Linux Kernel CCS Handling Vulnerability in DRM/I915 Component

A vulnerability in the Linux kernel's Direct Rendering Manager (DRM) Intel 915 (i915) subsystem has been addressed. This issue relates to improper handling of Color Compression Surface (CCS) blocks during memory migration operations, particularly with large objects. The vulnerability can be triggered by certain combinations of the Crucible tool and recent Mesa versions, as well as by modifying object sizes in the 'gem_lmem_swapping' test. The root cause includes the use of plain integers that can overflow with large objects, and incorrect copying of pages for objects larger than 8MB, which leads to exceeding the allowed number of CCS blocks per transfer.

Impact

The vulnerability can cause memory management errors, including improper copying of large objects in the graphics memory, which may disrupt normal operations or lead to crashes.

Reproduction

The vulnerability can be reproduced by running the 'gem_lmem_swapping' test case from the Intel Graphics Performance Analyzers (IGT) suite, with modified object sizes to exceed 8MB. This will trigger the improper handling of CCS blocks during the memory migration process.