Thanks Danilo.
Reviewed-by: Donald Robson <donald.robson@xxxxxxxxxx>
On Sat, 2023-11-25 at 00:36 +0100, Danilo Krummrich wrote:
> *** CAUTION: This email originates from a source not known to Imagination Technologies. Think before you click a link or open an attachment ***
>
> Extend pvr_device_addr_and_size_are_valid() by the corresponding GPUVM
> sanity checks. This includes a, previously missing, overflow check for
> the base address and size of the requested mapping.
>
> Fixes: ff5f643de0bf ("drm/imagination: Add GEM and VM related code")
> Signed-off-by: Danilo Krummrich <dakr@xxxxxxxxxx>
> ---
> drivers/gpu/drm/imagination/pvr_vm.c | 9 ++++++---
> drivers/gpu/drm/imagination/pvr_vm.h | 3 ++-
> 2 files changed, 8 insertions(+), 4 deletions(-)
>
> diff --git a/drivers/gpu/drm/imagination/pvr_vm.c b/drivers/gpu/drm/imagination/pvr_vm.c
> index 09d481c575b0..1e89092c3dcc 100644
> --- a/drivers/gpu/drm/imagination/pvr_vm.c
> +++ b/drivers/gpu/drm/imagination/pvr_vm.c
> @@ -239,7 +239,7 @@ pvr_vm_bind_op_map_init(struct pvr_vm_bind_op *bind_op,
> return -EINVAL;
> }
>
> - if (!pvr_device_addr_and_size_are_valid(device_addr, size) ||
> + if (!pvr_device_addr_and_size_are_valid(vm_ctx, device_addr, size) ||
> offset & ~PAGE_MASK || size & ~PAGE_MASK ||
> offset >= pvr_obj_size || offset_plus_size > pvr_obj_size)
> return -EINVAL;
> @@ -295,7 +295,7 @@ pvr_vm_bind_op_unmap_init(struct pvr_vm_bind_op *bind_op,
> {
> int err;
>
> - if (!pvr_device_addr_and_size_are_valid(device_addr, size))
> + if (!pvr_device_addr_and_size_are_valid(vm_ctx, device_addr, size))
> return -EINVAL;
>
> bind_op->type = PVR_VM_BIND_TYPE_UNMAP;
> @@ -505,6 +505,7 @@ pvr_device_addr_is_valid(u64 device_addr)
> /**
> * pvr_device_addr_and_size_are_valid() - Tests whether a device-virtual
> * address and associated size are both valid.
> + * @vm_ctx: Target VM context.
> * @device_addr: Virtual device address to test.
> * @size: Size of the range based at @device_addr to test.
> *
> @@ -523,9 +524,11 @@ pvr_device_addr_is_valid(u64 device_addr)
> * * %false otherwise.
> */
> bool
> -pvr_device_addr_and_size_are_valid(u64 device_addr, u64 size)
> +pvr_device_addr_and_size_are_valid(struct pvr_vm_context *vm_ctx,
> + u64 device_addr, u64 size)
> {
> return pvr_device_addr_is_valid(device_addr) &&
> + drm_gpuvm_range_valid(&vm_ctx->gpuvm_mgr, device_addr, size) &&
> size != 0 && (size & ~PVR_DEVICE_PAGE_MASK) == 0 &&
> (device_addr + size <= PVR_PAGE_TABLE_ADDR_SPACE_SIZE);
> }
> diff --git a/drivers/gpu/drm/imagination/pvr_vm.h b/drivers/gpu/drm/imagination/pvr_vm.h
> index cf8b97553dc8..f2a6463f2b05 100644
> --- a/drivers/gpu/drm/imagination/pvr_vm.h
> +++ b/drivers/gpu/drm/imagination/pvr_vm.h
> @@ -29,7 +29,8 @@ struct drm_exec;
> /* Functions defined in pvr_vm.c */
>
> bool pvr_device_addr_is_valid(u64 device_addr);
> -bool pvr_device_addr_and_size_are_valid(u64 device_addr, u64 size);
> +bool pvr_device_addr_and_size_are_valid(struct pvr_vm_context *vm_ctx,
> + u64 device_addr, u64 size);
>
> struct pvr_vm_context *pvr_vm_create_context(struct pvr_device *pvr_dev,
> bool is_userspace_context);
