From edb0ed5a1f4983e6d6488a436c1b94977b4d7ece Mon Sep 17 00:00:00 2001 From: Alex Deucher Date: Fri, 18 Aug 2017 11:43:15 -0400 Subject: [PATCH] drm/amdgpu/vce: store index offset separately from addr To avoid a possible overflow when adding the physical gpu address later in case the index offset is very big. bug: https://bugs.freedesktop.org/show_bug.cgi?id=102296 Signed-off-by: Alex Deucher --- drivers/gpu/drm/amd/amdgpu/amdgpu_vce.c | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_vce.c b/drivers/gpu/drm/amd/amdgpu/amdgpu_vce.c index c855366..8b48e29 100644 --- a/drivers/gpu/drm/amd/amdgpu/amdgpu_vce.c +++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_vce.c @@ -558,14 +558,14 @@ static int amdgpu_vce_cs_reloc(struct amdgpu_cs_parser *p, uint32_t ib_idx, { struct amdgpu_bo_va_mapping *mapping; struct amdgpu_bo *bo; - uint64_t addr; + uint64_t addr, index_offset; if (index == 0xffffffff) index = 0; addr = ((uint64_t)amdgpu_get_ib_value(p, ib_idx, lo)) | ((uint64_t)amdgpu_get_ib_value(p, ib_idx, hi)) << 32; - addr += ((uint64_t)size) * ((uint64_t)index); + index_offset = ((uint64_t)size) * ((uint64_t)index); mapping = amdgpu_cs_find_mapping(p, addr, &bo); if (mapping == NULL) { @@ -574,7 +574,7 @@ static int amdgpu_vce_cs_reloc(struct amdgpu_cs_parser *p, uint32_t ib_idx, return -EINVAL; } - if ((addr + (uint64_t)size) > + if ((addr + index_offset + (uint64_t)size) > (mapping->last + 1) * AMDGPU_GPU_PAGE_SIZE) { DRM_ERROR("BO to small for addr 0x%010Lx %d %d\n", addr, lo, hi); @@ -583,7 +583,6 @@ static int amdgpu_vce_cs_reloc(struct amdgpu_cs_parser *p, uint32_t ib_idx, addr -= mapping->start * AMDGPU_GPU_PAGE_SIZE; addr += amdgpu_bo_gpu_offset(bo); - addr -= ((uint64_t)size) * ((uint64_t)index); amdgpu_set_ib_value(p, ib_idx, lo, lower_32_bits(addr)); amdgpu_set_ib_value(p, ib_idx, hi, upper_32_bits(addr)); -- 2.5.5