| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <875yai4hny.fsf@intel.com>
Date: Thu, 30 Mar 2023 14:12:17 +0300
From: Jani Nikula <jani.nikula@...ux.intel.com>
To: Christian König <christian.koenig@....com>,
David Gow <davidgow@...gle.com>,
Luís Mendes <luis.p.mendes@...il.com>,
Maarten Lankhorst <maarten.lankhorst@...ux.intel.com>,
Maxime Ripard <mripard@...nel.org>,
Thomas Zimmermann <tzimmermann@...e.de>,
David Airlie <airlied@...il.com>,
Daniel Vetter <daniel@...ll.ch>,
Maíra Canal
<mairacanal@...eup.net>, Arthur Grillo <arthurgrillo@...eup.net>
Cc: dri-devel@...ts.freedesktop.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH 1/2] drm: buddy_allocator: Fix buddy allocator init on
32-bit systems
On Thu, 30 Mar 2023, Christian König <christian.koenig@....com> wrote:
> Am 30.03.23 um 12:53 schrieb Jani Nikula:
>> On Wed, 29 Mar 2023, David Gow <davidgow@...gle.com> wrote:
>>> The drm buddy allocator tests were broken on 32-bit systems, as
>>> rounddown_pow_of_two() takes a long, and the buddy allocator handles
>>> 64-bit sizes even on 32-bit systems.
>>>
>>> This can be reproduced with the drm_buddy_allocator KUnit tests on i386:
>>> ./tools/testing/kunit/kunit.py run --arch i386 \
>>> --kunitconfig ./drivers/gpu/drm/tests drm_buddy
>>>
>>> (It results in kernel BUG_ON() when too many blocks are created, due to
>>> the block size being too small.)
>>>
>>> This was independently uncovered (and fixed) by Luís Mendes, whose patch
>>> added a new u64 variant of rounddown_pow_of_two(). This version instead
>>> recalculates the size based on the order.
>>>
>>> Reported-by: Luís Mendes <luis.p.mendes@...il.com>
>>> Link: https://lore.kernel.org/lkml/CAEzXK1oghXAB_KpKpm=-CviDQbNaH0qfgYTSSjZgvvyj4U78AA@mail.gmail.com/T/
>>> Signed-off-by: David Gow <davidgow@...gle.com>
>>> ---
>>> drivers/gpu/drm/drm_buddy.c | 4 ++--
>>> 1 file changed, 2 insertions(+), 2 deletions(-)
>>>
>>> diff --git a/drivers/gpu/drm/drm_buddy.c b/drivers/gpu/drm/drm_buddy.c
>>> index 3d1f50f481cf..7098f125b54a 100644
>>> --- a/drivers/gpu/drm/drm_buddy.c
>>> +++ b/drivers/gpu/drm/drm_buddy.c
>>> @@ -146,8 +146,8 @@ int drm_buddy_init(struct drm_buddy *mm, u64 size, u64 chunk_size)
>>> unsigned int order;
>>> u64 root_size;
>>>
>>> - root_size = rounddown_pow_of_two(size);
>>> - order = ilog2(root_size) - ilog2(chunk_size);
>>> + order = ilog2(size) - ilog2(chunk_size);
>>> + root_size = chunk_size << order;
>> Just noticed near the beginning of the function there's also:
>>
>> if (!is_power_of_2(chunk_size))
>> return -EINVAL;
>>
>> which is also wrong for 32-bit.
>
> Yeah, but that isn't vital. We just use u64 for the chunk_size for
> consistency.
>
> In reality I wouldn't except more than 256K here.
Right. It's just not pedantically correct either. ;)
is_power_of_2() is pretty scary as it is, since it just truncates.
BR,
Jani.
>
> Regards,
> Christian.
>
>>
>>
>> BR,
>> Jani.
>>
>>
>>>
>>> root = drm_block_alloc(mm, NULL, order, offset);
>>> if (!root)
>
--
Jani Nikula, Intel Open Source Graphics Center
Powered by blists - more mailing lists