gpu: nvgpu: fix nvgpu_css_allocate_perfmon_ids

This patch fixes nvgpu_css_allocate_perfmon_ids which leads to a buffer overflow if the allocation of perfmon ids does not succeed. If the allocation of perfmon ids cannot be satisfied, bitmap_find... would return CSS_MAX_PERFMON_IDS and nvgpu_bitmap_set would still be called with start after the bitmap array. This results into a buffer overflow. Bug 3814963 Change-Id: I4caff36cf0c920b4445e1841d16ba2b4c3d19aaa Signed-off-by: Martin Radev <mradev@nvidia.com> Reviewed-on: https://git-master.nvidia.com/r/c/linux-nvgpu/+/2786747 Reviewed-by: svcacv <svcacv@nvidia.com> Reviewed-by: svc-mobile-coverity <svc-mobile-coverity@nvidia.com> Reviewed-by: svc-mobile-cert <svc-mobile-cert@nvidia.com> Reviewed-by: Prateek Sethi <prsethi@nvidia.com> Reviewed-by: Vijayakumar Subbu <vsubbu@nvidia.com> GVS: Gerrit_Virtual_Submit <buildbot_gerritrpt@nvidia.com>
2025-12-24 10:34:43 +03:00 · 2022-10-04 15:15:12 +03:00
parent b8d8d621b9
commit 6249220e09
1 changed files with 1 additions and 1 deletions
--- a/drivers/gpu/nvgpu/common/perf/cyclestats_snapshot.c
+++ b/drivers/gpu/nvgpu/common/perf/cyclestats_snapshot.c
@@ -369,7 +369,7 @@ u32 nvgpu_css_allocate_perfmon_ids(struct gk20a_cs_snapshot *data,

 	f = U32(bitmap_find_next_zero_area(pids, CSS_MAX_PERFMON_IDS,
 				       CSS_FIRST_PERFMON_ID, count, 0));
-	if (f > CSS_MAX_PERFMON_IDS) {
+	if (f >= CSS_MAX_PERFMON_IDS) {
 		f = 0;
 	} else {
 		nvgpu_bitmap_set(pids, f, count);