Commit 6e38d571 authored by Jon Bloomfield's avatar Jon Bloomfield Committed by Stefan Bader

UBUNTU: SAUCE: i915_bpo: drm/i915: Allow parsing of unsized batches

In "drm/i915: Add support for mandatory cmdparsing" we introduced the
concept of mandatory parsing. This allows the cmdparser to be invoked
even when user passes batch_len=0 to the execbuf ioctl's.

However, the cmdparser needs to know the extents of the buffer being
scanned. Refactor the code to ensure the cmdparser uses the actual
object size, instead of the incoming length, if user passes 0.
Signed-off-by: default avatarJon Bloomfield <jon.bloomfield@intel.com>
Cc: Joonas Lahtinen <joonas.lahtinen@intel.com>
Cc: Rodrigo Vivi <rodrigo.vivi@intel.com>

CVE-2019-0155
Signed-off-by: default avatarTimo Aaltonen <timo.aaltonen@canonical.com>
Signed-off-by: default avatarStefan Bader <stefan.bader@canonical.com>
parent 5925f447
...@@ -1603,12 +1603,17 @@ i915_gem_do_execbuffer(struct drm_device *dev, void *data, ...@@ -1603,12 +1603,17 @@ i915_gem_do_execbuffer(struct drm_device *dev, void *data,
if (use_cmdparser(engine, args->batch_len)) { if (use_cmdparser(engine, args->batch_len)) {
struct drm_i915_gem_object *parsed_batch_obj; struct drm_i915_gem_object *parsed_batch_obj;
u32 batch_off = args->batch_start_offset;
u32 batch_len = args->batch_len;
if (batch_len == 0)
batch_len = batch_obj->base.size - batch_off;
parsed_batch_obj = i915_gem_execbuffer_parse(engine, parsed_batch_obj = i915_gem_execbuffer_parse(engine,
&shadow_exec_entry, &shadow_exec_entry,
eb, vm, eb, vm,
batch_obj, batch_obj,
args->batch_start_offset, batch_off,
args->batch_len); batch_len);
if (IS_ERR(parsed_batch_obj)) { if (IS_ERR(parsed_batch_obj)) {
ret = PTR_ERR(parsed_batch_obj); ret = PTR_ERR(parsed_batch_obj);
goto err; goto err;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment