From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from bali.collaboradmins.com (bali.collaboradmins.com [148.251.105.195]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 07AD91A682A for ; Tue, 30 Jun 2026 08:23:43 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=148.251.105.195 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1782807825; cv=none; b=Y1t5Rv2PQWKADsgMWaGMRQXOlVHCMWIbts2zsuSH/5PLi9galep41Ttp9igYm9U4QnXbf07LfgriegOgMyXfxQEPMUzv62mCyW3FPoU5Rc0LcpqCF55fos40nn4P2IRqSEPaFOf8u2CRTiaI8DPVfBqgH9p2KJ/gHJCxAAMbzRo= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1782807825; c=relaxed/simple; bh=6kzvf6R0zi/yY9WLtMFY9sy8udzLegHFgax/yGVCals=; h=Date:From:To:Cc:Subject:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=Shfbd8+l9VWeAktfaUJtCePOK+ipgwSLyIJOSs9YgUAeh7MJpMTC9eNM6kKGiBT0gjFuYycvIxfOwEjejQwhTc+qDNenYymyjpC/wZTsos/dGnhsSLXAOH0Hm8K/5+eIvLQtAt2SEmO6MPBgPg5DyRIiWRWddjsi+OU19f4Ioow= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=collabora.com; spf=pass smtp.mailfrom=collabora.com; dkim=pass (2048-bit key) header.d=collabora.com header.i=@collabora.com header.b=GMB3XlrL; arc=none smtp.client-ip=148.251.105.195 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=collabora.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=collabora.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=collabora.com header.i=@collabora.com header.b="GMB3XlrL" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=collabora.com; s=mail; t=1782807822; bh=6kzvf6R0zi/yY9WLtMFY9sy8udzLegHFgax/yGVCals=; h=Date:From:To:Cc:Subject:In-Reply-To:References:From; b=GMB3XlrLMsPau4EYXK1+pvjA5yb3tgFx7hM0MFvpVBs9cFwkl5Y5uXoLpzEkGZAXn jsDfY6sd/7+a1CMjJrY57sshsiwb7RodcRw4tVw3aGAbzDTp07LYZ1OdFxIUWLTjor TNTIDPFIHP6XXwp4TxgJmXMRgbQD3jlDUOsf/NNTg+efRibhgxwVSfapjEcxXHhe+Q RVNHc7sPHCJD3OScPzUDt04ZIrNO9vqMg0hwXTskbxEZKeRAEOZ4DGh+mFJK7hD4f1 LyxwGaB2jfI6mrxXFA4hBznRzdQmbiao2zaSzbKpyIaz9/B0VRD2oqnHIn9q25mgdv 9J10qzr8TO0Sg== Received: from fedora-2.home (unknown [100.64.0.11]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (prime256v1) server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) (Authenticated sender: bbrezillon) by bali.collaboradmins.com (Postfix) with ESMTPSA id 8894C17E0C88; Tue, 30 Jun 2026 10:23:41 +0200 (CEST) Date: Tue, 30 Jun 2026 10:23:36 +0200 From: Boris Brezillon To: =?UTF-8?B?QWRyacOhbg==?= Larumbe Cc: Steven Price , Liviu Dudau , Maarten Lankhorst , Maxime Ripard , Thomas Zimmermann , David Airlie , Simona Vetter , Heiko Stuebner , Grant Likely , dri-devel@lists.freedesktop.org, linux-kernel@vger.kernel.org, Sashiko Subject: Re: [PATCH v3 4/4] drm/panthor: Check for sparse binding range overflow Message-ID: <20260630102336.0097aef3@fedora-2.home> In-Reply-To: <20260629-vm_bind_checks-v3-4-85e6740f6c2e@collabora.com> References: <20260629-vm_bind_checks-v3-0-85e6740f6c2e@collabora.com> <20260629-vm_bind_checks-v3-4-85e6740f6c2e@collabora.com> Organization: Collabora X-Mailer: Claws Mail 4.4.0 (GTK 3.24.52; x86_64-redhat-linux-gnu) Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable On Mon, 29 Jun 2026 21:17:08 +0100 Adri=C3=A1n Larumbe wrote: > This check is being already carried out further down the call stack inside > drm_gpuvm_sm_map -> drm_gpuvm_range_valid, but it's best to fail early in > the driver before GPUVM functions are invoked so that we won't waste time > allocating vm_bind context resources. >=20 > Reported-by: Sashiko > Closes: https://sashiko.dev/#/message/20260623204220.CDB1B1F000E9%40smtp.= kernel.org > Fixes: 12cf826bf1dd ("drm/panthor: Support sparse mappings") > Signed-off-by: Adri=C3=A1n Larumbe > --- > drivers/gpu/drm/panthor/panthor_mmu.c | 11 +++++++++++ > 1 file changed, 11 insertions(+) >=20 > diff --git a/drivers/gpu/drm/panthor/panthor_mmu.c b/drivers/gpu/drm/pant= hor/panthor_mmu.c > index 77fdad4e5166..8bd9b975e5ce 100644 > --- a/drivers/gpu/drm/panthor/panthor_mmu.c > +++ b/drivers/gpu/drm/panthor/panthor_mmu.c > @@ -1328,6 +1328,7 @@ static int panthor_vm_prepare_map_op_ctx(struct pan= thor_vm_op_ctx *op_ctx, > struct drm_gpuvm_bo *preallocated_vm_bo; > struct sg_table *sgt =3D NULL; > int ret; > + u64 end; > =20 > if (!bo) > return -EINVAL; > @@ -1353,6 +1354,10 @@ static int panthor_vm_prepare_map_op_ctx(struct pa= nthor_vm_op_ctx *op_ctx, > if (is_sparse && (op->bo_handle || op->bo_offset)) > return -EINVAL; > =20 > + /* Protect against sparse VA range overflow */ > + if (is_sparse && check_add_overflow(op->va, op->size, &end)) > + return -EINVAL; Why should we limit this to sparse? Feels like the overflow check is good to have for non-sparse as well. > + > /* If the BO has an exclusive VM attached, it can't be mapped to other = VMs. */ > if (bo->exclusive_vm_root_gem && > bo->exclusive_vm_root_gem !=3D panthor_vm_root_gem(vm)) > @@ -1418,7 +1423,9 @@ static int panthor_vm_prepare_unmap_op_ctx(struct p= anthor_vm_op_ctx *op_ctx, > struct panthor_vm *vm, > const struct drm_panthor_vm_bind_op *op) > { > + bool is_sparse =3D op->flags & DRM_PANTHOR_VM_BIND_OP_MAP_SPARSE; > u32 pt_count =3D 0; > + u64 end; > int ret; > =20 > memset(op_ctx, 0, sizeof(*op_ctx)); > @@ -1432,6 +1439,10 @@ static int panthor_vm_prepare_unmap_op_ctx(struct = panthor_vm_op_ctx *op_ctx, > if (op->va !=3D ALIGN(op->va, SZ_2M)) > pt_count++; > =20 > + /* Protect against sparse VA range overflow */ > + if (is_sparse && check_add_overflow(op->va, op->size, &end)) > + return -EINVAL; > + > if (op->va + op->size !=3D ALIGN(op->va + op->size, SZ_2M) && > ALIGN(op->va + op->size, SZ_2M) !=3D ALIGN(op->va, SZ_2M)) > pt_count++; >=20