Skip to content

L
linux
Commit 021830d2 authored by Bas Nieuwenhuizen's avatar Bas Nieuwenhuizen Committed by Alex Deucher
Browse files
Options

drm/amdgpu: Check if fd really is an amdgpu fd. 

Otherwise we interpret the file private data as drm & amdgpu data
while it might not be, possibly allowing one to get memory corruption.
Signed-off-by: default avatarBas Nieuwenhuizen <bas@basnieuwenhuizen.nl>
Reviewed-by: default avatarChristian König <christian.koenig@amd.com>
Signed-off-by: default avatarAlex Deucher <alexander.deucher@amd.com>
parent 2a84e48e
Hide whitespace changes
Inline Side-by-side
Showing with 25 additions and 3 deletions
drivers/gpu/drm/amd/amdgpu/amdgpu.h
View file @ 021830d2
......@@ -411,6 +411,8 @@ struct amdgpu_fpriv {
struct amdgpu_ctx_mgr ctx_mgr;
};
int amdgpu_file_to_fpriv(struct file *filp, struct amdgpu_fpriv **fpriv);
int amdgpu_ib_get(struct amdgpu_device *adev, struct amdgpu_vm *vm,
unsigned size, struct amdgpu_ib *ib);
void amdgpu_ib_free(struct amdgpu_device *adev, struct amdgpu_ib *ib,
......
drivers/gpu/drm/amd/amdgpu/amdgpu_drv.c
View file @ 021830d2
......@@ -1178,6 +1178,22 @@ static const struct file_operations amdgpu_driver_kms_fops = {
#endif
};
int amdgpu_file_to_fpriv(struct file *filp, struct amdgpu_fpriv **fpriv)
{
struct drm_file *file;
if (!filp)
return -EINVAL;
if (filp->f_op != &amdgpu_driver_kms_fops) {
return -EINVAL;
}
file = filp->private_data;
*fpriv = file->driver_priv;
return 0;
}
static bool
amdgpu_get_crtc_scanout_position(struct drm_device *dev, unsigned int pipe,
bool in_vblank_irq, int *vpos, int *hpos,
......
drivers/gpu/drm/amd/amdgpu/amdgpu_sched.c
View file @ 021830d2
......@@ -54,16 +54,20 @@ static int amdgpu_sched_process_priority_override(struct amdgpu_device *adev,
enum drm_sched_priority priority)
{
struct file *filp = fget(fd);
struct drm_file *file;
struct amdgpu_fpriv *fpriv;
struct amdgpu_ctx *ctx;
uint32_t id;
int r;
if (!filp)
return -EINVAL;
file = filp->private_data;
fpriv = file->driver_priv;
r = amdgpu_file_to_fpriv(filp, &fpriv);
if (r) {
fput(filp);
return r;
}
idr_for_each_entry(&fpriv->ctx_mgr.ctx_handles, ctx, id)
amdgpu_ctx_priority_override(ctx, priority);
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment
GitLab Nexedi Edition | About GitLab | About Nexedi | 沪ICP备2021021310号-2 | 沪ICP备2021021310号-7