From: "Ceraolo Spurio, Daniele" <daniele.ceraolospurio@intel.com>
To: <John.C.Harrison@Intel.com>, <Intel-GFX@Lists.FreeDesktop.Org>
Cc: DRI-Devel@Lists.FreeDesktop.Org
Subject: Re: [Intel-gfx] [PATCH 8/8] drm/i915/guc: Fix potential invalid pointer dereferences when decoding G2Hs
Date: Tue, 22 Feb 2022 17:28:23 -0800 [thread overview]
Message-ID: <895cebd9-3cd7-6059-fcf7-34ca933fb7be@intel.com> (raw)
In-Reply-To: <20220217235207.930153-9-John.C.Harrison@Intel.com>
On 2/17/2022 3:52 PM, John.C.Harrison@Intel.com wrote:
> From: John Harrison <John.C.Harrison@Intel.com>
>
> Some G2H handlers were reading the context id field from the payload
> before checking the payload met the minimum length required.
>
> Signed-off-by: John Harrison <John.C.Harrison@Intel.com>
Reviewed-by: Daniele Ceraolo Spurio <daniele.ceraolospurio@intel.com>
While double-checking the other msg handler I noticed that we don't do
any checks on len for intel_guc_log_handle_flush_event(). Not really
relevant for this patch, just wondering out loud if we should add a
check to make sure the message is not corrupted.
Daniele
> ---
> drivers/gpu/drm/i915/gt/uc/intel_guc_submission.c | 6 ++++--
> 1 file changed, 4 insertions(+), 2 deletions(-)
>
> diff --git a/drivers/gpu/drm/i915/gt/uc/intel_guc_submission.c b/drivers/gpu/drm/i915/gt/uc/intel_guc_submission.c
> index b70b1ff46418..ea17dca68674 100644
> --- a/drivers/gpu/drm/i915/gt/uc/intel_guc_submission.c
> +++ b/drivers/gpu/drm/i915/gt/uc/intel_guc_submission.c
> @@ -3895,12 +3895,13 @@ int intel_guc_deregister_done_process_msg(struct intel_guc *guc,
> u32 len)
> {
> struct intel_context *ce;
> - u32 ctx_id = msg[0];
> + u32 ctx_id;
>
> if (unlikely(len < 1)) {
> drm_err(&guc_to_gt(guc)->i915->drm, "Invalid length %u\n", len);
> return -EPROTO;
> }
> + ctx_id = msg[0];
>
> ce = g2h_context_lookup(guc, ctx_id);
> if (unlikely(!ce))
> @@ -3946,12 +3947,13 @@ int intel_guc_sched_done_process_msg(struct intel_guc *guc,
> {
> struct intel_context *ce;
> unsigned long flags;
> - u32 ctx_id = msg[0];
> + u32 ctx_id;
>
> if (unlikely(len < 2)) {
> drm_err(&guc_to_gt(guc)->i915->drm, "Invalid length %u\n", len);
> return -EPROTO;
> }
> + ctx_id = msg[0];
>
> ce = g2h_context_lookup(guc, ctx_id);
> if (unlikely(!ce))
next prev parent reply other threads:[~2022-02-23 1:28 UTC|newest]
Thread overview: 24+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-02-17 23:51 [Intel-gfx] [PATCH 0/8] Prep work for next GuC release John.C.Harrison
2022-02-17 23:52 ` [Intel-gfx] [PATCH 1/8] drm/i915/guc: Do not conflate lrc_desc with GuC id for registration John.C.Harrison
2022-02-18 21:13 ` Ceraolo Spurio, Daniele
2022-02-17 23:52 ` [Intel-gfx] [PATCH 2/8] drm/i915/guc: Add an explicit 'submission_initialized' flag John.C.Harrison
2022-02-18 21:18 ` Ceraolo Spurio, Daniele
2022-02-17 23:52 ` [Intel-gfx] [PATCH 3/8] drm/i915/guc: Better name for context id limit John.C.Harrison
2022-02-23 1:00 ` Ceraolo Spurio, Daniele
2022-02-17 23:52 ` [Intel-gfx] [PATCH 4/8] drm/i915/guc: Split guc_lrc_desc_pin apart John.C.Harrison
2022-02-23 1:04 ` Ceraolo Spurio, Daniele
2022-02-17 23:52 ` [Intel-gfx] [PATCH 5/8] drm/i915/guc: Move lrc desc setup to where it is needed John.C.Harrison
2022-02-23 1:12 ` Ceraolo Spurio, Daniele
2022-02-23 20:23 ` John Harrison
2022-02-24 2:03 ` Ceraolo Spurio, Daniele
2022-02-24 21:13 ` John Harrison
2022-02-17 23:52 ` [Intel-gfx] [PATCH 6/8] drm/i915/guc: Rename desc_idx to ctx_id John.C.Harrison
2022-02-23 1:14 ` Ceraolo Spurio, Daniele
2022-02-17 23:52 ` [Intel-gfx] [PATCH 7/8] drm/i915/guc: Drop obsolete H2G definitions John.C.Harrison
2022-02-23 1:19 ` Ceraolo Spurio, Daniele
2022-02-17 23:52 ` [Intel-gfx] [PATCH 8/8] drm/i915/guc: Fix potential invalid pointer dereferences when decoding G2Hs John.C.Harrison
2022-02-23 1:28 ` Ceraolo Spurio, Daniele [this message]
2022-02-18 5:29 ` [Intel-gfx] ✗ Fi.CI.SPARSE: warning for Prep work for next GuC release (rev2) Patchwork
2022-02-18 5:56 ` [Intel-gfx] ✓ Fi.CI.BAT: success " Patchwork
2022-02-18 16:58 ` [Intel-gfx] ✗ Fi.CI.IGT: failure " Patchwork
-- strict thread matches above, loose matches on Subject: below --
2022-02-08 2:20 [Intel-gfx] [PATCH 0/8] Prep work for next GuC release John.C.Harrison
2022-02-08 2:20 ` [Intel-gfx] [PATCH 8/8] drm/i915/guc: Fix potential invalid pointer dereferences when decoding G2Hs John.C.Harrison
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=895cebd9-3cd7-6059-fcf7-34ca933fb7be@intel.com \
--to=daniele.ceraolospurio@intel.com \
--cc=DRI-Devel@Lists.FreeDesktop.Org \
--cc=Intel-GFX@Lists.FreeDesktop.Org \
--cc=John.C.Harrison@Intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox