diff options
| author | Kevin Park <youngeun.park@arm.com> | 2023-08-16 09:01:21 +0100 |
|---|---|---|
| committer | Jörg Wagner <jorwag@google.com> | 2023-10-13 14:22:46 +0000 |
| commit | 8d366ed42251a1dac0fb6a62bfc0d1741f32556a (patch) | |
| tree | 9ea99965ba37917f1039cc0c6bdc31c941ba4851 | |
| parent | fb192812bb0feff87f603081741a455f12db1a90 (diff) | |
| download | gpu-android-gs-tangorpro-5.10-android14-qpr1-beta.tar.gz | |
GPUCORE-39469 Error handling for invalid slot when parsing trace dataandroid-u-qpr1-beta-2.2_r0.6android-u-qpr1-beta-2.2_r0.5android-u-qpr1-beta-2.2_r0.4android-u-qpr1-beta-2.2_r0.3android-14.0.0_r0.44android-14.0.0_r0.43android-14.0.0_r0.42android-14.0.0_r0.41android-14.0.0_r0.40android-14.0.0_r0.39android-14.0.0_r0.37android-14.0.0_r0.36android-14.0.0_r0.35android-14.0.0_r0.34android-14.0.0_r0.33android-14.0.0_r0.31android-14.0.0_r0.25android-14.0.0_r0.23android-14.0.0_r0.21android-gs-tangorpro-5.10-android14-qpr1-betaandroid-gs-tangorpro-5.10-android14-qpr1android-gs-raviole-5.10-android14-qpr1android-gs-pantah-5.10-android14-qpr1-betaandroid-gs-pantah-5.10-android14-qpr1android-gs-lynx-5.10-android14-qpr1-betaandroid-gs-lynx-5.10-android14-qpr1android-gs-felix-5.10-android14-qpr1-betaandroid-gs-felix-5.10-android14-qpr1android-gs-bluejay-5.10-android14-qpr1
If a slot number parsed from trace data exceeds the number of supported
CSG slots, the trace data must be discarded. Otherwise the access to
the invalid memory address could happen.
Bug: 304341806
Provenance: https://code.ipdelivery.arm.com/c/GPU/mali-ddk/+/6057
Signed-off-by: Jörg Wagner <jorwag@google.com>
Change-Id: I8e702e7487f2bea3618f2fe8ad696a1b546f10f2
| -rw-r--r-- | mali_kbase/csf/mali_kbase_csf_scheduler.c | 12 |
1 files changed, 9 insertions, 3 deletions
diff --git a/mali_kbase/csf/mali_kbase_csf_scheduler.c b/mali_kbase/csf/mali_kbase_csf_scheduler.c index 8cbc301..817e25e 100644 --- a/mali_kbase/csf/mali_kbase_csf_scheduler.c +++ b/mali_kbase/csf/mali_kbase_csf_scheduler.c @@ -335,11 +335,17 @@ static bool gpu_metrics_read_event(struct kbase_device *kbdev, struct kbase_cont if (kbase_csf_firmware_trace_buffer_read_data(tb, (u8 *)&e, GPU_METRICS_EVENT_SIZE) == GPU_METRICS_EVENT_SIZE) { const u8 slot = GPU_METRICS_CSG_GET(e.csg_slot_act); - struct kbase_queue_group *group = - kbdev->csf.scheduler.csg_slots[slot].resident_group; + struct kbase_queue_group *group; + + if (WARN_ON_ONCE(slot >= kbdev->csf.global_iface.group_num)) { + dev_err(kbdev->dev, "invalid CSG slot (%u)", slot); + return false; + } + + group = kbdev->csf.scheduler.csg_slots[slot].resident_group; if (unlikely(!group)) { - dev_err(kbdev->dev, "failed to find CSG group from CSG slot(%u)", slot); + dev_err(kbdev->dev, "failed to find CSG group from CSG slot (%u)", slot); return false; } |