On Tue, Jul 03, 2018 at 03:29:21PM +0300, Dan Carpenter wrote: > If page_offset is == num_pages then we end up reading beyond the end of > obj->pages[]. > > Fixes: af33a9190d02 ("drm/vgem: Enable dmabuf import interfaces") > Signed-off-by: Dan Carpenter <dan.carpenter@xxxxxxxxxx> > --- > Static analysis. Not tested Applied, thanks. -Daniel > > diff --git a/drivers/gpu/drm/vgem/vgem_drv.c b/drivers/gpu/drm/vgem/vgem_drv.c > index c64a85950c82..0e5620f76ee0 100644 > --- a/drivers/gpu/drm/vgem/vgem_drv.c > +++ b/drivers/gpu/drm/vgem/vgem_drv.c > @@ -74,7 +74,7 @@ static vm_fault_t vgem_gem_fault(struct vm_fault *vmf) > > num_pages = DIV_ROUND_UP(obj->base.size, PAGE_SIZE); > > - if (page_offset > num_pages) > + if (page_offset >= num_pages) > return VM_FAULT_SIGBUS; > > mutex_lock(&obj->pages_lock); -- Daniel Vetter Software Engineer, Intel Corporation http://blog.ffwll.ch _______________________________________________ dri-devel mailing list dri-devel@xxxxxxxxxxxxxxxxxxxxx https://lists.freedesktop.org/mailman/listinfo/dri-devel