[PATCH 1/6] drm/i915/gvt: Prevent invalid array index access to vgpu->fence.regs[]

Colin Xu Colin.Xu at intel.com
Fri Mar 22 06:31:06 UTC 2019


On 3/22/19 2:16 PM, Zhenyu Wang wrote:
> On 2019.03.20 11:21:25 +0800, Colin Xu wrote:
>> Invalid index could result in array overflow so limit it to array size.
>> Although these access are protected by current gvt logic and won't hit
>> during running, but still has potential security risk in future.
>>
>> Signed-off-by: Colin Xu <colin.xu at intel.com>
>> ---
>>   drivers/gpu/drm/i915/gvt/aperture_gm.c | 3 ++-
>>   1 file changed, 2 insertions(+), 1 deletion(-)
>>
>> diff --git a/drivers/gpu/drm/i915/gvt/aperture_gm.c b/drivers/gpu/drm/i915/gvt/aperture_gm.c
>> index 1fa2f65c3cd1..ec14d7506114 100644
>> --- a/drivers/gpu/drm/i915/gvt/aperture_gm.c
>> +++ b/drivers/gpu/drm/i915/gvt/aperture_gm.c
>> @@ -133,7 +133,8 @@ void intel_vgpu_write_fence(struct intel_vgpu *vgpu,
>>   
>>   	assert_rpm_wakelock_held(dev_priv);
>>   
>> -	if (WARN_ON(fence >= vgpu_fence_sz(vgpu)))
>> +	if (WARN_ON(fence >= vgpu_fence_sz(vgpu) ||
>> +		    fence >= INTEL_GVT_MAX_NUM_FENCES))
>>   		return;
> Looks unnecessary as vGPU won't use more than max fences.
They are klocwork errors and critials. All these warnings won't hit in 
real environment.
>>   
>>   	reg = vgpu->fence.regs[fence];
>> -- 
>> 2.21.0
>>
>> _______________________________________________
>> intel-gvt-dev mailing list
>> intel-gvt-dev at lists.freedesktop.org
>> https://lists.freedesktop.org/mailman/listinfo/intel-gvt-dev
>
> _______________________________________________
> intel-gvt-dev mailing list
> intel-gvt-dev at lists.freedesktop.org
> https://lists.freedesktop.org/mailman/listinfo/intel-gvt-dev

-- 
Best Regards,
Colin Xu



More information about the intel-gvt-dev mailing list