diff options
| author | Mika Kuoppala <mika.kuoppala@linux.intel.com> | 2026-03-05 00:17:28 +0300 |
|---|---|---|
| committer | Matthew Brost <matthew.brost@intel.com> | 2026-03-12 17:10:58 +0300 |
| commit | 635e3eba1ebcd5b92856e975e1d3859b487dc88b (patch) | |
| tree | 355e92ec62c1839167c45a4bab3438c88500bec4 | |
| parent | 2b484419700a0f563c695312374eb8cd5264b82c (diff) | |
| download | linux-635e3eba1ebcd5b92856e975e1d3859b487dc88b.tar.xz | |
drm/xe: Fix overflow in guc_ct_snapshot_capture
snapshot->ctb is u32*, so pointer arithmetic on it scales
the byte offset from xe_bo_size() by 4, overshooting the
intended start of the g2h portion and writing past the
allocated buffer.
Fix this by using void * to get the arithmetic right and
prevent future mishaps.
v2: s/u8/void for memcpy and iosys_map consistency (Matt)
Fixes: af3de6cf06f9 ("drm/xe: Split H2G and G2H into separate buffer objects")
Cc: Matthew Brost <matthew.brost@intel.com>
Cc: Thomas Hellström <thomas.hellstrom@linux.intel.com>
Cc: Rodrigo Vivi <rodrigo.vivi@intel.com>
Cc: intel-xe@lists.freedesktop.org
Signed-off-by: Mika Kuoppala <mika.kuoppala@linux.intel.com>
Reviewed-by: Matthew Brost <matthew.brost@intel.com>
Signed-off-by: Matthew Brost <matthew.brost@intel.com>
Link: https://patch.msgid.link/20260304211728.249104-1-mika.kuoppala@linux.intel.com
| -rw-r--r-- | drivers/gpu/drm/xe/xe_guc_ct_types.h | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/drivers/gpu/drm/xe/xe_guc_ct_types.h b/drivers/gpu/drm/xe/xe_guc_ct_types.h index 46ad1402347d..5da1ce5dc372 100644 --- a/drivers/gpu/drm/xe/xe_guc_ct_types.h +++ b/drivers/gpu/drm/xe/xe_guc_ct_types.h @@ -74,7 +74,7 @@ struct xe_guc_ct_snapshot { /** @ctb_size: size of the snapshot of the CTB */ size_t ctb_size; /** @ctb: snapshot of the entire CTB */ - u32 *ctb; + void *ctb; }; /** |