This is a note to let you know that I've just added the patch titled drm/i915: Compare user's 64b GTT offset even on 32b to the 4.19-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary The filename of the patch is: drm-i915-compare-user-s-64b-gtt-offset-even-on-32b.patch and it can be found in the queue-4.19 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable@xxxxxxxxxxxxxxx> know about it. >From 085603287452fc96376ed4888bf29f8c095d2b40 Mon Sep 17 00:00:00 2001 From: Chris Wilson <chris@xxxxxxxxxxxxxxxxxx> Date: Thu, 25 Oct 2018 10:18:23 +0100 Subject: drm/i915: Compare user's 64b GTT offset even on 32b From: Chris Wilson <chris@xxxxxxxxxxxxxxxxxx> commit 085603287452fc96376ed4888bf29f8c095d2b40 upstream. Beware mixing unsigned long constants and 64b values, as on 32b the constant will be zero extended and discard the high 32b when used as a mask! Reported-by: Sergii Romantsov <sergii.romantsov@xxxxxxxxxxxxxxx> Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=108282 Signed-off-by: Chris Wilson <chris@xxxxxxxxxxxxxxxxxx> Cc: Joonas Lahtinen <joonas.lahtinen@xxxxxxxxxxxxxxx> Cc: stable@xxxxxxxxxxxxxxx Reviewed-by: Matthew Auld <matthew.auld@xxxxxxxxx> Link: https://patchwork.freedesktop.org/patch/msgid/20181025091823.20571-2-chris@xxxxxxxxxxxxxxxxxx (cherry picked from commit 6fc4e48f9ed46e9adff236a0c350074aafa3b7fa) Signed-off-by: Joonas Lahtinen <joonas.lahtinen@xxxxxxxxxxxxxxx> Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx> --- drivers/gpu/drm/i915/gvt/gtt.h | 1 - drivers/gpu/drm/i915/i915_gem_execbuffer.c | 2 +- drivers/gpu/drm/i915/i915_gem_gtt.h | 2 ++ 3 files changed, 3 insertions(+), 2 deletions(-) --- a/drivers/gpu/drm/i915/gvt/gtt.h +++ b/drivers/gpu/drm/i915/gvt/gtt.h @@ -35,7 +35,6 @@ #define _GVT_GTT_H_ #define I915_GTT_PAGE_SHIFT 12 -#define I915_GTT_PAGE_MASK (~(I915_GTT_PAGE_SIZE - 1)) struct intel_vgpu_mm; --- a/drivers/gpu/drm/i915/i915_gem_execbuffer.c +++ b/drivers/gpu/drm/i915/i915_gem_execbuffer.c @@ -458,7 +458,7 @@ eb_validate_vma(struct i915_execbuffer * * any non-page-aligned or non-canonical addresses. */ if (unlikely(entry->flags & EXEC_OBJECT_PINNED && - entry->offset != gen8_canonical_addr(entry->offset & PAGE_MASK))) + entry->offset != gen8_canonical_addr(entry->offset & I915_GTT_PAGE_MASK))) return -EINVAL; /* pad_to_size was once a reserved field, so sanitize it */ --- a/drivers/gpu/drm/i915/i915_gem_gtt.h +++ b/drivers/gpu/drm/i915/i915_gem_gtt.h @@ -49,6 +49,8 @@ #define I915_GTT_PAGE_SIZE I915_GTT_PAGE_SIZE_4K #define I915_GTT_MAX_PAGE_SIZE I915_GTT_PAGE_SIZE_2M +#define I915_GTT_PAGE_MASK -I915_GTT_PAGE_SIZE + #define I915_GTT_MIN_ALIGNMENT I915_GTT_PAGE_SIZE #define I915_FENCE_REG_NONE -1 Patches currently in stable-queue which might be from chris@xxxxxxxxxxxxxxxxxx are queue-4.19/drm-i915-don-t-oops-during-modeset-shutdown-after-lpe-audio-deinit.patch queue-4.19/drm-i915-large-page-offsets-for-pread-pwrite.patch queue-4.19/drm-i915-ringbuffer-delay-after-emit_invalidate-for-gen4-gen5.patch queue-4.19/drm-i915-mark-up-gtt-sizes-as-u64.patch queue-4.19/drm-i915-compare-user-s-64b-gtt-offset-even-on-32b.patch queue-4.19/drm-i915-execlists-force-write-serialisation-into-context-image-vs-execution.patch queue-4.19/drm-i915-mark-pin-flags-as-u64.patch