From 1986a3b022bee7ad34d0c539b32a81575bf3c9a3 Mon Sep 17 00:00:00 2001
From: Felix Kuehling <Felix.Kuehling@amd.com>
Date: Tue, 7 May 2019 17:46:14 -0400
Subject: [PATCH] drm/amdgpu: Improve error handling for HMM

Use unsigned long for number of pages.

Check that pfns are valid after hmm_vma_fault. If they are not,
return an error instead of continuing with invalid page pointers and
PTEs.

Signed-off-by: Felix Kuehling <Felix.Kuehling@amd.com>
Reviewed-by: Philip Yang <Philip.Yang@amd.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
---
 drivers/gpu/drm/amd/amdgpu/amdgpu_ttm.c | 22 ++++++++++++++++++----
 1 file changed, 18 insertions(+), 4 deletions(-)

diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_ttm.c b/drivers/gpu/drm/amd/amdgpu/amdgpu_ttm.c
index b25922e3d1ed..7138dc1dd1f4 100644
--- a/drivers/gpu/drm/amd/amdgpu/amdgpu_ttm.c
+++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_ttm.c
@@ -734,10 +734,11 @@ int amdgpu_ttm_tt_get_user_pages(struct ttm_tt *ttm, struct page **pages)
 	struct mm_struct *mm = gtt->usertask->mm;
 	unsigned long start = gtt->userptr;
 	unsigned long end = start + ttm->num_pages * PAGE_SIZE;
-	struct hmm_range *ranges;
 	struct vm_area_struct *vma = NULL, *vmas[MAX_NR_VMAS];
+	struct hmm_range *ranges;
+	unsigned long nr_pages, i;
 	uint64_t *pfns, f;
-	int r = 0, i, nr_pages;
+	int r = 0;
 
 	if (!mm) /* Happens during process shutdown */
 		return -ESRCH;
@@ -813,8 +814,14 @@ int amdgpu_ttm_tt_get_user_pages(struct ttm_tt *ttm, struct page **pages)
 
 	up_read(&mm->mmap_sem);
 
-	for (i = 0; i < ttm->num_pages; i++)
+	for (i = 0; i < ttm->num_pages; i++) {
 		pages[i] = hmm_pfn_to_page(&ranges[0], pfns[i]);
+		if (!pages[i]) {
+			pr_err("Page fault failed for pfn[%lu] = 0x%llx\n",
+			       i, pfns[i]);
+			goto out_invalid_pfn;
+		}
+	}
 	gtt->ranges = ranges;
 
 	return 0;
@@ -827,6 +834,13 @@ out:
 	up_read(&mm->mmap_sem);
 
 	return r;
+
+out_invalid_pfn:
+	for (i = 0; i < gtt->nr_ranges; i++)
+		hmm_vma_range_done(&ranges[i]);
+	kvfree(pfns);
+	kvfree(ranges);
+	return -ENOMEM;
 }
 
 /**
@@ -871,7 +885,7 @@ bool amdgpu_ttm_tt_get_user_pages_done(struct ttm_tt *ttm)
  */
 void amdgpu_ttm_tt_set_user_pages(struct ttm_tt *ttm, struct page **pages)
 {
-	unsigned i;
+	unsigned long i;
 
 	for (i = 0; i < ttm->num_pages; ++i)
 		ttm->pages[i] = pages ? pages[i] : NULL;
-- 
2.20.1