diff options
| author | Nitin Kumbhar <nkumbhar@nvidia.com> | 2019-09-25 04:57:57 -0400 |
|---|---|---|
| committer | mobile promotions <svcmobile_promotions@nvidia.com> | 2021-03-12 10:54:52 -0500 |
| commit | 7882f15ff63199a517852760f5686ecd0b886123 (patch) | |
| tree | 1f81641abadb7935f4bc3e382b0eb37737bacaec | |
| parent | cc717e314576b7c707dd48597a9b8bebf698c677 (diff) | |
gpu: nvgpu: fix possible buffer overflow issue
As sprintf() is used to populate pool_name[20], it can overflow
for larger u32 values (u32 max decimal number chars are 10) i.e.
20 < strlen("semaphore_pool-") i.e. 15 + 10.
Fix this overflow by removing pool_name as it's not used.
Bug 2626446
Bug 3273414
Change-Id: I4e0a222a2cd34dcd09e69294bc46e2242abb04bb
Signed-off-by: Nitin Kumbhar <nkumbhar@nvidia.com>
Reviewed-on: https://git-master.nvidia.com/r/2205356
(cherry picked from commit baa86cf134ee6753beabfa974a10faffc5775ee8)
Signed-off-by: ByungKuk Seo <bseo@nvidia.com>
Reviewed-on: https://git-master.nvidia.com/r/c/linux-nvgpu/+/2496976
Tested-by: mobile promotions <svcmobile_promotions@nvidia.com>
Reviewed-by: svc-mobile-coverity <svc-mobile-coverity@nvidia.com>
Reviewed-by: Harsh Sinha <hsinha@nvidia.com>
Reviewed-by: mobile promotions <svcmobile_promotions@nvidia.com>
GVS: Gerrit_Virtual_Submit
| -rw-r--r-- | drivers/gpu/nvgpu/common/sync/channel_sync.c | 4 |
1 files changed, 1 insertions, 3 deletions
diff --git a/drivers/gpu/nvgpu/common/sync/channel_sync.c b/drivers/gpu/nvgpu/common/sync/channel_sync.c index a88092e1..3829d257 100644 --- a/drivers/gpu/nvgpu/common/sync/channel_sync.c +++ b/drivers/gpu/nvgpu/common/sync/channel_sync.c | |||
| @@ -1,7 +1,7 @@ | |||
| 1 | /* | 1 | /* |
| 2 | * GK20A Channel Synchronization Abstraction | 2 | * GK20A Channel Synchronization Abstraction |
| 3 | * | 3 | * |
| 4 | * Copyright (c) 2014-2018, NVIDIA CORPORATION. All rights reserved. | 4 | * Copyright (c) 2014-2021, NVIDIA CORPORATION. All rights reserved. |
| 5 | * | 5 | * |
| 6 | * Permission is hereby granted, free of charge, to any person obtaining a | 6 | * Permission is hereby granted, free of charge, to any person obtaining a |
| 7 | * copy of this software and associated documentation files (the "Software"), | 7 | * copy of this software and associated documentation files (the "Software"), |
| @@ -596,7 +596,6 @@ channel_sync_semaphore_create(struct channel_gk20a *c, bool user_managed) | |||
| 596 | { | 596 | { |
| 597 | struct nvgpu_channel_sync_semaphore *sema; | 597 | struct nvgpu_channel_sync_semaphore *sema; |
| 598 | struct gk20a *g = c->g; | 598 | struct gk20a *g = c->g; |
| 599 | char pool_name[20]; | ||
| 600 | int asid = -1; | 599 | int asid = -1; |
| 601 | int err; | 600 | int err; |
| 602 | 601 | ||
| @@ -610,7 +609,6 @@ channel_sync_semaphore_create(struct channel_gk20a *c, bool user_managed) | |||
| 610 | } | 609 | } |
| 611 | sema->c = c; | 610 | sema->c = c; |
| 612 | 611 | ||
| 613 | sprintf(pool_name, "semaphore_pool-%d", c->chid); | ||
| 614 | sema->pool = c->vm->sema_pool; | 612 | sema->pool = c->vm->sema_pool; |
| 615 | 613 | ||
| 616 | if (c->vm->as_share != NULL) { | 614 | if (c->vm->as_share != NULL) { |