drm/amdgpu: Fix for drm buddy memory corruption

User reported gpu page fault when running graphics applications
and in some cases garbaged graphics are observed as soon as X
starts. This patch fixes all the issues.

Fixed the typecast issue for fpfn and lpfn variables, thus
preventing the overflow problem which resolves the memory
corruption.

Signed-off-by: Arunpravin Paneer Selvam <Arunpravin.PaneerSelvam@amd.com>
Reported-by: Mike Lothian <mike@fireburn.co.uk>
Tested-by: Mike Lothian <mike@fireburn.co.uk>
Link: https://patchwork.freedesktop.org/patch/msgid/20220714101214.7620-1-Arunpravin.PaneerSelvam@amd.com
Reviewed-by: Christian König <christian.koenig@amd.com>
Signed-off-by: Christian König <christian.koenig@amd.com>

diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_vram_mgr.c b/drivers/gpu/drm/amd/amdgpu/amdgpu_vram_mgr.c
index 7a5e8a7b4a1b4b2c5e25c9106358684c845db0a2..28ec5f8ac1c115ba4a907ad17c1a2077aacbd3aa 100644 (file)
--- a/drivers/gpu/drm/amd/amdgpu/amdgpu_vram_mgr.c
+++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_vram_mgr.c
@@ -395,11 +395,11 @@ static int amdgpu_vram_mgr_new(struct ttm_resource_manager *man,
        unsigned long pages_per_block;
        int r;
 
-       lpfn = place->lpfn << PAGE_SHIFT;
+       lpfn = (u64)place->lpfn << PAGE_SHIFT;
        if (!lpfn)
                lpfn = man->size;
 
-       fpfn = place->fpfn << PAGE_SHIFT;
+       fpfn = (u64)place->fpfn << PAGE_SHIFT;
 
        max_bytes = adev->gmc.mc_vram_size;
        if (tbo->type != ttm_bo_type_kernel)
@@ -439,12 +439,12 @@ static int amdgpu_vram_mgr_new(struct ttm_resource_manager *man,
                /* Allocate blocks in desired range */
                vres->flags |= DRM_BUDDY_RANGE_ALLOCATION;
 
-       remaining_size = vres->base.num_pages << PAGE_SHIFT;
+       remaining_size = (u64)vres->base.num_pages << PAGE_SHIFT;
 
        mutex_lock(&mgr->lock);
        while (remaining_size) {
                if (tbo->page_alignment)
-                       min_block_size = tbo->page_alignment << PAGE_SHIFT;
+                       min_block_size = (u64)tbo->page_alignment << PAGE_SHIFT;
                else
                        min_block_size = mgr->default_page_size;
 
@@ -453,12 +453,12 @@ static int amdgpu_vram_mgr_new(struct ttm_resource_manager *man,
                /* Limit maximum size to 2GiB due to SG table limitations */
                size = min(remaining_size, 2ULL << 30);
 
-               if (size >= pages_per_block << PAGE_SHIFT)
-                       min_block_size = pages_per_block << PAGE_SHIFT;
+               if (size >= (u64)pages_per_block << PAGE_SHIFT)
+                       min_block_size = (u64)pages_per_block << PAGE_SHIFT;
 
                cur_size = size;
 
-               if (fpfn + size != place->lpfn << PAGE_SHIFT) {
+               if (fpfn + size != (u64)place->lpfn << PAGE_SHIFT) {
                        /*
                         * Except for actual range allocation, modify the size and
                         * min_block_size conforming to continuous flag enablement
@@ -498,7 +498,7 @@ static int amdgpu_vram_mgr_new(struct ttm_resource_manager *man,
                LIST_HEAD(temp);
 
                trim_list = &vres->blocks;
-               original_size = vres->base.num_pages << PAGE_SHIFT;
+               original_size = (u64)vres->base.num_pages << PAGE_SHIFT;
 
                /*
                 * If size value is rounded up to min_block_size, trim the last

diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_vram_mgr.h b/drivers/gpu/drm/amd/amdgpu/amdgpu_vram_mgr.h
index 4b267bf1c5db44f368bc1e31159dd12e74f17171..0e04e42cf8097d5e3ad347e584dd92192d276d61 100644 (file)
--- a/drivers/gpu/drm/amd/amdgpu/amdgpu_vram_mgr.h
+++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_vram_mgr.h
@@ -50,7 +50,7 @@ static inline u64 amdgpu_vram_mgr_block_start(struct drm_buddy_block *block)
 
 static inline u64 amdgpu_vram_mgr_block_size(struct drm_buddy_block *block)
 {
-       return PAGE_SIZE << drm_buddy_block_order(block);
+       return (u64)PAGE_SIZE << drm_buddy_block_order(block);
 }
 
 static inline struct amdgpu_vram_mgr_resource *