drm/xe: properly check bounds for xe_wait_user_fence_ioctl() (2e60442a) · Commits · Mirrors / git.yoctoproject.org / linux-yocto

Commit 2e60442a authored Jun 26, 2023 by

Paulo Zanoni Committed by Rodrigo Vivi Dec 21, 2023

drm/xe: properly check bounds for xe_wait_user_fence_ioctl()



If !no_engines, then we use copy_from_user to copy to the 'eci' array,
which has XE_HW_ENGINE_MAX_INSTANCE members. The amount of members
copied is given by the user in args->num_engines, so add code to check
that args->num_engines does not exceed XE_HW_ENGINE_MAX_INSTANCE. It's
an unsigned value so there's no need to check for negative values.

Fixes error messages such as:

    Buffer overflow detected (54 < 18446744073709551520)!

Reviewed-by: José Roberto de Souza <jose.souza@intel.com>
Signed-off-by: Paulo Zanoni <paulo.r.zanoni@intel.com>
Reviewed-by: Lucas De Marchi <lucas.demarchi@intel.com>
Link: https://lore.kernel.org/r/20230626212221.136640-2-paulo.r.zanoni@intel.com


Signed-off-by: Lucas De Marchi <lucas.demarchi@intel.com>
Signed-off-by: Rodrigo Vivi <rodrigo.vivi@intel.com>

parent 7f38e1e1

Hide whitespace changes

Inline Side-by-side

Please register or to comment