Commit 0303e1b7 authored by Chen Li's avatar Chen Li Committed by Alex Deucher

radeon: use kvcalloc for relocs and chunks

kvmalloc_array + __GFP_ZERO is the same with kvcalloc.

As for p->chunks, it will be used in:
```
if (ib_chunk->kdata)
		memcpy(parser->ib.ptr, ib_chunk->kdata, ib_chunk->length_dw * 4);
```

If chunks doesn't zero out with __GFP_ZERO, it may point to somewhere else, e.g.,
```
Unable to handle kernel paging request at virtual address 0000000000010000
...
pc is at memcpy+0x84/0x250
ra is at radeon_cs_ioctl+0x368/0xb90 [radeon]
```

after allocating chunks with __GFP_KERNEL/kvcalloc, this bug is fixed.
Fixes: 3fcb4f01 ("drm/radeon: Use kvmalloc for CS chunks")
Reviewed-by: default avatarChristian König <christian.koenig@amd.com>
Signed-off-by: default avatarChen Li <chenli@uniontech.com>
Signed-off-by: default avatarAlex Deucher <alexander.deucher@amd.com>
parent 2d28b70e
...@@ -93,8 +93,8 @@ static int radeon_cs_parser_relocs(struct radeon_cs_parser *p) ...@@ -93,8 +93,8 @@ static int radeon_cs_parser_relocs(struct radeon_cs_parser *p)
p->dma_reloc_idx = 0; p->dma_reloc_idx = 0;
/* FIXME: we assume that each relocs use 4 dwords */ /* FIXME: we assume that each relocs use 4 dwords */
p->nrelocs = chunk->length_dw / 4; p->nrelocs = chunk->length_dw / 4;
p->relocs = kvmalloc_array(p->nrelocs, sizeof(struct radeon_bo_list), p->relocs = kvcalloc(p->nrelocs, sizeof(struct radeon_bo_list),
GFP_KERNEL | __GFP_ZERO); GFP_KERNEL);
if (p->relocs == NULL) { if (p->relocs == NULL) {
return -ENOMEM; return -ENOMEM;
} }
...@@ -299,7 +299,7 @@ int radeon_cs_parser_init(struct radeon_cs_parser *p, void *data) ...@@ -299,7 +299,7 @@ int radeon_cs_parser_init(struct radeon_cs_parser *p, void *data)
} }
p->cs_flags = 0; p->cs_flags = 0;
p->nchunks = cs->num_chunks; p->nchunks = cs->num_chunks;
p->chunks = kvmalloc_array(p->nchunks, sizeof(struct radeon_cs_chunk), GFP_KERNEL); p->chunks = kvcalloc(p->nchunks, sizeof(struct radeon_cs_chunk), GFP_KERNEL);
if (p->chunks == NULL) { if (p->chunks == NULL) {
return -ENOMEM; return -ENOMEM;
} }
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment