On Tue, Mar 10, 2020 at 8:53 AM Tom St Denis <tom.stdenis@xxxxxxx> wrote: > > The offset into the array was specified in bytes but should > be in terms of 32-bit words. Also prevent large reads that > would also cause a buffer overread. > > Signed-off-by: Tom St Denis <tom.stdenis@xxxxxxx> > --- > drivers/gpu/drm/amd/amdgpu/amdgpu_debugfs.c | 4 ++-- > 1 file changed, 2 insertions(+), 2 deletions(-) > > diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_debugfs.c b/drivers/gpu/drm/amd/amdgpu/amdgpu_debugfs.c > index c573edf02afc..e0f4ccd91fd4 100644 > --- a/drivers/gpu/drm/amd/amdgpu/amdgpu_debugfs.c > +++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_debugfs.c > @@ -783,11 +783,11 @@ static ssize_t amdgpu_debugfs_gpr_read(struct file *f, char __user *buf, > ssize_t result = 0; > uint32_t offset, se, sh, cu, wave, simd, thread, bank, *data; > > - if (size & 3 || *pos & 3) > + if (size > 4096 || size & 3 || *pos & 3) Is size in dwords as well? Alex > return -EINVAL; > > /* decode offset */ > - offset = *pos & GENMASK_ULL(11, 0); > + offset = (*pos & GENMASK_ULL(11, 0)) / 4; > se = (*pos & GENMASK_ULL(19, 12)) >> 12; > sh = (*pos & GENMASK_ULL(27, 20)) >> 20; > cu = (*pos & GENMASK_ULL(35, 28)) >> 28; > -- > 2.24.1 > > _______________________________________________ > amd-gfx mailing list > amd-gfx@xxxxxxxxxxxxxxxxxxxxx > https://lists.freedesktop.org/mailman/listinfo/amd-gfx _______________________________________________ amd-gfx mailing list amd-gfx@xxxxxxxxxxxxxxxxxxxxx https://lists.freedesktop.org/mailman/listinfo/amd-gfx
