| Message ID | 20170722095323.9964-9-christian.gmeiner@gmail.com (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
Am Samstag, den 22.07.2017, 11:53 +0200 schrieb Christian Gmeiner: > Changes from v1 -> v2: > - renamed submit_perfmon_request() to submit_perfmon_validate() > - extended flags validation > - added comment about offset 0 > - moved assigment of cmdbuf->nr_pmrs below the copy_from_user of the pmrs. > > Signed-off-by: Christian Gmeiner <christian.gmeiner@gmail.com> > --- > drivers/gpu/drm/etnaviv/etnaviv_gem_submit.c | 69 +++++++++++++++++++++++++++- > 1 file changed, 67 insertions(+), 2 deletions(-) > > diff --git a/drivers/gpu/drm/etnaviv/etnaviv_gem_submit.c b/drivers/gpu/drm/etnaviv/etnaviv_gem_submit.c > index 9c57b14dfcbf..91e35114d25c 100644 > --- a/drivers/gpu/drm/etnaviv/etnaviv_gem_submit.c > +++ b/drivers/gpu/drm/etnaviv/etnaviv_gem_submit.c > @@ -21,6 +21,7 @@ > #include "etnaviv_drv.h" > #include "etnaviv_gpu.h" > #include "etnaviv_gem.h" > +#include "etnaviv_perfmon.h" > > /* > * Cmdstream submission: > @@ -283,6 +284,54 @@ static int submit_reloc(struct etnaviv_gem_submit *submit, void *stream, > return 0; > } > > +static int submit_perfmon_validate(struct etnaviv_gem_submit *submit, > + struct etnaviv_cmdbuf *cmdbuf, > + const struct drm_etnaviv_gem_submit_pmr *pmrs, > + u32 nr_pms) > +{ > + u32 i; > + > + for (i = 0; i < nr_pms; i++) { > + const struct drm_etnaviv_gem_submit_pmr *r = pmrs + i; > + struct etnaviv_gem_submit_bo *bo; > + int ret; > + > + ret = submit_bo(submit, r->read_idx, &bo); > + if (ret) > + return ret; > + > + /* at offset 0 a sequence number gets stored used for userspace sync */ > + if (r->read_offset == 0) { > + DRM_ERROR("perfmon request: offset is 0"); > + return -EINVAL; > + } > + > + if (r->read_offset >= bo->obj->base.size - sizeof(u32)) { > + DRM_ERROR("perfmon request: offset %u outside object", i); > + return -EINVAL; > + } > + > + if (!(r->flags & (ETNA_PM_PROCESS_PRE | ETNA_PM_PROCESS_POST))) { This isn't a proper validation, as it allows other bits to be set. This should be: if (r->flags & ~(ETNA_PM_PROCESS_PRE | ETNA_PM_PROCESS_POST)) > + DRM_ERROR("perfmon request: flags are not valid"); > + return -EINVAL; > + } > + > + if (etnaviv_pm_req_validate(r)) { > + DRM_ERROR("perfmon request: domain or signal not valid"); > + return -EINVAL; > + } > + > + cmdbuf->pmrs[i].flags = r->flags; > + cmdbuf->pmrs[i].domain = r->domain; > + cmdbuf->pmrs[i].signal = r->signal; > + cmdbuf->pmrs[i].sequence = r->sequence; > + cmdbuf->pmrs[i].offset = r->read_offset; > + cmdbuf->pmrs[i].bo_vma = etnaviv_gem_vmap(&bo->obj->base); > + } > + > + return 0; > +} > + > static void submit_cleanup(struct etnaviv_gem_submit *submit) > { > unsigned i; > @@ -306,6 +355,7 @@ int etnaviv_ioctl_gem_submit(struct drm_device *dev, void *data, > struct etnaviv_drm_private *priv = dev->dev_private; > struct drm_etnaviv_gem_submit *args = data; > struct drm_etnaviv_gem_submit_reloc *relocs; > + struct drm_etnaviv_gem_submit_pmr *pmrs; > struct drm_etnaviv_gem_submit_bo *bos; > struct etnaviv_gem_submit *submit; > struct etnaviv_cmdbuf *cmdbuf; > @@ -347,11 +397,12 @@ int etnaviv_ioctl_gem_submit(struct drm_device *dev, void *data, > */ > bos = kvmalloc_array(args->nr_bos, sizeof(*bos), GFP_KERNEL); > relocs = kvmalloc_array(args->nr_relocs, sizeof(*relocs), GFP_KERNEL); > + pmrs = kvmalloc_array(args->nr_pmrs, sizeof(*pmrs), GFP_KERNEL); > stream = kvmalloc_array(1, args->stream_size, GFP_KERNEL); > cmdbuf = etnaviv_cmdbuf_new(gpu->cmdbuf_suballoc, > ALIGN(args->stream_size, 8) + 8, > - args->nr_bos, 0); > - if (!bos || !relocs || !stream || !cmdbuf) { > + args->nr_bos, args->nr_pmrs); > + if (!bos || !relocs || !pmrs || !stream || !cmdbuf) { > ret = -ENOMEM; > goto err_submit_cmds; > } > @@ -373,6 +424,14 @@ int etnaviv_ioctl_gem_submit(struct drm_device *dev, void *data, > goto err_submit_cmds; > } > > + ret = copy_from_user(pmrs, u64_to_user_ptr(args->pmrs), > + args->nr_pmrs * sizeof(*pmrs)); > + if (ret) { > + ret = -EFAULT; > + goto err_submit_cmds; > + } > + cmdbuf->nr_pmrs = args->nr_pmrs; > + > ret = copy_from_user(stream, u64_to_user_ptr(args->stream), > args->stream_size); > if (ret) { > @@ -441,6 +500,10 @@ int etnaviv_ioctl_gem_submit(struct drm_device *dev, void *data, > if (ret) > goto out; > > + ret = submit_perfmon_validate(submit, cmdbuf, pmrs, args->nr_pmrs); > + if (ret) > + goto out; > + > memcpy(cmdbuf->vaddr, stream, args->stream_size); > cmdbuf->user_size = ALIGN(args->stream_size, 8); > > @@ -494,6 +557,8 @@ int etnaviv_ioctl_gem_submit(struct drm_device *dev, void *data, > kvfree(bos); > if (relocs) > kvfree(relocs); > + if (pmrs) > + kvfree(pmrs); > > return ret; > }
2017-08-08 12:13 GMT+02:00 Lucas Stach <l.stach@pengutronix.de>: > Am Samstag, den 22.07.2017, 11:53 +0200 schrieb Christian Gmeiner: >> Changes from v1 -> v2: >> - renamed submit_perfmon_request() to submit_perfmon_validate() >> - extended flags validation >> - added comment about offset 0 >> - moved assigment of cmdbuf->nr_pmrs below the copy_from_user of the pmrs. >> >> Signed-off-by: Christian Gmeiner <christian.gmeiner@gmail.com> >> --- >> drivers/gpu/drm/etnaviv/etnaviv_gem_submit.c | 69 +++++++++++++++++++++++++++- >> 1 file changed, 67 insertions(+), 2 deletions(-) >> >> diff --git a/drivers/gpu/drm/etnaviv/etnaviv_gem_submit.c b/drivers/gpu/drm/etnaviv/etnaviv_gem_submit.c >> index 9c57b14dfcbf..91e35114d25c 100644 >> --- a/drivers/gpu/drm/etnaviv/etnaviv_gem_submit.c >> +++ b/drivers/gpu/drm/etnaviv/etnaviv_gem_submit.c >> @@ -21,6 +21,7 @@ >> #include "etnaviv_drv.h" >> #include "etnaviv_gpu.h" >> #include "etnaviv_gem.h" >> +#include "etnaviv_perfmon.h" >> >> /* >> * Cmdstream submission: >> @@ -283,6 +284,54 @@ static int submit_reloc(struct etnaviv_gem_submit *submit, void *stream, >> return 0; >> } >> >> +static int submit_perfmon_validate(struct etnaviv_gem_submit *submit, >> + struct etnaviv_cmdbuf *cmdbuf, >> + const struct drm_etnaviv_gem_submit_pmr *pmrs, >> + u32 nr_pms) >> +{ >> + u32 i; >> + >> + for (i = 0; i < nr_pms; i++) { >> + const struct drm_etnaviv_gem_submit_pmr *r = pmrs + i; >> + struct etnaviv_gem_submit_bo *bo; >> + int ret; >> + >> + ret = submit_bo(submit, r->read_idx, &bo); >> + if (ret) >> + return ret; >> + >> + /* at offset 0 a sequence number gets stored used for userspace sync */ >> + if (r->read_offset == 0) { >> + DRM_ERROR("perfmon request: offset is 0"); >> + return -EINVAL; >> + } >> + >> + if (r->read_offset >= bo->obj->base.size - sizeof(u32)) { >> + DRM_ERROR("perfmon request: offset %u outside object", i); >> + return -EINVAL; >> + } >> + >> + if (!(r->flags & (ETNA_PM_PROCESS_PRE | ETNA_PM_PROCESS_POST))) { > > This isn't a proper validation, as it allows other bits to be set. This > should be: > > if (r->flags & ~(ETNA_PM_PROCESS_PRE | ETNA_PM_PROCESS_POST)) Fixed in v3 > >> + DRM_ERROR("perfmon request: flags are not valid"); >> + return -EINVAL; >> + } >> + >> + if (etnaviv_pm_req_validate(r)) { >> + DRM_ERROR("perfmon request: domain or signal not valid"); >> + return -EINVAL; >> + } >> + >> + cmdbuf->pmrs[i].flags = r->flags; >> + cmdbuf->pmrs[i].domain = r->domain; >> + cmdbuf->pmrs[i].signal = r->signal; >> + cmdbuf->pmrs[i].sequence = r->sequence; >> + cmdbuf->pmrs[i].offset = r->read_offset; >> + cmdbuf->pmrs[i].bo_vma = etnaviv_gem_vmap(&bo->obj->base); >> + } >> + >> + return 0; >> +} >> + >> static void submit_cleanup(struct etnaviv_gem_submit *submit) >> { >> unsigned i; >> @@ -306,6 +355,7 @@ int etnaviv_ioctl_gem_submit(struct drm_device *dev, void *data, >> struct etnaviv_drm_private *priv = dev->dev_private; >> struct drm_etnaviv_gem_submit *args = data; >> struct drm_etnaviv_gem_submit_reloc *relocs; >> + struct drm_etnaviv_gem_submit_pmr *pmrs; >> struct drm_etnaviv_gem_submit_bo *bos; >> struct etnaviv_gem_submit *submit; >> struct etnaviv_cmdbuf *cmdbuf; >> @@ -347,11 +397,12 @@ int etnaviv_ioctl_gem_submit(struct drm_device *dev, void *data, >> */ >> bos = kvmalloc_array(args->nr_bos, sizeof(*bos), GFP_KERNEL); >> relocs = kvmalloc_array(args->nr_relocs, sizeof(*relocs), GFP_KERNEL); >> + pmrs = kvmalloc_array(args->nr_pmrs, sizeof(*pmrs), GFP_KERNEL); >> stream = kvmalloc_array(1, args->stream_size, GFP_KERNEL); >> cmdbuf = etnaviv_cmdbuf_new(gpu->cmdbuf_suballoc, >> ALIGN(args->stream_size, 8) + 8, >> - args->nr_bos, 0); >> - if (!bos || !relocs || !stream || !cmdbuf) { >> + args->nr_bos, args->nr_pmrs); >> + if (!bos || !relocs || !pmrs || !stream || !cmdbuf) { >> ret = -ENOMEM; >> goto err_submit_cmds; >> } >> @@ -373,6 +424,14 @@ int etnaviv_ioctl_gem_submit(struct drm_device *dev, void *data, >> goto err_submit_cmds; >> } >> >> + ret = copy_from_user(pmrs, u64_to_user_ptr(args->pmrs), >> + args->nr_pmrs * sizeof(*pmrs)); >> + if (ret) { >> + ret = -EFAULT; >> + goto err_submit_cmds; >> + } >> + cmdbuf->nr_pmrs = args->nr_pmrs; >> + >> ret = copy_from_user(stream, u64_to_user_ptr(args->stream), >> args->stream_size); >> if (ret) { >> @@ -441,6 +500,10 @@ int etnaviv_ioctl_gem_submit(struct drm_device *dev, void *data, >> if (ret) >> goto out; >> >> + ret = submit_perfmon_validate(submit, cmdbuf, pmrs, args->nr_pmrs); >> + if (ret) >> + goto out; >> + >> memcpy(cmdbuf->vaddr, stream, args->stream_size); >> cmdbuf->user_size = ALIGN(args->stream_size, 8); >> >> @@ -494,6 +557,8 @@ int etnaviv_ioctl_gem_submit(struct drm_device *dev, void *data, >> kvfree(bos); >> if (relocs) >> kvfree(relocs); >> + if (pmrs) >> + kvfree(pmrs); >> >> return ret; >> } > > greets -- Christian Gmeiner, MSc https://christian-gmeiner.info
diff --git a/drivers/gpu/drm/etnaviv/etnaviv_gem_submit.c b/drivers/gpu/drm/etnaviv/etnaviv_gem_submit.c index 9c57b14dfcbf..91e35114d25c 100644 --- a/drivers/gpu/drm/etnaviv/etnaviv_gem_submit.c +++ b/drivers/gpu/drm/etnaviv/etnaviv_gem_submit.c @@ -21,6 +21,7 @@ #include "etnaviv_drv.h" #include "etnaviv_gpu.h" #include "etnaviv_gem.h" +#include "etnaviv_perfmon.h" /* * Cmdstream submission: @@ -283,6 +284,54 @@ static int submit_reloc(struct etnaviv_gem_submit *submit, void *stream, return 0; } +static int submit_perfmon_validate(struct etnaviv_gem_submit *submit, + struct etnaviv_cmdbuf *cmdbuf, + const struct drm_etnaviv_gem_submit_pmr *pmrs, + u32 nr_pms) +{ + u32 i; + + for (i = 0; i < nr_pms; i++) { + const struct drm_etnaviv_gem_submit_pmr *r = pmrs + i; + struct etnaviv_gem_submit_bo *bo; + int ret; + + ret = submit_bo(submit, r->read_idx, &bo); + if (ret) + return ret; + + /* at offset 0 a sequence number gets stored used for userspace sync */ + if (r->read_offset == 0) { + DRM_ERROR("perfmon request: offset is 0"); + return -EINVAL; + } + + if (r->read_offset >= bo->obj->base.size - sizeof(u32)) { + DRM_ERROR("perfmon request: offset %u outside object", i); + return -EINVAL; + } + + if (!(r->flags & (ETNA_PM_PROCESS_PRE | ETNA_PM_PROCESS_POST))) { + DRM_ERROR("perfmon request: flags are not valid"); + return -EINVAL; + } + + if (etnaviv_pm_req_validate(r)) { + DRM_ERROR("perfmon request: domain or signal not valid"); + return -EINVAL; + } + + cmdbuf->pmrs[i].flags = r->flags; + cmdbuf->pmrs[i].domain = r->domain; + cmdbuf->pmrs[i].signal = r->signal; + cmdbuf->pmrs[i].sequence = r->sequence; + cmdbuf->pmrs[i].offset = r->read_offset; + cmdbuf->pmrs[i].bo_vma = etnaviv_gem_vmap(&bo->obj->base); + } + + return 0; +} + static void submit_cleanup(struct etnaviv_gem_submit *submit) { unsigned i; @@ -306,6 +355,7 @@ int etnaviv_ioctl_gem_submit(struct drm_device *dev, void *data, struct etnaviv_drm_private *priv = dev->dev_private; struct drm_etnaviv_gem_submit *args = data; struct drm_etnaviv_gem_submit_reloc *relocs; + struct drm_etnaviv_gem_submit_pmr *pmrs; struct drm_etnaviv_gem_submit_bo *bos; struct etnaviv_gem_submit *submit; struct etnaviv_cmdbuf *cmdbuf; @@ -347,11 +397,12 @@ int etnaviv_ioctl_gem_submit(struct drm_device *dev, void *data, */ bos = kvmalloc_array(args->nr_bos, sizeof(*bos), GFP_KERNEL); relocs = kvmalloc_array(args->nr_relocs, sizeof(*relocs), GFP_KERNEL); + pmrs = kvmalloc_array(args->nr_pmrs, sizeof(*pmrs), GFP_KERNEL); stream = kvmalloc_array(1, args->stream_size, GFP_KERNEL); cmdbuf = etnaviv_cmdbuf_new(gpu->cmdbuf_suballoc, ALIGN(args->stream_size, 8) + 8, - args->nr_bos, 0); - if (!bos || !relocs || !stream || !cmdbuf) { + args->nr_bos, args->nr_pmrs); + if (!bos || !relocs || !pmrs || !stream || !cmdbuf) { ret = -ENOMEM; goto err_submit_cmds; } @@ -373,6 +424,14 @@ int etnaviv_ioctl_gem_submit(struct drm_device *dev, void *data, goto err_submit_cmds; } + ret = copy_from_user(pmrs, u64_to_user_ptr(args->pmrs), + args->nr_pmrs * sizeof(*pmrs)); + if (ret) { + ret = -EFAULT; + goto err_submit_cmds; + } + cmdbuf->nr_pmrs = args->nr_pmrs; + ret = copy_from_user(stream, u64_to_user_ptr(args->stream), args->stream_size); if (ret) { @@ -441,6 +500,10 @@ int etnaviv_ioctl_gem_submit(struct drm_device *dev, void *data, if (ret) goto out; + ret = submit_perfmon_validate(submit, cmdbuf, pmrs, args->nr_pmrs); + if (ret) + goto out; + memcpy(cmdbuf->vaddr, stream, args->stream_size); cmdbuf->user_size = ALIGN(args->stream_size, 8); @@ -494,6 +557,8 @@ int etnaviv_ioctl_gem_submit(struct drm_device *dev, void *data, kvfree(bos); if (relocs) kvfree(relocs); + if (pmrs) + kvfree(pmrs); return ret; }
Changes from v1 -> v2: - renamed submit_perfmon_request() to submit_perfmon_validate() - extended flags validation - added comment about offset 0 - moved assigment of cmdbuf->nr_pmrs below the copy_from_user of the pmrs. Signed-off-by: Christian Gmeiner <christian.gmeiner@gmail.com> --- drivers/gpu/drm/etnaviv/etnaviv_gem_submit.c | 69 +++++++++++++++++++++++++++- 1 file changed, 67 insertions(+), 2 deletions(-)