aboutsummaryrefslogtreecommitdiffstats
path: root/common/recipes-kernel/linux/linux-yocto-4.19.8/1249-drm-amdgpu-Check-if-fd-really-is-an-amdgpu-fd.patch
diff options
context:
space:
mode:
Diffstat (limited to 'common/recipes-kernel/linux/linux-yocto-4.19.8/1249-drm-amdgpu-Check-if-fd-really-is-an-amdgpu-fd.patch')
-rw-r--r--common/recipes-kernel/linux/linux-yocto-4.19.8/1249-drm-amdgpu-Check-if-fd-really-is-an-amdgpu-fd.patch91
1 files changed, 91 insertions, 0 deletions
diff --git a/common/recipes-kernel/linux/linux-yocto-4.19.8/1249-drm-amdgpu-Check-if-fd-really-is-an-amdgpu-fd.patch b/common/recipes-kernel/linux/linux-yocto-4.19.8/1249-drm-amdgpu-Check-if-fd-really-is-an-amdgpu-fd.patch
new file mode 100644
index 00000000..2f846755
--- /dev/null
+++ b/common/recipes-kernel/linux/linux-yocto-4.19.8/1249-drm-amdgpu-Check-if-fd-really-is-an-amdgpu-fd.patch
@@ -0,0 +1,91 @@
+From daa2b8b1a953973266ec0c0f4a72c6946384a934 Mon Sep 17 00:00:00 2001
+From: Bas Nieuwenhuizen <bas@basnieuwenhuizen.nl>
+Date: Wed, 30 Jan 2019 02:53:21 +0100
+Subject: [PATCH 1249/2940] drm/amdgpu: Check if fd really is an amdgpu fd.
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Otherwise we interpret the file private data as drm & amdgpu data
+while it might not be, possibly allowing one to get memory corruption.
+
+Signed-off-by: Bas Nieuwenhuizen <bas@basnieuwenhuizen.nl>
+Reviewed-by: Christian König <christian.koenig@amd.com>
+Signed-off-by: Chaudhary Amit Kumar <Chaudharyamit.Kumar@amd.com>
+---
+ drivers/gpu/drm/amd/amdgpu/amdgpu.h | 2 ++
+ drivers/gpu/drm/amd/amdgpu/amdgpu_drv.c | 16 ++++++++++++++++
+ drivers/gpu/drm/amd/amdgpu/amdgpu_sched.c | 10 +++++++---
+ 3 files changed, 25 insertions(+), 3 deletions(-)
+
+diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu.h b/drivers/gpu/drm/amd/amdgpu/amdgpu.h
+index e1a4804fed84..441a912e9676 100644
+--- a/drivers/gpu/drm/amd/amdgpu/amdgpu.h
++++ b/drivers/gpu/drm/amd/amdgpu/amdgpu.h
+@@ -416,6 +416,8 @@ struct amdgpu_fpriv {
+ struct idr sem_handles;
+ };
+
++int amdgpu_file_to_fpriv(struct file *filp, struct amdgpu_fpriv **fpriv);
++
+ int amdgpu_ib_get(struct amdgpu_device *adev, struct amdgpu_vm *vm,
+ unsigned size, struct amdgpu_ib *ib);
+ void amdgpu_ib_free(struct amdgpu_device *adev, struct amdgpu_ib *ib,
+diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_drv.c b/drivers/gpu/drm/amd/amdgpu/amdgpu_drv.c
+index deadeb765cf5..5d5e1e4bb97c 100644
+--- a/drivers/gpu/drm/amd/amdgpu/amdgpu_drv.c
++++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_drv.c
+@@ -1096,6 +1096,22 @@ static const struct file_operations amdgpu_driver_kms_fops = {
+ #endif
+ };
+
++int amdgpu_file_to_fpriv(struct file *filp, struct amdgpu_fpriv **fpriv)
++{
++ struct drm_file *file;
++
++ if (!filp)
++ return -EINVAL;
++
++ if (filp->f_op != &amdgpu_driver_kms_fops) {
++ return -EINVAL;
++ }
++
++ file = filp->private_data;
++ *fpriv = file->driver_priv;
++ return 0;
++}
++
+ static bool
+ amdgpu_get_crtc_scanout_position(struct drm_device *dev, unsigned int pipe,
+ bool in_vblank_irq, int *vpos, int *hpos,
+diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_sched.c b/drivers/gpu/drm/amd/amdgpu/amdgpu_sched.c
+index 1cafe8d83a4d..0b70410488b6 100644
+--- a/drivers/gpu/drm/amd/amdgpu/amdgpu_sched.c
++++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_sched.c
+@@ -54,16 +54,20 @@ static int amdgpu_sched_process_priority_override(struct amdgpu_device *adev,
+ enum drm_sched_priority priority)
+ {
+ struct file *filp = fget(fd);
+- struct drm_file *file;
+ struct amdgpu_fpriv *fpriv;
+ struct amdgpu_ctx *ctx;
+ uint32_t id;
++ int r;
+
+ if (!filp)
+ return -EINVAL;
+
+- file = filp->private_data;
+- fpriv = file->driver_priv;
++ r = amdgpu_file_to_fpriv(filp, &fpriv);
++ if (r) {
++ fput(filp);
++ return r;
++ }
++
+ idr_for_each_entry(&fpriv->ctx_mgr.ctx_handles, ctx, id)
+ amdgpu_ctx_priority_override(ctx, priority);
+
+--
+2.17.1
+
generated by cgit 1.2.3-korg (git 2.39.0) at 2024-04-24 10:47:13 +0000