Commit a2f10d4a authored by Christian Gmeiner's avatar Christian Gmeiner Committed by Lucas Stach
Browse files

drm/etnaviv: fix dumping of iommuv2 



etnaviv_iommuv2_dump_size(..) returns the number of PTE * SZ_4K but
etnaviv_iommuv2_dump(..) increments buf pointer even if there is no PTE.
This results in a bad buf pointer which gets used for memcpy(..), when
copying the MMU state in the coredump buffer.

Fixes: afb7b3b1 ("drm/etnaviv: implement IOMMUv2 translation")
Cc: stable@vger.kernel.org
Signed-off-by: default avatarChristian Gmeiner <christian.gmeiner@gmail.com>
Signed-off-by: default avatarLucas Stach <l.stach@pengutronix.de>
parent 18fa692d

drivers/gpu/drm/etnaviv/etnaviv_iommu_v2.c

+4 −2
Original line number Original line Diff line number Diff line
@@ -155,9 +155,11 @@ static void etnaviv_iommuv2_dump(struct etnaviv_iommu_context *context, void *bu 




	memcpy(buf, v2_context->mtlb_cpu, SZ_4K);

	memcpy(buf, v2_context->mtlb_cpu, SZ_4K);

	buf += SZ_4K;

	buf += SZ_4K;

	for (i = 0; i < MMUv2_MAX_STLB_ENTRIES; i++, buf += SZ_4K)

	for (i = 0; i < MMUv2_MAX_STLB_ENTRIES; i++)

		if (v2_context->mtlb_cpu[i] & MMUv2_PTE_PRESENT)

		if (v2_context->mtlb_cpu[i] & MMUv2_PTE_PRESENT) {

			memcpy(buf, v2_context->stlb_cpu[i], SZ_4K);

			memcpy(buf, v2_context->stlb_cpu[i], SZ_4K);

			buf += SZ_4K;

		}

}

}





static void etnaviv_iommuv2_restore_nonsec(struct etnaviv_gpu *gpu,

static void etnaviv_iommuv2_restore_nonsec(struct etnaviv_gpu *gpu,

CRA Git | Maintained and supported by SUSTech CRA and CCSE