Re: [PATCH V2 08/23] drm/etnaviv: copy pmrs from userspace

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Am Samstag, den 22.07.2017, 11:53 +0200 schrieb Christian Gmeiner:
> Changes from v1 -> v2:
> - renamed submit_perfmon_request() to submit_perfmon_validate()
> - extended flags validation
> - added comment about offset 0
> - moved assigment of cmdbuf->nr_pmrs below the copy_from_user of the pmrs.
> 
> Signed-off-by: Christian Gmeiner <christian.gmeiner@xxxxxxxxx>
> ---
>  drivers/gpu/drm/etnaviv/etnaviv_gem_submit.c | 69 +++++++++++++++++++++++++++-
>  1 file changed, 67 insertions(+), 2 deletions(-)
> 
> diff --git a/drivers/gpu/drm/etnaviv/etnaviv_gem_submit.c b/drivers/gpu/drm/etnaviv/etnaviv_gem_submit.c
> index 9c57b14dfcbf..91e35114d25c 100644
> --- a/drivers/gpu/drm/etnaviv/etnaviv_gem_submit.c
> +++ b/drivers/gpu/drm/etnaviv/etnaviv_gem_submit.c
> @@ -21,6 +21,7 @@
>  #include "etnaviv_drv.h"
>  #include "etnaviv_gpu.h"
>  #include "etnaviv_gem.h"
> +#include "etnaviv_perfmon.h"
>  
>  /*
>   * Cmdstream submission:
> @@ -283,6 +284,54 @@ static int submit_reloc(struct etnaviv_gem_submit *submit, void *stream,
>  	return 0;
>  }
>  
> +static int submit_perfmon_validate(struct etnaviv_gem_submit *submit,
> +		struct etnaviv_cmdbuf *cmdbuf,
> +		const struct drm_etnaviv_gem_submit_pmr *pmrs,
> +		u32 nr_pms)
> +{
> +	u32 i;
> +
> +	for (i = 0; i < nr_pms; i++) {
> +		const struct drm_etnaviv_gem_submit_pmr *r = pmrs + i;
> +		struct etnaviv_gem_submit_bo *bo;
> +		int ret;
> +
> +		ret = submit_bo(submit, r->read_idx, &bo);
> +		if (ret)
> +			return ret;
> +
> +		/* at offset 0 a sequence number gets stored used for userspace sync */
> +		if (r->read_offset == 0) {
> +			DRM_ERROR("perfmon request: offset is 0");
> +			return -EINVAL;
> +		}
> +
> +		if (r->read_offset >= bo->obj->base.size - sizeof(u32)) {
> +			DRM_ERROR("perfmon request: offset %u outside object", i);
> +			return -EINVAL;
> +		}
> +
> +		if (!(r->flags & (ETNA_PM_PROCESS_PRE | ETNA_PM_PROCESS_POST))) {

This isn't a proper validation, as it allows other bits to be set. This
should be:

if (r->flags & ~(ETNA_PM_PROCESS_PRE | ETNA_PM_PROCESS_POST))

> +			DRM_ERROR("perfmon request: flags are not valid");
> +			return -EINVAL;
> +		}
> +
> +		if (etnaviv_pm_req_validate(r)) {
> +			DRM_ERROR("perfmon request: domain or signal not valid");
> +			return -EINVAL;
> +		}
> +
> +		cmdbuf->pmrs[i].flags = r->flags;
> +		cmdbuf->pmrs[i].domain = r->domain;
> +		cmdbuf->pmrs[i].signal = r->signal;
> +		cmdbuf->pmrs[i].sequence = r->sequence;
> +		cmdbuf->pmrs[i].offset = r->read_offset;
> +		cmdbuf->pmrs[i].bo_vma = etnaviv_gem_vmap(&bo->obj->base);
> +	}
> +
> +	return 0;
> +}
> +
>  static void submit_cleanup(struct etnaviv_gem_submit *submit)
>  {
>  	unsigned i;
> @@ -306,6 +355,7 @@ int etnaviv_ioctl_gem_submit(struct drm_device *dev, void *data,
>  	struct etnaviv_drm_private *priv = dev->dev_private;
>  	struct drm_etnaviv_gem_submit *args = data;
>  	struct drm_etnaviv_gem_submit_reloc *relocs;
> +	struct drm_etnaviv_gem_submit_pmr *pmrs;
>  	struct drm_etnaviv_gem_submit_bo *bos;
>  	struct etnaviv_gem_submit *submit;
>  	struct etnaviv_cmdbuf *cmdbuf;
> @@ -347,11 +397,12 @@ int etnaviv_ioctl_gem_submit(struct drm_device *dev, void *data,
>  	 */
>  	bos = kvmalloc_array(args->nr_bos, sizeof(*bos), GFP_KERNEL);
>  	relocs = kvmalloc_array(args->nr_relocs, sizeof(*relocs), GFP_KERNEL);
> +	pmrs = kvmalloc_array(args->nr_pmrs, sizeof(*pmrs), GFP_KERNEL);
>  	stream = kvmalloc_array(1, args->stream_size, GFP_KERNEL);
>  	cmdbuf = etnaviv_cmdbuf_new(gpu->cmdbuf_suballoc,
>  				    ALIGN(args->stream_size, 8) + 8,
> -				    args->nr_bos, 0);
> -	if (!bos || !relocs || !stream || !cmdbuf) {
> +				    args->nr_bos, args->nr_pmrs);
> +	if (!bos || !relocs || !pmrs || !stream || !cmdbuf) {
>  		ret = -ENOMEM;
>  		goto err_submit_cmds;
>  	}
> @@ -373,6 +424,14 @@ int etnaviv_ioctl_gem_submit(struct drm_device *dev, void *data,
>  		goto err_submit_cmds;
>  	}
>  
> +	ret = copy_from_user(pmrs, u64_to_user_ptr(args->pmrs),
> +			     args->nr_pmrs * sizeof(*pmrs));
> +	if (ret) {
> +		ret = -EFAULT;
> +		goto err_submit_cmds;
> +	}
> +	cmdbuf->nr_pmrs = args->nr_pmrs;
> +
>  	ret = copy_from_user(stream, u64_to_user_ptr(args->stream),
>  			     args->stream_size);
>  	if (ret) {
> @@ -441,6 +500,10 @@ int etnaviv_ioctl_gem_submit(struct drm_device *dev, void *data,
>  	if (ret)
>  		goto out;
>  
> +	ret = submit_perfmon_validate(submit, cmdbuf, pmrs, args->nr_pmrs);
> +	if (ret)
> +		goto out;
> +
>  	memcpy(cmdbuf->vaddr, stream, args->stream_size);
>  	cmdbuf->user_size = ALIGN(args->stream_size, 8);
>  
> @@ -494,6 +557,8 @@ int etnaviv_ioctl_gem_submit(struct drm_device *dev, void *data,
>  		kvfree(bos);
>  	if (relocs)
>  		kvfree(relocs);
> +	if (pmrs)
> +		kvfree(pmrs);
>  
>  	return ret;
>  }


_______________________________________________
dri-devel mailing list
dri-devel@xxxxxxxxxxxxxxxxxxxxx
https://lists.freedesktop.org/mailman/listinfo/dri-devel
[Index of Archives]     [Linux DRI Users]     [Linux Intel Graphics]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]     [XFree86]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Linux Kernel]     [Linux SCSI]     [XFree86]
  Powered by Linux