Replace BUG()/BUG_ON() with error logs and safe returns in several places where they can be triggered by invalid userspace input, preventing DoS via kernel panic.
Signed-off-by: Ce Sun <[email protected]> --- drivers/gpu/drm/amd/amdgpu/amdgpu_device.c | 7 ++++++- drivers/gpu/drm/amd/amdgpu/amdgpu_reg_access.c | 14 ++++++++++---- drivers/gpu/drm/amd/amdgpu/mxgpu_vi.c | 2 +- .../drm/amd/display/amdgpu_dm/amdgpu_dm_helpers.c | 2 +- 4 files changed, 18 insertions(+), 7 deletions(-) diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_device.c b/drivers/gpu/drm/amd/amdgpu/amdgpu_device.c index 5ccbe6c885cf..8fbaaf62f7a5 100644 --- a/drivers/gpu/drm/amd/amdgpu/amdgpu_device.c +++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_device.c @@ -717,7 +717,12 @@ void amdgpu_device_mm_access(struct amdgpu_device *adev, loff_t pos, if (!drm_dev_enter(adev_to_drm(adev), &idx)) return; - BUG_ON(!IS_ALIGNED(pos, 4) || !IS_ALIGNED(size, 4)); + if (!IS_ALIGNED(pos, 4) || !IS_ALIGNED(size, 4)) { + dev_err(adev->dev, "unaligned pos/size (pos=0x%llx, size=0x%zx)\n", + pos, size); + drm_dev_exit(idx); + return; + } spin_lock_irqsave(&adev->mmio_idx_lock, flags); for (last = pos + size; pos < last; pos += 4) { diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_reg_access.c b/drivers/gpu/drm/amd/amdgpu/amdgpu_reg_access.c index daefbeeee4d2..7468855c16a2 100644 --- a/drivers/gpu/drm/amd/amdgpu/amdgpu_reg_access.c +++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_reg_access.c @@ -406,7 +406,10 @@ uint8_t amdgpu_mm_rreg8(struct amdgpu_device *adev, uint32_t offset) if (offset < adev->rmmio_size) return (readb(adev->rmmio + offset)); - BUG(); + + dev_err(adev->dev, "invalid MMIO read offset 0x%x (rmmio size 0x%x)\n", + offset, (unsigned int)adev->rmmio_size); + return 0; } /** @@ -469,10 +472,13 @@ void amdgpu_mm_wreg8(struct amdgpu_device *adev, uint32_t offset, uint8_t value) if (amdgpu_device_skip_hw_access(adev)) return; - if (offset < adev->rmmio_size) + if (offset < adev->rmmio_size) { writeb(value, adev->rmmio + offset); - else - BUG(); + } else { + dev_err(adev->dev, "invalid MMIO write offset 0x%x (rmmio size 0x%x)\n", + offset, (unsigned int)adev->rmmio_size); + return; + } } /** diff --git a/drivers/gpu/drm/amd/amdgpu/mxgpu_vi.c b/drivers/gpu/drm/amd/amdgpu/mxgpu_vi.c index e1d63bed84bf..c3293e5a658c 100644 --- a/drivers/gpu/drm/amd/amdgpu/mxgpu_vi.c +++ b/drivers/gpu/drm/amd/amdgpu/mxgpu_vi.c @@ -308,7 +308,7 @@ void xgpu_vi_init_golden_registers(struct amdgpu_device *adev) xgpu_tonga_golden_common_all)); break; default: - BUG_ON("Doesn't support chip type.\n"); + dev_err(adev->dev, "Doesn't support chip type %d\n", adev->asic_type); break; } } diff --git a/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_helpers.c b/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_helpers.c index c491af21a34c..0f6e2b55625a 100644 --- a/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_helpers.c +++ b/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_helpers.c @@ -961,7 +961,7 @@ bool dm_helpers_is_dp_sink_present(struct dc_link *link) struct amdgpu_dm_connector *aconnector = link->priv; if (!aconnector) { - BUG_ON("Failed to find connector for link!"); + DRM_ERROR("Failed to find connector for link!"); return true; } -- 2.34.1
