[PATCH 05/11] drm/v3d: Validate passed in drm syncobj handles in the performance extension
From: Tvrtko Ursulin tvrtko.ursulin@igalia.com
If userspace provides an unknown or invalid handle anywhere in the handle array the rest of the driver will not handle that well.
Fix it by checking handle was looked up successfuly or otherwise fail the extension by jumping into the existing unwind.
Signed-off-by: Tvrtko Ursulin tvrtko.ursulin@igalia.com Fixes: bae7cb5d6800 ("drm/v3d: Create a CPU job extension for the reset performance query job" Cc: Maíra Canal mcanal@igalia.com Cc: Iago Toral Quiroga itoral@igalia.com Cc: stable@vger.kernel.org # v6.8+ --- drivers/gpu/drm/v3d/v3d_submit.c | 8 ++++++++ 1 file changed, 8 insertions(+)
diff --git a/drivers/gpu/drm/v3d/v3d_submit.c b/drivers/gpu/drm/v3d/v3d_submit.c index e3a00c8394a5..3838ebade45d 100644 --- a/drivers/gpu/drm/v3d/v3d_submit.c +++ b/drivers/gpu/drm/v3d/v3d_submit.c @@ -710,6 +710,10 @@ v3d_get_cpu_reset_performance_params(struct drm_file *file_priv, }
job->performance_query.queries[i].syncobj = drm_syncobj_find(file_priv, sync); + if (!job->performance_query.queries[i].syncobj) { + err = -ENOENT; + goto error; + } } job->performance_query.count = reset.count; job->performance_query.nperfmons = reset.nperfmons; @@ -790,6 +794,10 @@ v3d_get_cpu_copy_performance_query_params(struct drm_file *file_priv, }
job->performance_query.queries[i].syncobj = drm_syncobj_find(file_priv, sync); + if (!job->performance_query.queries[i].syncobj) { + err = -ENOENT; + goto error; + } } job->performance_query.count = copy.count; job->performance_query.nperfmons = copy.nperfmons;
On 7/11/24 06:15, Tvrtko Ursulin wrote:
From: Tvrtko Ursulin tvrtko.ursulin@igalia.com
If userspace provides an unknown or invalid handle anywhere in the handle array the rest of the driver will not handle that well.
Fix it by checking handle was looked up successfuly or otherwise fail the extension by jumping into the existing unwind.
I'm not a English-native speaker, but again I need to say that it feels to me that it is something missing in this sentence.
I suggested "Fix it by checking if the handle..."
Also, s/successfuly/successfully
Signed-off-by: Tvrtko Ursulin tvrtko.ursulin@igalia.com
Reviewed-by: Maíra Canal mcanal@igalia.com
Best Regards, - Maíra
Fixes: bae7cb5d6800 ("drm/v3d: Create a CPU job extension for the reset performance query job" Cc: Maíra Canal mcanal@igalia.com Cc: Iago Toral Quiroga itoral@igalia.com Cc: stable@vger.kernel.org # v6.8+
drivers/gpu/drm/v3d/v3d_submit.c | 8 ++++++++ 1 file changed, 8 insertions(+)
diff --git a/drivers/gpu/drm/v3d/v3d_submit.c b/drivers/gpu/drm/v3d/v3d_submit.c index e3a00c8394a5..3838ebade45d 100644 --- a/drivers/gpu/drm/v3d/v3d_submit.c +++ b/drivers/gpu/drm/v3d/v3d_submit.c @@ -710,6 +710,10 @@ v3d_get_cpu_reset_performance_params(struct drm_file *file_priv, } job->performance_query.queries[i].syncobj = drm_syncobj_find(file_priv, sync);
if (!job->performance_query.queries[i].syncobj) {err = -ENOENT;goto error;}@@ -790,6 +794,10 @@ v3d_get_cpu_copy_performance_query_params(struct drm_file *file_priv, } job->performance_query.queries[i].syncobj = drm_syncobj_find(file_priv, sync);
if (!job->performance_query.queries[i].syncobj) {err = -ENOENT;goto error;}
linux-stable-mirror@lists.linaro.org
-
Maíra Canal -
Tvrtko Ursulin