This series addresses a crash in drm_buddy allocator when allocation requests exceed mm->max_order after rounding operations. This can occur with non-power-of-two VRAM sizes (e.g., 10G = 8G + 2G roots) where mm->max_order represents the largest block (8G).
The issue manifests in two scenarios: 1. CONTIGUOUS allocations: roundup_pow_of_two(9G) = 16G > 10G 2. Large min_block_size: round_up(9G, 8G) = 16G > 10G Both cases trigger BUG_ON(order > mm->max_order) deep in the allocation path, crashing the system on invalid user input. The fix validates the rounded size early and handles it appropriately: - For CONTIGUOUS-only allocations, use the existing try_harder fallback - For other cases (non-contiguous, or contiguous+range), return -EINVAL Cc: Christian König <[email protected]> Cc: Arunpravin Paneer Selvam <[email protected]> Suggested-by: Matthew Auld <[email protected]> Sanjay Yadav (2): drm/buddy: Prevent BUG_ON by validating rounded allocation drm/tests/drm_buddy: Add tests for allocations exceeding max_order drivers/gpu/drm/drm_buddy.c | 9 +++++++ drivers/gpu/drm/tests/drm_buddy_test.c | 35 ++++++++++++++++++++++++++ 2 files changed, 44 insertions(+) -- 2.52.0
