diff options
author | Kevin Park <youngeun.park@arm.com> | 2022-11-24 14:27:12 +0000 |
---|---|---|
committer | Guus Sliepen <gsliepen@google.com> | 2022-11-30 17:54:27 +0000 |
commit | f19a3fd973d58e808a72bae9d678e7ac55b134e4 (patch) | |
tree | 5ce3e5e232b28c0e02b21f1633e99f9126611d70 | |
parent | b18ad31eeafa341644076f08ee2673d27d1e91c6 (diff) | |
download | gpu-f19a3fd973d58e808a72bae9d678e7ac55b134e4.tar.gz |
GPUCORE-36665 Fix OOB issue on KBASE_IOCTL_CS_TILER_HEAP_INIT
'group_id' member of the ioctl (KBASE_IOCTL_CS_TILER_HEAP_INIT) struct
must be validated before initializing CSF tiler heap.
Otherwise out-of-boundary of memory group pools array for the CSF tiler
heap could happen and will potentially lead to kernel panic.
TI2: 933204 (DDK Precommit)
TI2: 933199 (BASE_CSF_TEST)
Bug: 259061568
Test: verified fix using poc
Provenance: https://code.ipdelivery.arm.com/c/GPU/mali-ddk/+/4766
Change-Id: I209a3d5152a34c278c17383e4aa9080aa9735822
(cherry picked from commit 55b44117111bf6a7e324301cbbf4f89669fa04c3)
-rw-r--r-- | mali_kbase/mali_kbase_core_linux.c | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/mali_kbase/mali_kbase_core_linux.c b/mali_kbase/mali_kbase_core_linux.c index bcc2602..335761c 100644 --- a/mali_kbase/mali_kbase_core_linux.c +++ b/mali_kbase/mali_kbase_core_linux.c @@ -1566,7 +1566,10 @@ static int kbasep_kcpu_queue_enqueue(struct kbase_context *kctx, static int kbasep_cs_tiler_heap_init(struct kbase_context *kctx, union kbase_ioctl_cs_tiler_heap_init *heap_init) { - kctx->jit_group_id = heap_init->in.group_id; + if (heap_init->in.group_id >= MEMORY_GROUP_MANAGER_NR_GROUPS) + return -EINVAL; + else + kctx->jit_group_id = heap_init->in.group_id; return kbase_csf_tiler_heap_init(kctx, heap_init->in.chunk_size, heap_init->in.initial_chunks, heap_init->in.max_chunks, |