This is a note to let you know that I've just added the patch titled
drm/etnaviv: Fix off-by-one error in reloc checking
to the 4.12-stable tree which can be found at:
http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary
The filename of the patch is:
drm-etnaviv-fix-off-by-one-error-in-reloc-checking.patch
and it can be found in the queue-4.12 subdirectory.
If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.
>From d6f756e09f01ea7a0efbbcef269a1e384a35d824 Mon Sep 17 00:00:00 2001
From: "Wladimir J. van der Laan" <laanwj@xxxxxxxxx>
Date: Tue, 25 Jul 2017 14:33:36 +0200
Subject: drm/etnaviv: Fix off-by-one error in reloc checking
From: Wladimir J. van der Laan <laanwj@xxxxxxxxx>
commit d6f756e09f01ea7a0efbbcef269a1e384a35d824 upstream.
A relocation pointing to the last four bytes of a buffer can
legitimately happen in the case of small vertex buffers.
Signed-off-by: Wladimir J. van der Laan <laanwj@xxxxxxxxx>
Reviewed-by: Philipp Zabel <p.zabel@xxxxxxxxxxxxxx>
Reviewed-by: Christian Gmeiner <christian.gmeiner@xxxxxxxxx>
Signed-off-by: Lucas Stach <l.stach@xxxxxxxxxxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
---
drivers/gpu/drm/etnaviv/etnaviv_gem_submit.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
--- a/drivers/gpu/drm/etnaviv/etnaviv_gem_submit.c
+++ b/drivers/gpu/drm/etnaviv/etnaviv_gem_submit.c
@@ -270,8 +270,8 @@ static int submit_reloc(struct etnaviv_g
if (ret)
return ret;
- if (r->reloc_offset >= bo->obj->base.size - sizeof(*ptr)) {
- DRM_ERROR("relocation %u outside object", i);
+ if (r->reloc_offset > bo->obj->base.size - sizeof(*ptr)) {
+ DRM_ERROR("relocation %u outside object\n", i);
return -EINVAL;
}
Patches currently in stable-queue which might be from laanwj@xxxxxxxxx are
queue-4.12/drm-etnaviv-fix-off-by-one-error-in-reloc-checking.patch