From patchwork Thu Apr 2 15:29:18 2015 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Lucas Stach X-Patchwork-Id: 6149591 Return-Path: X-Original-To: patchwork-dri-devel@patchwork.kernel.org Delivered-To: patchwork-parsemail@patchwork1.web.kernel.org Received: from mail.kernel.org (mail.kernel.org [198.145.29.136]) by patchwork1.web.kernel.org (Postfix) with ESMTP id BFE1E9F1BE for ; Thu, 2 Apr 2015 15:31:57 +0000 (UTC) Received: from mail.kernel.org (localhost [127.0.0.1]) by mail.kernel.org (Postfix) with ESMTP id 0343F203AE for ; Thu, 2 Apr 2015 15:31:56 +0000 (UTC) Received: from gabe.freedesktop.org (gabe.freedesktop.org [131.252.210.177]) by mail.kernel.org (Postfix) with ESMTP id 2905F203AD for ; Thu, 2 Apr 2015 15:31:55 +0000 (UTC) Received: from gabe.freedesktop.org (localhost [127.0.0.1]) by gabe.freedesktop.org (Postfix) with ESMTP id 9294C6EA63; Thu, 2 Apr 2015 08:31:06 -0700 (PDT) X-Original-To: dri-devel@lists.freedesktop.org Delivered-To: dri-devel@lists.freedesktop.org Received: from metis.ext.pengutronix.de (metis.ext.pengutronix.de [92.198.50.35]) by gabe.freedesktop.org (Postfix) with ESMTP id A8BFC6EA41 for ; Thu, 2 Apr 2015 08:30:56 -0700 (PDT) Received: from dude.hi.4.pengutronix.de ([10.1.0.7] helo=dude.pengutronix.de.) by metis.ext.pengutronix.de with esmtp (Exim 4.72) (envelope-from ) id 1Ydh55-0005OD-VG; Thu, 02 Apr 2015 17:30:55 +0200 From: Lucas Stach To: dri-devel@lists.freedesktop.org Subject: [PATCH RFC 016/111] staging: etnaviv: validation: ensure space for the LINK command Date: Thu, 2 Apr 2015 17:29:18 +0200 Message-Id: <1427988653-754-17-git-send-email-l.stach@pengutronix.de> X-Mailer: git-send-email 2.1.4 In-Reply-To: <1427988653-754-1-git-send-email-l.stach@pengutronix.de> References: <1427988653-754-1-git-send-email-l.stach@pengutronix.de> X-SA-Exim-Connect-IP: 10.1.0.7 X-SA-Exim-Mail-From: l.stach@pengutronix.de X-SA-Exim-Scanned: No (on metis.ext.pengutronix.de); SAEximRunCond expanded to false X-PTX-Original-Recipient: dri-devel@lists.freedesktop.org Cc: Russell King , kernel@pengutronix.de X-BeenThere: dri-devel@lists.freedesktop.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: Direct Rendering Infrastructure - Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: dri-devel-bounces@lists.freedesktop.org Sender: "dri-devel" X-Spam-Status: No, score=-4.2 required=5.0 tests=BAYES_00, RCVD_IN_DNSWL_MED, T_RP_MATCHES_RCVD, UNPARSEABLE_RELAY autolearn=unavailable version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on mail.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP From: Russell King Ensure that we reject command buffers which are fully populated, as we always need to append two words for a LINK command to the end of the buffer. Signed-off-by: Russell King --- drivers/staging/etnaviv/etnaviv_gem_submit.c | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/drivers/staging/etnaviv/etnaviv_gem_submit.c b/drivers/staging/etnaviv/etnaviv_gem_submit.c index dd87fdfe7ab5..f8b733a0e313 100644 --- a/drivers/staging/etnaviv/etnaviv_gem_submit.c +++ b/drivers/staging/etnaviv/etnaviv_gem_submit.c @@ -348,6 +348,7 @@ int etnaviv_ioctl_gem_submit(struct drm_device *dev, void *data, void __user *userptr = to_user_ptr(args->cmds + (i * sizeof(submit_cmd))); struct etnaviv_gem_object *etnaviv_obj; + unsigned max_size; ret = copy_from_user(&submit_cmd, userptr, sizeof(submit_cmd)); if (ret) { @@ -373,8 +374,13 @@ int etnaviv_ioctl_gem_submit(struct drm_device *dev, void *data, goto out; } - if ((submit_cmd.size + submit_cmd.submit_offset) >= - etnaviv_obj->base.size) { + /* + * We must have space to add a LINK command at the end of + * the command buffer. + */ + max_size = etnaviv_obj->base.size - 8; + + if ((submit_cmd.size + submit_cmd.submit_offset) > max_size) { DRM_ERROR("invalid cmdstream size: %u\n", submit_cmd.size); ret = -EINVAL; goto out;