[PATCH 06/22] drm/tegra: Check syncpoint ID in the 'submit' IOCTL
Mikko Perttunen
cyndis at kapsi.fi
Wed May 31 18:46:06 UTC 2017
Reviewed-by: Mikko Perttunen <mperttunen at nvidia.com>
On 05/23/2017 03:14 AM, Dmitry Osipenko wrote:
> In case of invalid syncpoint ID, the host1x_syncpt_get() returns NULL and
> none of its users perform a check of the returned pointer later. Let's bail
> out until it's too late.
>
> Signed-off-by: Dmitry Osipenko <digetx at gmail.com>
> ---
> drivers/gpu/drm/tegra/drm.c | 9 +++++++++
> 1 file changed, 9 insertions(+)
>
> diff --git a/drivers/gpu/drm/tegra/drm.c b/drivers/gpu/drm/tegra/drm.c
> index eae0c1512ab0..cdb05d6efde4 100644
> --- a/drivers/gpu/drm/tegra/drm.c
> +++ b/drivers/gpu/drm/tegra/drm.c
> @@ -393,6 +393,8 @@ int tegra_drm_submit(struct tegra_drm_context *context,
> struct drm_tegra_waitchk __user *waitchks =
> (void __user *)(uintptr_t)args->waitchks;
> struct drm_tegra_syncpt syncpt;
> + struct host1x *host1x = dev_get_drvdata(drm->dev->parent);
> + struct host1x_syncpt *sp;
> struct host1x_job *job;
> int err;
>
> @@ -521,6 +523,13 @@ int tegra_drm_submit(struct tegra_drm_context *context,
> goto fail;
> }
>
> + /* check whether syncpoint ID is valid */
> + sp = host1x_syncpt_get(host1x, syncpt.id);
> + if (!sp) {
> + err = -ENOENT;
> + goto fail;
> + }
> +
> job->is_addr_reg = context->client->ops->is_addr_reg;
> job->syncpt_incrs = syncpt.incrs;
> job->syncpt_id = syncpt.id;
>
More information about the dri-devel
mailing list