From 6249220e09aeb9521cbcd10a0865b4fd1cfd97b9 Mon Sep 17 00:00:00 2001
From: Martin Radev <mradev@nvidia.com>
Date: Tue, 4 Oct 2022 15:15:12 +0300
Subject: [PATCH] gpu: nvgpu: fix nvgpu_css_allocate_perfmon_ids

This patch fixes nvgpu_css_allocate_perfmon_ids which
leads to a buffer overflow if the allocation of perfmon
ids does not succeed.

If the allocation of perfmon ids cannot be satisfied,
bitmap_find... would return CSS_MAX_PERFMON_IDS and
nvgpu_bitmap_set would still be called with start after
the bitmap array. This results into a buffer overflow.

Bug 3814963

Change-Id: I4caff36cf0c920b4445e1841d16ba2b4c3d19aaa
Signed-off-by: Martin Radev <mradev@nvidia.com>
Reviewed-on: https://git-master.nvidia.com/r/c/linux-nvgpu/+/2786747
Reviewed-by: svcacv <svcacv@nvidia.com>
Reviewed-by: svc-mobile-coverity <svc-mobile-coverity@nvidia.com>
Reviewed-by: svc-mobile-cert <svc-mobile-cert@nvidia.com>
Reviewed-by: Prateek Sethi <prsethi@nvidia.com>
Reviewed-by: Vijayakumar Subbu <vsubbu@nvidia.com>
GVS: Gerrit_Virtual_Submit <buildbot_gerritrpt@nvidia.com>
---
 drivers/gpu/nvgpu/common/perf/cyclestats_snapshot.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/gpu/nvgpu/common/perf/cyclestats_snapshot.c b/drivers/gpu/nvgpu/common/perf/cyclestats_snapshot.c
index ecf7a94a9..8dddba67a 100644
--- a/drivers/gpu/nvgpu/common/perf/cyclestats_snapshot.c
+++ b/drivers/gpu/nvgpu/common/perf/cyclestats_snapshot.c
@@ -369,7 +369,7 @@ u32 nvgpu_css_allocate_perfmon_ids(struct gk20a_cs_snapshot *data,
 
 	f = U32(bitmap_find_next_zero_area(pids, CSS_MAX_PERFMON_IDS,
 				       CSS_FIRST_PERFMON_ID, count, 0));
-	if (f > CSS_MAX_PERFMON_IDS) {
+	if (f >= CSS_MAX_PERFMON_IDS) {
 		f = 0;
 	} else {
 		nvgpu_bitmap_set(pids, f, count);