[PATCH] drm/msm: Fix legacy relocs path

Akhil P Oommen akhilpo at codeaurora.org
Fri Feb 5 06:41:10 UTC 2021


On 2/5/2021 4:26 AM, Rob Clark wrote:
> From: Rob Clark <robdclark at chromium.org>
> 
> In moving code around, we ended up using the same pointer to
> copy_from_user() the relocs tables as we used for the cmd table
> entry, which is clearly not right.  This went unnoticed because
> modern mesa on non-ancent kernels does not actually use relocs.
> But this broke ancient mesa on modern kernels.
> 
> Reported-by: Emil Velikov <emil.velikov at collabora.com>
> Fixes: 20224d715a88 ("drm/msm/submit: Move copy_from_user ahead of locking bos")
> Signed-off-by: Rob Clark <robdclark at chromium.org>
> ---
>   drivers/gpu/drm/msm/msm_gem_submit.c | 2 ++
>   1 file changed, 2 insertions(+)
> 
> diff --git a/drivers/gpu/drm/msm/msm_gem_submit.c b/drivers/gpu/drm/msm/msm_gem_submit.c
> index d04c349d8112..5480852bdeda 100644
> --- a/drivers/gpu/drm/msm/msm_gem_submit.c
> +++ b/drivers/gpu/drm/msm/msm_gem_submit.c
> @@ -198,6 +198,8 @@ static int submit_lookup_cmds(struct msm_gem_submit *submit,
>   		submit->cmd[i].idx  = submit_cmd.submit_idx;
>   		submit->cmd[i].nr_relocs = submit_cmd.nr_relocs;
>   
> +		userptr = u64_to_user_ptr(submit_cmd.relocs);
> +
>   		sz = array_size(submit_cmd.nr_relocs,
>   				sizeof(struct drm_msm_gem_submit_reloc));
>   		/* check for overflow: */
> 

Reviewed-by: Akhil P Oommen <akhilpo at codeaurora.org>

-Akhil.


More information about the dri-devel mailing list