6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Tvrtko Ursulin tvrtko.ursulin@igalia.com
commit f32b5128d2c440368b5bf3a7a356823e235caabb upstream.
Check that the number of perfmons userspace is passing in the copy and reset extensions is not greater than the internal kernel storage where the ids will be copied into.
Signed-off-by: Tvrtko Ursulin tvrtko.ursulin@igalia.com Fixes: bae7cb5d6800 ("drm/v3d: Create a CPU job extension for the reset performance query job") Cc: Maíra Canal mcanal@igalia.com Cc: Iago Toral Quiroga itoral@igalia.com Cc: stable@vger.kernel.org # v6.8+ Reviewed-by: Iago Toral Quiroga itoral@igalia.com Reviewed-by: Maíra Canal mcanal@igalia.com Signed-off-by: Maíra Canal mcanal@igalia.com Link: https://patchwork.freedesktop.org/patch/msgid/20240711135340.84617-2-tursuli... Signed-off-by: Greg Kroah-Hartman gregkh@linuxfoundation.org --- drivers/gpu/drm/v3d/v3d_submit.c | 6 ++++++ 1 file changed, 6 insertions(+)
--- a/drivers/gpu/drm/v3d/v3d_submit.c +++ b/drivers/gpu/drm/v3d/v3d_submit.c @@ -671,6 +671,9 @@ v3d_get_cpu_reset_performance_params(str if (reset.nperfmons > V3D_MAX_PERFMONS) return -EINVAL;
+ if (reset.nperfmons > V3D_MAX_PERFMONS) + return -EINVAL; + job->job_type = V3D_CPU_JOB_TYPE_RESET_PERFORMANCE_QUERY;
job->performance_query.queries = kvmalloc_array(reset.count, @@ -753,6 +756,9 @@ v3d_get_cpu_copy_performance_query_param return -EINVAL;
if (copy.nperfmons > V3D_MAX_PERFMONS) + return -EINVAL; + + if (copy.nperfmons > V3D_MAX_PERFMONS) return -EINVAL;
job->job_type = V3D_CPU_JOB_TYPE_COPY_PERFORMANCE_QUERY;