[Intel-xe] [PATCH v2 3/4] fixup! drm/xe: Introduce a new DRM driver for Intel GPUs

Mon Aug 14 22:51:57 UTC 2023

On Mon, Aug 14, 2023 at 03:37:33PM -0700, Umesh Nerlige Ramappa wrote:
>struct drm_xe_engine_class_instance might get padded for 64-bit
>alignment based on compiler used. Since engine information is kmalloced
>in the query and drm_xe_engine_class_instance may be padded, it could
>potentially leak some kernel memory to user.
>
>Add a rsvd field to struct drm_xe_engine_class_instance to make it
>64-bit aligned and zero out the field before returning to user.
>
>Signed-off-by: Umesh Nerlige Ramappa <umesh.nerlige.ramappa at intel.com>
>---
> drivers/gpu/drm/xe/xe_query.c | 7 +++++--
> include/uapi/drm/xe_drm.h     | 1 +
> 2 files changed, 6 insertions(+), 2 deletions(-)
>
>diff --git a/drivers/gpu/drm/xe/xe_query.c b/drivers/gpu/drm/xe/xe_query.c
>index 99a4800c7c53..b9d565264ceb 100644
>--- a/drivers/gpu/drm/xe/xe_query.c
>+++ b/drivers/gpu/drm/xe/xe_query.c
>@@ -65,7 +65,7 @@ static int query_engines(struct xe_device *xe,
> 		return -EINVAL;
> 	}
>
>-	hw_engine_info = kmalloc(size, GFP_KERNEL);
>+	hw_engine_info = kzalloc(size, GFP_KERNEL);

This was unintentional. The plan is to leave this as kmalloc.

Umesh
> 	if (!hw_engine_info)
> 		return -ENOMEM;
>
>@@ -78,7 +78,10 @@ static int query_engines(struct xe_device *xe,
> 				xe_to_user_engine_class[hwe->class];
> 			hw_engine_info[i].engine_instance =
> 				hwe->logical_instance;
>-			hw_engine_info[i++].gt_id = gt->info.id;
>+			hw_engine_info[i].gt_id = gt->info.id;
>+			hw_engine_info[i].rsvd = 0;
>+
>+			i++;
> 		}
>
> 	if (copy_to_user(query_ptr, hw_engine_info, size)) {
>diff --git a/include/uapi/drm/xe_drm.h b/include/uapi/drm/xe_drm.h
>index 86f16d50e9cc..53cd57342620 100644
>--- a/include/uapi/drm/xe_drm.h
>+++ b/include/uapi/drm/xe_drm.h
>@@ -753,6 +753,7 @@ struct drm_xe_engine_class_instance {
>
> 	__u16 engine_instance;
> 	__u16 gt_id;
>+	__u16 rsvd;
> };
>
> struct drm_xe_exec_queue_create {
>-- 
>2.38.1
>