diff options
author | Kevin Park <youngeun.park@arm.com> | 2022-11-24 14:27:12 +0000 |
---|---|---|
committer | Guus Sliepen <gsliepen@google.com> | 2022-11-30 17:56:37 +0000 |
commit | f98139afd99ce131cdc6dc71d63dd7e2722c09c9 (patch) | |
tree | 5dbd11946c18e7f51c4e2bd85bfda764b9f6759a | |
parent | 270edb32b4d7b12d674c360421e2b6969eddd637 (diff) | |
download | gpu-f98139afd99ce131cdc6dc71d63dd7e2722c09c9.tar.gz |
GPUCORE-36665 Fix OOB issue on KBASE_IOCTL_CS_TILER_HEAP_INIT
'group_id' member of the ioctl (KBASE_IOCTL_CS_TILER_HEAP_INIT) struct
must be validated before initializing CSF tiler heap.
Otherwise out-of-boundary of memory group pools array for the CSF tiler
heap could happen and will potentially lead to kernel panic.
TI2: 933204 (DDK Precommit)
TI2: 933199 (BASE_CSF_TEST)
Bug: 259061568
Test: verified fix using poc
Provenance: https://code.ipdelivery.arm.com/c/GPU/mali-ddk/+/4766
Change-Id: I209a3d5152a34c278c17383e4aa9080aa9735822
(cherry picked from commit 55b44117111bf6a7e324301cbbf4f89669fa04c3)
-rw-r--r-- | mali_kbase/mali_kbase_core_linux.c | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/mali_kbase/mali_kbase_core_linux.c b/mali_kbase/mali_kbase_core_linux.c index bcc2602..335761c 100644 --- a/mali_kbase/mali_kbase_core_linux.c +++ b/mali_kbase/mali_kbase_core_linux.c @@ -1566,7 +1566,10 @@ static int kbasep_kcpu_queue_enqueue(struct kbase_context *kctx, static int kbasep_cs_tiler_heap_init(struct kbase_context *kctx, union kbase_ioctl_cs_tiler_heap_init *heap_init) { - kctx->jit_group_id = heap_init->in.group_id; + if (heap_init->in.group_id >= MEMORY_GROUP_MANAGER_NR_GROUPS) + return -EINVAL; + else + kctx->jit_group_id = heap_init->in.group_id; return kbase_csf_tiler_heap_init(kctx, heap_init->in.chunk_size, heap_init->in.initial_chunks, heap_init->in.max_chunks, |