[PATCH v2 1/2] drm/xe/ufence: Prefetch ufence addr to catch bogus address
Matthew Brost
matthew.brost at intel.com
Fri Oct 18 02:51:04 UTC 2024
On Wed, Oct 16, 2024 at 10:23:03AM +0200, Nirmoy Das wrote:
> access_ok() only checks for addr overflow so also try to read the addr
> to catch invalid addr sent from userspace.
>
> Link: https://gitlab.freedesktop.org/drm/xe/kernel/-/issues/1630
> Cc: Francois Dugast <francois.dugast at intel.com>
> Cc: Maarten Lankhorst <maarten.lankhorst at linux.intel.com>
> Cc: Matthew Auld <matthew.auld at intel.com>
> Cc: Matthew Brost <matthew.brost at intel.com>
> Cc: Matthew Brost <matthew.brost at intel.com>
Reviewed-by: Matthew Brost <matthew.brost at intel.com>
> Signed-off-by: Nirmoy Das <nirmoy.das at intel.com>
> ---
> drivers/gpu/drm/xe/xe_sync.c | 3 ++-
> 1 file changed, 2 insertions(+), 1 deletion(-)
>
> diff --git a/drivers/gpu/drm/xe/xe_sync.c b/drivers/gpu/drm/xe/xe_sync.c
> index c6cf227ead40..2e72c06fd40d 100644
> --- a/drivers/gpu/drm/xe/xe_sync.c
> +++ b/drivers/gpu/drm/xe/xe_sync.c
> @@ -54,8 +54,9 @@ static struct xe_user_fence *user_fence_create(struct xe_device *xe, u64 addr,
> {
> struct xe_user_fence *ufence;
> u64 __user *ptr = u64_to_user_ptr(addr);
> + u64 __maybe_unused prefetch_val;
>
> - if (!access_ok(ptr, sizeof(*ptr)))
> + if (get_user(prefetch_val, ptr))
> return ERR_PTR(-EFAULT);
>
> ufence = kzalloc(sizeof(*ufence), GFP_KERNEL);
> --
> 2.46.0
>
More information about the Intel-xe
mailing list