Skip to content

Commit 5488a29

Browse files
sanjayumangarunpravin24
sanjayumang
authored and
arunpravin24
committed
drm/buddy: Prevent BUG_ON by validating rounded allocation
When DRM_BUDDY_CONTIGUOUS_ALLOCATION is set, the requested size is rounded up to the next power-of-two via roundup_pow_of_two(). Similarly, for non-contiguous allocations with large min_block_size, the size is aligned up via round_up(). Both operations can produce a rounded size that exceeds mm->size, which later triggers BUG_ON(order > mm->max_order). Example scenarios: - 9G CONTIGUOUS allocation on 10G VRAM memory: roundup_pow_of_two(9G) = 16G > 10G - 9G allocation with 8G min_block_size on 10G VRAM memory: round_up(9G, 8G) = 16G > 10G Fix this by checking the rounded size against mm->size. For non-contiguous or range allocations where size > mm->size is invalid, return -EINVAL immediately. For contiguous allocations without range restrictions, allow the request to fall through to the existing __alloc_contig_try_harder() fallback. This ensures invalid user input returns an error or uses the fallback path instead of hitting BUG_ON. v2: (Matt A) - Add Fixes, Cc stable, and Closes tags for context Closes: https://gitlab.freedesktop.org/drm/xe/kernel/-/issues/6712 Fixes: 0a1844b ("drm/buddy: Improve contiguous memory allocation") Cc: <stable@vger.kernel.org> # v6.7+ Cc: Christian König <christian.koenig@amd.com> Cc: Arunpravin Paneer Selvam <Arunpravin.PaneerSelvam@amd.com> Suggested-by: Matthew Auld <matthew.auld@intel.com> Signed-off-by: Sanjay Yadav <sanjay.kumar.yadav@intel.com> Reviewed-by: Matthew Auld <matthew.auld@intel.com> Reviewed-by: Arunpravin Paneer Selvam <Arunpravin.PaneerSelvam@amd.com> Signed-off-by: Arunpravin Paneer Selvam <Arunpravin.PaneerSelvam@amd.com> Link: https://patch.msgid.link/20260108113227.2101872-5-sanjay.kumar.yadav@intel.com
1 parent 0668220 commit 5488a29

1 file changed

Lines changed: 9 additions & 0 deletions

File tree

drivers/gpu/drm/drm_buddy.c

Lines changed: 9 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1156,6 +1156,15 @@ int drm_buddy_alloc_blocks(struct drm_buddy *mm,
11561156
order = fls(pages) - 1;
11571157
min_order = ilog2(min_block_size) - ilog2(mm->chunk_size);
11581158

1159+
if (order > mm->max_order || size > mm->size) {
1160+
if ((flags & DRM_BUDDY_CONTIGUOUS_ALLOCATION) &&
1161+
!(flags & DRM_BUDDY_RANGE_ALLOCATION))
1162+
return __alloc_contig_try_harder(mm, original_size,
1163+
original_min_size, blocks);
1164+
1165+
return -EINVAL;
1166+
}
1167+
11591168
do {
11601169
order = min(order, (unsigned int)fls(pages) - 1);
11611170
BUG_ON(order > mm->max_order);

0 commit comments

Comments
 (0)