diff options
author | Deepak Nibade <dnibade@nvidia.com> | 2017-01-03 01:59:53 -0500 |
---|---|---|
committer | mobile promotions <svcmobile_promotions@nvidia.com> | 2017-01-06 12:13:58 -0500 |
commit | 0b9a4411aaed0939f4886e7e2641b8a60bfb34bd (patch) | |
tree | e4fbd954d0f6513d8dab8911f6ac1cfa01bb21d1 /include/linux/tegra_vgpu_t18x.h | |
parent | 67fc4629892ab60d6335752b93d883ef690f1ea4 (diff) |
gpu: nvgpu: fix out-of-bound access on gr->map_tiles
Fix slab-out-of-bounds issue reported by KASAN
[ 28.464077] BUG: KASAN: slab-out-of-bounds in
gr_gk20a_init_map_tiles+0x624/0x708 at addr ffffffc1a098ee01
...
[ 28.503241] INFO: Allocated in gr_gk20a_init_map_tiles+0x2dc/0x708
age=11 cpu=5 pid=1
out-of-bound access from below 3 stacks :
[1]
[ 28.782886] [<ffffffc0007d5f64>] gr_gk20a_init_map_tiles+0x624/0x708
[ 28.789228] [<ffffffc0007eadf0>] gk20a_init_gr_support+0x2d0/0xeb0
[ 28.795397] [<ffffffc00079d9c8>]
gk20a_pm_finalize_poweron+0x738/0xd10
[2]
[ 29.268070] [<ffffffc0007d618c>] gr_gk20a_zcull_init_hw+0x144/0x730
[ 29.274329] [<ffffffc0007d6a00>] gk20a_init_gr_setup_hw+0x288/0x1530
[ 29.280677] [<ffffffc0007eac6c>] gk20a_init_gr_support+0x14c/0xeb0
[ 29.286938] [<ffffffc00079d9c8>]
gk20a_pm_finalize_poweron+0x738/0xd10
[3]
[ 50.076223] [<ffffffc000d1df14>]
gr_gk20a_setup_rop_mapping+0x5e4/0x2018
[ 50.082913] [<ffffffc000d2559c>] gr_gk20a_init_fs_state+0x80c/0x1028
[ 50.089259] [<ffffffc000ddcbc8>] gr_gm20b_init_fs_state+0xc8/0x960
[ 50.095430] [<ffffffc000e413f8>] gr_gp10b_init_fs_state+0x5c0/0x5d8
[ 50.101687] [<ffffffc000d2ed30>] gk20a_init_gr_setup_hw+0x1b48/0x2418
[ 50.108115] [<ffffffc000d50bc0>] gk20a_init_gr_support+0x19e0/0x1ab0
[ 50.114457] [<ffffffc000cc7af8>]
gk20a_pm_finalize_poweron+0xd20/0x1558
Fix this by adding below
- allocate gr->map_tiles[] with size of (num_gpc * num_tpc_per_gpc)
intead of num_gpc
- add new static API gr_gk20a_get_map_tile_count() which returns
tile count for given index, and returns 0 for out-of-bounds access
Bug 200257557
Change-Id: If572837ffb661f92a21be5ce855d0146b2609cb0
Signed-off-by: Deepak Nibade <dnibade@nvidia.com>
Reviewed-on: http://git-master/r/1279411
Reviewed-by: Konsta Holtta <kholtta@nvidia.com>
GVS: Gerrit_Virtual_Submit
Reviewed-by: Terje Bergstrom <tbergstrom@nvidia.com>
Diffstat (limited to 'include/linux/tegra_vgpu_t18x.h')
0 files changed, 0 insertions, 0 deletions