From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 745D9C46467 for ; Sun, 15 Jan 2023 09:40:37 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229996AbjAOJkf (ORCPT ); Sun, 15 Jan 2023 04:40:35 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:42742 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229719AbjAOJkd (ORCPT ); Sun, 15 Jan 2023 04:40:33 -0500 Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 9E25CC156 for ; Sun, 15 Jan 2023 01:40:32 -0800 (PST) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id 3033160C6E for ; Sun, 15 Jan 2023 09:40:32 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id AC140C433D2; Sun, 15 Jan 2023 09:40:30 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1673775631; bh=UBzVcY5fRcwQWrhHV++8YM9LVjjvCcbqwKbKRaWY10k=; h=From:To:Cc:Subject:Date:From; b=S99mCXMmnxl+jXMUUKTRwMZcZtW4HC+qzZwuN8YxddJ4GLVphQCToke6aMSMWawjH c7BDz9cWwZBPtj33HzQMaCsyAbyLXBQCEUiy2tPKhKr16rZ6FB7Tx+44xIthAVEp3i pR8bengq/+P9p3qGtShNdtAqqMhbABz7DZtvjSWqD0wOwnAclaSwmdwgjc0WhwWxfd NGLH99ifTX3Hx2Wt4czhhMWlg26Ym0PwTGV42T+Iyud7Z9zLUtGnKMG4NqeTaFeRc0 WeCr+Ozx9DrzSHitCjpV8F86EnxExiLF6iuOY59RZDf07kkn07VEH5Z7HBwWbbNn8T rQ0mOG+GA+sqQ== From: Oded Gabbay To: linux-kernel@vger.kernel.org Cc: farah kassabri Subject: [PATCH 1/5] habanalabs: check pad and reserved fields in ioctls Date: Sun, 15 Jan 2023 11:40:22 +0200 Message-Id: <20230115094026.289766-1-ogabbay@kernel.org> X-Mailer: git-send-email 2.25.1 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: farah kassabri Make sure all reserved/pad fields in uapi input structures are set to 0. Signed-off-by: farah kassabri Reviewed-by: Oded Gabbay Signed-off-by: Oded Gabbay --- .../accel/habanalabs/common/command_submission.c | 15 ++++++++++++++- .../accel/habanalabs/common/habanalabs_ioctl.c | 6 +++++- 2 files changed, 19 insertions(+), 2 deletions(-) diff --git a/drivers/accel/habanalabs/common/command_submission.c b/drivers/accel/habanalabs/common/command_submission.c index bb9584d72c32..c54f504383ac 100644 --- a/drivers/accel/habanalabs/common/command_submission.c +++ b/drivers/accel/habanalabs/common/command_submission.c @@ -1310,6 +1310,13 @@ static int hl_cs_sanity_checks(struct hl_fpriv *hpriv, union hl_cs_args *args) enum hl_device_status status; enum hl_cs_type cs_type; bool is_sync_stream; + int i; + + for (i = 0 ; i < sizeof(args->in.pad) ; i++) + if (args->in.pad[i]) { + dev_dbg(hdev->dev, "Padding bytes must be 0\n"); + return -EINVAL; + } if (!hl_device_operational(hdev, &status)) { return -EBUSY; @@ -2918,7 +2925,13 @@ static int hl_multi_cs_wait_ioctl(struct hl_fpriv *hpriv, void *data) u32 size_to_copy; u64 *cs_seq_arr; u8 seq_arr_len; - int rc; + int rc, i; + + for (i = 0 ; i < sizeof(args->in.pad) ; i++) + if (args->in.pad[i]) { + dev_dbg(hdev->dev, "Padding bytes must be 0\n"); + return -EINVAL; + } if (!hdev->supports_wait_for_multi_cs) { dev_err(hdev->dev, "Wait for multi CS is not supported\n"); diff --git a/drivers/accel/habanalabs/common/habanalabs_ioctl.c b/drivers/accel/habanalabs/common/habanalabs_ioctl.c index 72493bf94ba3..5005e6fca691 100644 --- a/drivers/accel/habanalabs/common/habanalabs_ioctl.c +++ b/drivers/accel/habanalabs/common/habanalabs_ioctl.c @@ -884,9 +884,13 @@ static int _hl_info_ioctl(struct hl_fpriv *hpriv, void *data, enum hl_device_status status; struct hl_info_args *args = data; struct hl_device *hdev = hpriv->hdev; - int rc; + if (args->pad) { + dev_dbg(hdev->dev, "Padding bytes must be 0\n"); + return -EINVAL; + } + /* * Information is returned for the following opcodes even if the device * is disabled or in reset. -- 2.25.1