On Tue, Jul 9, 2019 at 11:59 PM Kuehling, Felix wrote:
>
> With mm_nodes larger than 4GB, byte_count in amdgpu_fill_buffer would
> overflow.
>
> Signed-off-by: Felix Kuehling
Good catch.
Reviewed-by: Alex Deucher
> ---
> drivers/gpu/drm/amd/amdgpu/amdgpu_ttm.c | 9 +
> 1 file changed, 5 insertions(+), 4 deletions(-)
>
> diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_ttm.c
> b/drivers/gpu/drm/amd/amdgpu/amdgpu_ttm.c
> index ae0eb64e734b..bbbf069efb77 100644
> --- a/drivers/gpu/drm/amd/amdgpu/amdgpu_ttm.c
> +++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_ttm.c
> @@ -2071,9 +2071,9 @@ int amdgpu_fill_buffer(struct amdgpu_bo *bo,
> mm_node = bo->tbo.mem.mm_node;
> num_loops = 0;
> while (num_pages) {
> - uint32_t byte_count = mm_node->size << PAGE_SHIFT;
> + uint64_t byte_count = mm_node->size << PAGE_SHIFT;
>
> - num_loops += DIV_ROUND_UP(byte_count, max_bytes);
> + num_loops += DIV_ROUND_UP_ULL(byte_count, max_bytes);
> num_pages -= mm_node->size;
> ++mm_node;
> }
> @@ -2099,12 +2099,13 @@ int amdgpu_fill_buffer(struct amdgpu_bo *bo,
> mm_node = bo->tbo.mem.mm_node;
>
> while (num_pages) {
> - uint32_t byte_count = mm_node->size << PAGE_SHIFT;
> + uint64_t byte_count = mm_node->size << PAGE_SHIFT;
> uint64_t dst_addr;
>
> dst_addr = amdgpu_mm_node_addr(>tbo, mm_node,
> >tbo.mem);
> while (byte_count) {
> - uint32_t cur_size_in_bytes = min(byte_count,
> max_bytes);
> + uint32_t cur_size_in_bytes = min_t(uint64_t,
> byte_count,
> + max_bytes);
>
> amdgpu_emit_fill_buffer(adev, >ibs[0], src_data,
> dst_addr, cur_size_in_bytes);
> --
> 2.17.1
>
> ___
> amd-gfx mailing list
> amd-gfx@lists.freedesktop.org
> https://lists.freedesktop.org/mailman/listinfo/amd-gfx
___
amd-gfx mailing list
amd-gfx@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/amd-gfx
