UbiquitousOS
/
OpenCloudOS-Kernel
mirror of https://gitee.com/OpenCloudOS/OpenCloudOS-Kernel.git
11
0
Fork 0
Code Issues Projects Releases Wiki Activity
OpenCloudOS-Kernel/drivers/gpu/drm/amd/amdkfd
History
Jeremy Cline 8b335bff64 drm/amdkfd: Fix out-of-bounds read in kdf_create_vcrat_image_cpu() 
KASAN reported a slab-out-of-bounds read of size 1 in
kdf_create_vcrat_image_cpu().

This occurs when, for example, when on an x86_64 with a single NUMA node
because kfd_fill_iolink_info_for_cpu() is a no-op, but afterwards the
sub_type_hdr->length, which is out-of-bounds, is read and multiplied by
entries. Fortunately, entries is 0 in this case so the overall
crat_table->length is still correct.

Check if there were any entries before de-referencing sub_type_hdr which
may be pointing to out-of-bounds memory.

Fixes: b7b6c38529 ("drm/amdkfd: Calculate CPU VCRAT size dynamically (v2)")
Suggested-by: Felix Kuehling <Felix.Kuehling@amd.com>
Signed-off-by: Jeremy Cline <jcline@redhat.com>
Reviewed-by: Felix Kuehling <Felix.Kuehling@amd.com>
Signed-off-by: Felix Kuehling <Felix.Kuehling@amd.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
 		2021-01-14 00:23:39 -05:00
..
Kconfig drm/amdgpu: Fix spelling mistake "Heterogenous" -> "Heterogeneous" 2020-12-15 11:35:53 -05:00
Makefile drm/amdkfd: Provide SMI events watch 2020-07-15 13:27:34 -04:00
cik_event_interrupt.c Merge tag 'amd-drm-next-5.11-2020-11-05' of git://people.freedesktop.org/~agd5f/linux into drm-next 2020-11-10 17:48:47 +10:00
cik_int.h
cik_regs.h
cwsr_trap_handler.h drm/amdkfd: Fix spurious debug exception on gfx10 2020-08-10 17:26:51 -04:00
cwsr_trap_handler_gfx8.asm drm/amdkfd: Remove dead code from gfx8/gfx9 trap handlers 2019-07-30 23:22:18 -05:00
cwsr_trap_handler_gfx9.asm drm/amdkfd: Remove dead code from gfx8/gfx9 trap handlers 2019-07-30 23:22:18 -05:00
cwsr_trap_handler_gfx10.asm drm/amdkfd: Fix spurious debug exception on gfx10 2020-08-10 17:26:51 -04:00
kfd_chardev.c drm/amdkfd: Fix leak in dmabuf import 2020-12-08 23:05:47 -05:00
kfd_crat.c drm/amdkfd: Fix out-of-bounds read in kdf_create_vcrat_image_cpu() 2021-01-14 00:23:39 -05:00
kfd_crat.h
kfd_dbgdev.c drm, iommu: Change type of pasid to u32 2020-09-17 19:21:16 +02:00
kfd_dbgdev.h
kfd_dbgmgr.c drm/amdkfd: Use hex print format for pasid 2019-10-03 09:11:03 -05:00
kfd_dbgmgr.h drm, iommu: Change type of pasid to u32 2020-09-17 19:21:16 +02:00
kfd_debugfs.c drm/amdkfd: Fix permissions of hang_hws 2020-01-07 11:54:30 -05:00
kfd_device.c drm/amdkfd: PCIe atomics required for gfx10 2020-12-17 16:43:14 -05:00
kfd_device_queue_manager.c drm/amdkfd: correct pipe offset calculation 2020-12-10 16:41:49 -05:00
kfd_device_queue_manager.h drm/amdkfd: sparse: Fix warning in reading SDMA counters 2020-08-24 12:22:32 -04:00
kfd_device_queue_manager_cik.c
kfd_device_queue_manager_v9.c drm/amdgpu: store noretry parameter per driver instance 2020-09-25 16:55:16 -04:00
kfd_device_queue_manager_v10.c drm/amdkfd: Use same SQ prefetch setting as amdgpu 2020-10-21 23:06:07 -04:00
kfd_device_queue_manager_vi.c
kfd_doorbell.c drm/amdkfd: Move process doorbell allocation into kfd device 2020-09-22 12:25:02 -04:00
kfd_events.c drm, iommu: Change type of pasid to u32 2020-09-17 19:21:16 +02:00
kfd_events.h drm, iommu: Change type of pasid to u32 2020-09-17 19:21:16 +02:00
kfd_flat_memory.c drm/amdkfd: Support dimgrey_cavefish KFD (v2) 2020-10-12 14:01:21 -04:00
kfd_int_process_v9.c drm/amdkfd: Provide SMI events watch 2020-07-15 13:27:34 -04:00
kfd_interrupt.c drm/amdkfd: fix a potential NULL pointer dereference (v2) 2019-10-03 09:11:00 -05:00
kfd_iommu.c drm next for 5.10-rc1 2020-10-15 10:46:16 -07:00
kfd_iommu.h
kfd_kernel_queue.c drm/amdkfd: Enable over-subscription with >1 GWS queue 2020-04-28 16:20:30 -04:00
kfd_kernel_queue.h drm/amdkfd: Eliminate unnecessary kernel queue function pointers 2019-12-05 16:24:36 -05:00
kfd_module.c drm/amdgpu: Fix handling of KFD initialization failures 2020-09-22 12:24:11 -04:00
kfd_mqd_manager.c drm/amdkfd: Extend CU mask to 8 SEs (v3) 2019-08-02 10:19:11 -05:00
kfd_mqd_manager.h drm/amdkfd: Extend CU mask to 8 SEs (v3) 2019-08-02 10:19:11 -05:00
kfd_mqd_manager_cik.c drm/amdkfd: DIQ should not use HIQ way to allocate memory 2019-11-22 14:27:11 -05:00
kfd_mqd_manager_v9.c drm/amdkfd: Update hardware scheduling time quanta 2020-07-02 12:02:55 -04:00
kfd_mqd_manager_v10.c drm/amdkfd: Update hardware scheduling time quanta 2020-07-02 12:02:55 -04:00
kfd_mqd_manager_vi.c drm/amdkfd: Update hardware scheduling time quanta 2020-07-02 12:02:55 -04:00
kfd_packet_manager.c drm/amdkfd: Support dimgrey_cavefish KFD (v2) 2020-10-12 14:01:21 -04:00
kfd_packet_manager_v9.c drm/amdkfd: Update hardware scheduling time quanta 2020-07-02 12:02:55 -04:00
kfd_packet_manager_vi.c drm/amdkfd: Update hardware scheduling time quanta 2020-07-02 12:02:55 -04:00
kfd_pasid.c drm, iommu: Change type of pasid to u32 2020-09-17 19:21:16 +02:00
kfd_pm4_headers.h
kfd_pm4_headers_ai.h drm/amdkfd: Support bigger gds size 2019-07-18 14:18:03 -05:00
kfd_pm4_headers_diq.h
kfd_pm4_headers_vi.h
kfd_pm4_opcodes.h
kfd_priv.h Merge tag 'amd-drm-next-5.11-2020-11-05' of git://people.freedesktop.org/~agd5f/linux into drm-next 2020-11-10 17:48:47 +10:00
kfd_process.c drm next for 5.10-rc1 2020-10-15 10:46:16 -07:00
kfd_process_queue_manager.c drm/amdkfd: New IOCTL to allocate queue GWS (v2) 2020-04-28 16:20:30 -04:00
kfd_queue.c
kfd_smi_events.c drm/amdkfd: Add GPU reset SMI event 2020-08-31 14:40:03 -04:00
kfd_smi_events.h drm/amdkfd: Add GPU reset SMI event 2020-08-31 14:40:03 -04:00
kfd_topology.c drm/amdkfd: Fix getting unique_id in topology 2020-10-30 00:59:42 -04:00
kfd_topology.h drm/amdkfd: Report domain with topology 2020-05-01 09:59:51 -04:00
soc15_int.h