lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date:   Wed, 20 May 2020 09:53:06 -0400
From:   Aurabindo Pillai <aurabindo.pillai@....com>
To:     <Felix.Kuehling@....com>, <alexander.deucher@....com>,
        <christian.koenig@....com>
CC:     <airlied@...ux.ie>, <daniel@...ll.ch>,
        <amd-gfx@...ts.freedesktop.org>, <dri-devel@...ts.freedesktop.org>,
        <linux-kernel@...r.kernel.org>, Amber Lin <Amber.Lin@....com>
Subject: [PATCH] drm/amd/amdkfd: Fix large framesize for kfd_smi_ev_read()

The buffer allocated is of 1024 bytes. Allocate this from
heap instead of stack.

Also remove check for stack size since we're allocating from heap

Signed-off-by: Aurabindo Pillai <aurabindo.pillai@....com>
Tested-by: Amber Lin <Amber.Lin@....com>
---
 drivers/gpu/drm/amd/amdkfd/kfd_smi_events.c | 26 +++++++++++++++------
 1 file changed, 19 insertions(+), 7 deletions(-)

diff --git a/drivers/gpu/drm/amd/amdkfd/kfd_smi_events.c b/drivers/gpu/drm/amd/amdkfd/kfd_smi_events.c
index f5fd18eacf0d..5aebe169f8c6 100644
--- a/drivers/gpu/drm/amd/amdkfd/kfd_smi_events.c
+++ b/drivers/gpu/drm/amd/amdkfd/kfd_smi_events.c
@@ -77,9 +77,11 @@ static ssize_t kfd_smi_ev_read(struct file *filep, char __user *user,
 	int ret;
 	size_t to_copy;
 	struct kfd_smi_client *client = filep->private_data;
-	unsigned char buf[MAX_KFIFO_SIZE];
+	unsigned char *buf;
 
-	BUILD_BUG_ON(MAX_KFIFO_SIZE > 1024);
+	buf = kzalloc(MAX_KFIFO_SIZE * sizeof(*buf), GFP_KERNEL);
+	if (!buf)
+		return -ENOMEM;
 
 	/* kfifo_to_user can sleep so we can't use spinlock protection around
 	 * it. Instead, we kfifo out as spinlocked then copy them to the user.
@@ -88,19 +90,29 @@ static ssize_t kfd_smi_ev_read(struct file *filep, char __user *user,
 	to_copy = kfifo_len(&client->fifo);
 	if (!to_copy) {
 		spin_unlock(&client->lock);
-		return -EAGAIN;
+		ret = -EAGAIN;
+		goto ret_err;
 	}
 	to_copy = min3(size, sizeof(buf), to_copy);
 	ret = kfifo_out(&client->fifo, buf, to_copy);
 	spin_unlock(&client->lock);
-	if (ret <= 0)
-		return -EAGAIN;
+	if (ret <= 0) {
+		ret = -EAGAIN;
+		goto ret_err;
+	}
 
 	ret = copy_to_user(user, buf, to_copy);
-	if (ret)
-		return -EFAULT;
+	if (ret) {
+		ret = -EFAULT;
+		goto ret_err;
+	}
 
+	kfree(buf);
 	return to_copy;
+
+ret_err:
+	kfree(buf);
+	return ret;
 }
 
 static ssize_t kfd_smi_ev_write(struct file *filep, const char __user *user,
-- 
2.25.1

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ