The > should be >= so that we don't read one page beyond the end of the obj->pages[] array.
Fixes: 559e50fd34d1 ("drm/vkms: Add dumb operations") Signed-off-by: Dan Carpenter dan.carpenter@oracle.com
diff --git a/drivers/gpu/drm/vkms/vkms_gem.c b/drivers/gpu/drm/vkms/vkms_gem.c index c7e38368602b..2cca8c2f260f 100644 --- a/drivers/gpu/drm/vkms/vkms_gem.c +++ b/drivers/gpu/drm/vkms/vkms_gem.c @@ -55,7 +55,7 @@ int vkms_gem_fault(struct vm_fault *vmf) page_offset = (vaddr - vma->vm_start) >> PAGE_SHIFT; num_pages = DIV_ROUND_UP(obj->gem.size, PAGE_SIZE);
- if (page_offset > num_pages) + if (page_offset >= num_pages) return VM_FAULT_SIGBUS;
ret = -ENOENT;
Hi Dan,
Thanks for your patch. I checked and tested it, everything is fine.
On 07/14, Dan Carpenter wrote:
The > should be >= so that we don't read one page beyond the end of the obj->pages[] array.
Fixes: 559e50fd34d1 ("drm/vkms: Add dumb operations") Signed-off-by: Dan Carpenter dan.carpenter@oracle.com
diff --git a/drivers/gpu/drm/vkms/vkms_gem.c b/drivers/gpu/drm/vkms/vkms_gem.c index c7e38368602b..2cca8c2f260f 100644 --- a/drivers/gpu/drm/vkms/vkms_gem.c +++ b/drivers/gpu/drm/vkms/vkms_gem.c @@ -55,7 +55,7 @@ int vkms_gem_fault(struct vm_fault *vmf) page_offset = (vaddr - vma->vm_start) >> PAGE_SHIFT; num_pages = DIV_ROUND_UP(obj->gem.size, PAGE_SIZE);
- if (page_offset > num_pages)
if (page_offset >= num_pages) return VM_FAULT_SIGBUS;
ret = -ENOENT;
Reviewed-by: Rodrigo Siqueira rodrigosiqueiramelo@gmail.com
dri-devel@lists.freedesktop.org
-
Dan Carpenter -
Rodrigo Siqueira