UbiquitousOS
/
OpenCloudOS-Kernel
mirror of https://gitee.com/OpenCloudOS/OpenCloudOS-Kernel.git
11
0
Fork 0
Code Issues Projects Releases Wiki Activity

drm/i915/guc: Fix potential invalid pointer dereferences when decoding G2Hs 

Some G2H handlers were reading the context id field from the payload
before checking the payload met the minimum length required.

Signed-off-by: John Harrison <John.C.Harrison@Intel.com>
Reviewed-by: Daniele Ceraolo Spurio <daniele.ceraolospurio@intel.com>
Link: https://patchwork.freedesktop.org/patch/msgid/20220302003357.4188363-9-John.C.Harrison@Intel.com
This commit is contained in:
John Harrison 2022-03-01 16:33:57 -08:00
parent d4de9a3eae
commit e1dd871442
1 changed files with 4 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
drivers/gpu/drm/i915/gt/uc/intel_guc_submission.c
View File

@ -3895,12 +3895,13 @@ int intel_guc_deregister_done_process_msg(struct intel_guc *guc,
u32 len)
{
struct intel_context *ce;
u32 ctx_id = msg[0];
u32 ctx_id;
if (unlikely(len < 1)) {
drm_err(&guc_to_gt(guc)->i915->drm, "Invalid length %u\n", len);
return -EPROTO;
}
ctx_id = msg[0];
ce = g2h_context_lookup(guc, ctx_id);
if (unlikely(!ce))
@ -3946,12 +3947,13 @@ int intel_guc_sched_done_process_msg(struct intel_guc *guc,
{
struct intel_context *ce;
unsigned long flags;
u32 ctx_id = msg[0];
u32 ctx_id;
if (unlikely(len < 2)) {
drm_err(&guc_to_gt(guc)->i915->drm, "Invalid length %u\n", len);
return -EPROTO;
}
ctx_id = msg[0];
ce = g2h_context_lookup(guc, ctx_id);
if (unlikely(!ce))