From: Chris Wilson Date: Tue, 31 Dec 2013 15:50:31 +0000 (+0000) Subject: drm/i915: Avoid dereference past end of page array in gen8_ppgtt_insert_entries() X-Git-Url: https://git.stricted.de/?a=commitdiff_plain;h=6f1cc993518462ccf039e195fabd47e7aa5bfd13;p=GitHub%2FLineageOS%2Fandroid_kernel_motorola_exynos9610.git drm/i915: Avoid dereference past end of page array in gen8_ppgtt_insert_entries() The bug from gen6_ppgtt_insert_entries() was replicated into gen8_ppgtt_insert_entries(). This applies the fix for the OOPS from the previous patch to the gen8 routine. Signed-off-by: Chris Wilson Cc: Daniel Vetter Cc: Ben Widawsky Reviewed-by: Ben Widawsky Signed-off-by: Daniel Vetter --- diff --git a/drivers/gpu/drm/i915/i915_gem_gtt.c b/drivers/gpu/drm/i915/i915_gem_gtt.c index de9c945f72a7..8c7ebfa3bd56 100644 --- a/drivers/gpu/drm/i915/i915_gem_gtt.c +++ b/drivers/gpu/drm/i915/i915_gem_gtt.c @@ -297,23 +297,23 @@ static void gen8_ppgtt_insert_entries(struct i915_address_space *vm, unsigned act_pte = first_entry % GEN8_PTES_PER_PAGE; struct sg_page_iter sg_iter; - pt_vaddr = kmap_atomic(&ppgtt->gen8_pt_pages[act_pt]); + pt_vaddr = NULL; for_each_sg_page(pages->sgl, &sg_iter, pages->nents, 0) { - dma_addr_t page_addr; + if (pt_vaddr == NULL) + pt_vaddr = kmap_atomic(&ppgtt->gen8_pt_pages[act_pt]); - page_addr = sg_dma_address(sg_iter.sg) + - (sg_iter.sg_pgoffset << PAGE_SHIFT); - pt_vaddr[act_pte] = gen8_pte_encode(page_addr, cache_level, - true); + pt_vaddr[act_pte] = + gen8_pte_encode(sg_page_iter_dma_address(&sg_iter), + cache_level, true); if (++act_pte == GEN8_PTES_PER_PAGE) { kunmap_atomic(pt_vaddr); + pt_vaddr = NULL; act_pt++; - pt_vaddr = kmap_atomic(&ppgtt->gen8_pt_pages[act_pt]); act_pte = 0; - } } - kunmap_atomic(pt_vaddr); + if (pt_vaddr) + kunmap_atomic(pt_vaddr); } static void gen8_ppgtt_cleanup(struct i915_address_space *vm)