On Fri, 19 Jun 2026 13:41:22 +0100, Adrián Larumbe
<[email protected]> wrote:
> diff --git a/drivers/gpu/drm/panthor/panthor_mmu.c
> b/drivers/gpu/drm/panthor/panthor_mmu.c
> index 31cc57029c12..a8de4fe6b231 100644
> --- a/drivers/gpu/drm/panthor/panthor_mmu.c
> +++ b/drivers/gpu/drm/panthor/panthor_mmu.c
> @@ -2981,6 +2986,10 @@ panthor_vm_bind_prepare_op_ctx(struct drm_file *file,
> if (!IS_ALIGNED(op->va | op->size | op->bo_offset, vm_pgsz))
> return -EINVAL;
>
> + /* We don't allow mappings that overlap with kbo's reserved range */
> + if (op->va + op->size > vm->user_va_end)
> + return -EINVAL;
I wrote an overflow check as follows, in panthor_vm_prepare_map_op_ctx():
/* Protect against sparse VA range overflow */
if (is_sparse && check_add_overflow(op->va, op->size, &end))
return -EINVAL;
However, despite Shashiko's warning, it seems there's no need for this, because
drm_gpuvm
core code is already performing this kind of check inside __drm_gpuvm_sm_map():
__drm_gpuvm_sm_map -> drm_gpuvm_range_valid -> drm_gpuvm_check_overflow
So even though we wouldn't catch the overflow when we test that the bind range
falls within
the user_va boundary, it will be caught later at map time, and maybe that's
enough?
--
Adrián Larumbe <[email protected]>
