The offset inside the page wasn't included in the copy call meaning the start of the page was being read/written instead. Reported-by: Jay Cornwall <Jay.Cornwall at amd.com> Signed-off-by: Tom St Denis <tom.stdenis at amd.com> --- drivers/gpu/drm/amd/amdgpu/amdgpu_ttm.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_ttm.c b/drivers/gpu/drm/amd/amdgpu/amdgpu_ttm.c index 291dd3d600cd..d2ab40494a4c 100644 --- a/drivers/gpu/drm/amd/amdgpu/amdgpu_ttm.c +++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_ttm.c @@ -1996,7 +1996,7 @@ static ssize_t amdgpu_iomem_read(struct file *f, char __user *buf, return -EPERM; ptr = kmap(p); - r = copy_to_user(buf, ptr, bytes); + r = copy_to_user(buf, ptr + off, bytes); kunmap(p); if (r) return -EFAULT; @@ -2040,7 +2040,7 @@ static ssize_t amdgpu_iomem_write(struct file *f, const char __user *buf, return -EPERM; ptr = kmap(p); - r = copy_from_user(ptr, buf, bytes); + r = copy_from_user(ptr + off, buf, bytes); kunmap(p); if (r) return -EFAULT; -- 2.14.3
