at gmail.com> wrote:
> When ttm_put_pages() tries to figure out whether it's dealing with
> transparent hugepages, it just reads past the bounds of the pages array
> without a check.
>
> v2: simplify the test if enough pages are left in the array (Christian).
>
> Signed-off-by: Jann Horn <jannh at google.com>
> Signed-off-by: Christian König <christian.koenig at amd.com>
> Fixes: 5c42c64f7d54 ("drm/ttm: fix the fix for huge compound pages")
> Cc: stable at vger.kernel.org

Thanks; I've verified that with these patches applied, my VM doesn't
print an ASAN warning on boot anymore.


More information about the dri-devel mailing list