drm/amdgpu: validate doorbell_offset in user queue creation - kernel

diff options

author	Junrui Luo <moonafterrain@outlook.com>	2026-03-24 17:39:02 +0800
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2026-04-11 14:29:45 +0200
commit	86b732fbc37ce4fb76cdd4af0fb7e30a6acdbce6 (patch)
tree	aea7ba6adf7153dfb8075b99ab0b63db3f28963b /drivers/gpu/drm/amd/amdgpu/amdgpu_vm.h
parent	1d6c25d224ef3412763e17bbea6eb187bd48c040 (diff)

drm/amdgpu: validate doorbell_offset in user queue creation

commit a018d1819f158991b7308e4f74609c6c029b670c upstream. amdgpu_userq_get_doorbell_index() passes the user-provided doorbell_offset to amdgpu_doorbell_index_on_bar() without bounds checking. An arbitrarily large doorbell_offset can cause the calculated doorbell index to fall outside the allocated doorbell BO, potentially corrupting kernel doorbell space. Validate that doorbell_offset falls within the doorbell BO before computing the BAR index, using u64 arithmetic to prevent overflow. Fixes: f09c1e6077ab ("drm/amdgpu: generate doorbell index for userqueue") Reported-by: Yuhao Jiang <danisjiang@gmail.com> Signed-off-by: Junrui Luo <moonafterrain@outlook.com> Signed-off-by: Alex Deucher <alexander.deucher@amd.com> (cherry picked from commit de1ef4ffd70e1d15f0bf584fd22b1f28cbd5e2ec) Cc: stable@vger.kernel.org Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

Diffstat (limited to 'drivers/gpu/drm/amd/amdgpu/amdgpu_vm.h')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: