[PATCH 1/6] drm/i915/gvt: Prevent invalid array index access to vgpu->fence.regs[]
Colin Xu
Colin.Xu at intel.com
Fri Mar 22 06:31:06 UTC 2019
On 3/22/19 2:16 PM, Zhenyu Wang wrote:
> On 2019.03.20 11:21:25 +0800, Colin Xu wrote:
>> Invalid index could result in array overflow so limit it to array size.
>> Although these access are protected by current gvt logic and won't hit
>> during running, but still has potential security risk in future.
>>
>> Signed-off-by: Colin Xu <colin.xu at intel.com>
>> ---
>> drivers/gpu/drm/i915/gvt/aperture_gm.c | 3 ++-
>> 1 file changed, 2 insertions(+), 1 deletion(-)
>>
>> diff --git a/drivers/gpu/drm/i915/gvt/aperture_gm.c b/drivers/gpu/drm/i915/gvt/aperture_gm.c
>> index 1fa2f65c3cd1..ec14d7506114 100644
>> --- a/drivers/gpu/drm/i915/gvt/aperture_gm.c
>> +++ b/drivers/gpu/drm/i915/gvt/aperture_gm.c
>> @@ -133,7 +133,8 @@ void intel_vgpu_write_fence(struct intel_vgpu *vgpu,
>>
>> assert_rpm_wakelock_held(dev_priv);
>>
>> - if (WARN_ON(fence >= vgpu_fence_sz(vgpu)))
>> + if (WARN_ON(fence >= vgpu_fence_sz(vgpu) ||
>> + fence >= INTEL_GVT_MAX_NUM_FENCES))
>> return;
> Looks unnecessary as vGPU won't use more than max fences.
They are klocwork errors and critials. All these warnings won't hit in
real environment.
>>
>> reg = vgpu->fence.regs[fence];
>> --
>> 2.21.0
>>
>> _______________________________________________
>> intel-gvt-dev mailing list
>> intel-gvt-dev at lists.freedesktop.org
>> https://lists.freedesktop.org/mailman/listinfo/intel-gvt-dev
>
> _______________________________________________
> intel-gvt-dev mailing list
> intel-gvt-dev at lists.freedesktop.org
> https://lists.freedesktop.org/mailman/listinfo/intel-gvt-dev
--
Best Regards,
Colin Xu
More information about the intel-gvt-dev
mailing list