From mboxrd@z Thu Jan  1 00:00:00 1970
From: Dan Carpenter <dan.carpenter@oracle.com>
Subject: [patch 2/4] drm/amdgpu: integer overflow in amdgpu_info_ioctl()
Date: Wed, 23 Sep 2015 14:00:12 +0300
Message-ID: <20150923110012.GB16158@mwanda>
References: <13E61BCA7787794E89BDF39B8DE40C024D12E9F63F@ioaexchange.ioactive.local>
Mime-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
Return-path: <dri-devel-bounces@lists.freedesktop.org>
Received: from aserp1040.oracle.com (aserp1040.oracle.com [141.146.126.69])
 by gabe.freedesktop.org (Postfix) with ESMTPS id 248E76E74A
 for <dri-devel@lists.freedesktop.org>; Wed, 23 Sep 2015 04:00:36 -0700 (PDT)
Content-Disposition: inline
In-Reply-To: <13E61BCA7787794E89BDF39B8DE40C024D12E9F63F@ioaexchange.ioactive.local>
List-Unsubscribe: <http://lists.freedesktop.org/mailman/options/dri-devel>,
 <mailto:dri-devel-request@lists.freedesktop.org?subject=unsubscribe>
List-Archive: <http://lists.freedesktop.org/archives/dri-devel>
List-Post: <mailto:dri-devel@lists.freedesktop.org>
List-Help: <mailto:dri-devel-request@lists.freedesktop.org?subject=help>
List-Subscribe: <http://lists.freedesktop.org/mailman/listinfo/dri-devel>,
 <mailto:dri-devel-request@lists.freedesktop.org?subject=subscribe>
Errors-To: dri-devel-bounces@lists.freedesktop.org
Sender: "dri-devel" <dri-devel-bounces@lists.freedesktop.org>
To: David Airlie <airlied@linux.ie>, Ilja Van Sprundel <ivansprundel@ioactive.com>
Cc: security@kernel.org, dri-devel@lists.freedesktop.org, yanyang1 <young.yang@amd.com>, Alex Deucher <alexander.deucher@amd.com>, Ken Wang <Qingqing.Wang@amd.com>, Christian =?iso-8859-1?Q?K=F6nig?= <christian.koenig@amd.com>, Dan Carpenter <dan.carpenter@oracle.com>
List-Id: dri-devel@lists.freedesktop.org

VGhlICJhbGxvY19zaXplIiBjYWxjdWxhdGlvbiBjYW4gb3ZlcmZsb3cgbGVhZGluZyB0byBtZW1v
cnkgY29ycnVwdGlvbi4KClJlcG9ydGVkLWJ5OiBJbGphIFZhbiBTcHJ1bmRlbCA8aXZhbnNwcnVu
ZGVsQGlvYWN0aXZlLmNvbT4KU2lnbmVkLW9mZi1ieTogRGFuIENhcnBlbnRlciA8ZGFuLmNhcnBl
bnRlckBvcmFjbGUuY29tPgotLS0KVGhlIGFtZGdwdV9hc2ljX3JlYWRfcmVnaXN0ZXIoKSBmdW5j
dGlvbnMgc2VlbSBsaWtlbHkgdG8gYmUgc2xvdy4gIFRoZXkKaXRlcmF0ZSB0aHJvdWdoIGFsbCB0
aGUgcmVnaXN0ZXJzIHRvIGZpbmQgdGhlIGNvcnJlY3QgcmVnaXN0ZXIgdG8gcmVhZC4KCmRpZmYg
LS1naXQgYS9kcml2ZXJzL2dwdS9kcm0vYW1kL2FtZGdwdS9hbWRncHVfa21zLmMgYi9kcml2ZXJz
L2dwdS9kcm0vYW1kL2FtZGdwdS9hbWRncHVfa21zLmMKaW5kZXggMjIzNjc5My4uOGM3MzVmNSAx
MDA2NDQKLS0tIGEvZHJpdmVycy9ncHUvZHJtL2FtZC9hbWRncHUvYW1kZ3B1X2ttcy5jCisrKyBi
L2RyaXZlcnMvZ3B1L2RybS9hbWQvYW1kZ3B1L2FtZGdwdV9rbXMuYwpAQCAtMzkwLDcgKzM5MCw3
IEBAIHN0YXRpYyBpbnQgYW1kZ3B1X2luZm9faW9jdGwoc3RydWN0IGRybV9kZXZpY2UgKmRldiwg
dm9pZCAqZGF0YSwgc3RydWN0IGRybV9maWxlCiAJCQkJICAgIG1pbigoc2l6ZV90KXNpemUsIHNp
emVvZih2cmFtX2d0dCkpKSA/IC1FRkFVTFQgOiAwOwogCX0KIAljYXNlIEFNREdQVV9JTkZPX1JF
QURfTU1SX1JFRzogewotCQl1bnNpZ25lZCBuLCBhbGxvY19zaXplID0gaW5mby0+cmVhZF9tbXJf
cmVnLmNvdW50ICogNDsKKwkJdW5zaWduZWQgbiwgYWxsb2Nfc2l6ZTsKIAkJdWludDMyX3QgKnJl
Z3M7CiAJCXVuc2lnbmVkIHNlX251bSA9IChpbmZvLT5yZWFkX21tcl9yZWcuaW5zdGFuY2UgPj4K
IAkJCQkgICBBTURHUFVfSU5GT19NTVJfU0VfSU5ERVhfU0hJRlQpICYKQEAgLTQwNiw5ICs0MDYs
MTAgQEAgc3RhdGljIGludCBhbWRncHVfaW5mb19pb2N0bChzdHJ1Y3QgZHJtX2RldmljZSAqZGV2
LCB2b2lkICpkYXRhLCBzdHJ1Y3QgZHJtX2ZpbGUKIAkJaWYgKHNoX251bSA9PSBBTURHUFVfSU5G
T19NTVJfU0hfSU5ERVhfTUFTSykKIAkJCXNoX251bSA9IDB4ZmZmZmZmZmY7CiAKLQkJcmVncyA9
IGttYWxsb2MoYWxsb2Nfc2l6ZSwgR0ZQX0tFUk5FTCk7CisJCXJlZ3MgPSBrbWFsbG9jX2FycmF5
KGluZm8tPnJlYWRfbW1yX3JlZy5jb3VudCwgc2l6ZW9mKCpyZWdzKSwgR0ZQX0tFUk5FTCk7CiAJ
CWlmICghcmVncykKIAkJCXJldHVybiAtRU5PTUVNOworCQlhbGxvY19zaXplID0gaW5mby0+cmVh
ZF9tbXJfcmVnLmNvdW50ICogc2l6ZW9mKCpyZWdzKTsKIAogCQlmb3IgKGkgPSAwOyBpIDwgaW5m
by0+cmVhZF9tbXJfcmVnLmNvdW50OyBpKyspCiAJCQlpZiAoYW1kZ3B1X2FzaWNfcmVhZF9yZWdp
c3RlcihhZGV2LCBzZV9udW0sIHNoX251bSwKX19fX19fX19fX19fX19fX19fX19fX19fX19fX19f
X19fX19fX19fX19fX19fX18KZHJpLWRldmVsIG1haWxpbmcgbGlzdApkcmktZGV2ZWxAbGlzdHMu
ZnJlZWRlc2t0b3Aub3JnCmh0dHA6Ly9saXN0cy5mcmVlZGVza3RvcC5vcmcvbWFpbG1hbi9saXN0
aW5mby9kcmktZGV2ZWwK