diff options
| author | Suzanne Candanedo <suzanne.candanedo@arm.com> | 2022-10-06 20:03:48 +0100 |
|---|---|---|
| committer | Jack Diver <diverj@google.com> | 2022-10-07 11:24:40 +0000 |
| commit | fb2e7ed2859a7cb88c50dc0d357bb27837aaa843 (patch) | |
| tree | bf181dc170af55f341d94cf4a5c4ec4a3edd1e1e /mali_kbase/mali_kbase_defs.h | |
| parent | 348355041f171b55a3b93f52821158689ae38b1c (diff) | |
| download | gpu-fb2e7ed2859a7cb88c50dc0d357bb27837aaa843.tar.gz | |
mali_kbase: MIDCET-4220 Patch for GPUSWERRATA-1430
This patch is a fix for:
- SW Errata: 2715151
- CVE: CVE-2022-36449
This patch fixes potential use-after-free
after userbuf un-pin
Bug: 251397485
Provenance: https://code.ipdelivery.arm.com/c/GPU/mali-ddk/+/4611
Change-Id: I89aae381705466ca5971485d5b3b4ef48bc229d3
Signed-off-by: Jack Diver <diverj@google.com>
Diffstat (limited to 'mali_kbase/mali_kbase_defs.h')
| -rw-r--r-- | mali_kbase/mali_kbase_defs.h | 15 |
1 files changed, 6 insertions, 9 deletions
diff --git a/mali_kbase/mali_kbase_defs.h b/mali_kbase/mali_kbase_defs.h index ba63e1a..df373cb 100644 --- a/mali_kbase/mali_kbase_defs.h +++ b/mali_kbase/mali_kbase_defs.h @@ -1970,17 +1970,15 @@ struct kbasep_gwt_list_element { * to a @kbase_context. * @ext_res_node: List head for adding the metadata to a * @kbase_context. - * @alloc: The physical memory allocation structure - * which is mapped. - * @gpu_addr: The GPU virtual address the resource is - * mapped to. + * @reg: External resource information, containing + * the corresponding VA region * @ref: Reference count. * * External resources can be mapped into multiple contexts as well as the same * context multiple times. - * As kbase_va_region itself isn't refcounted we can't attach our extra - * information to it as it could be removed under our feet leaving external - * resources pinned. + * As kbase_va_region is refcounted, we guarantee that it will be available + * for the duration of the external resource, meaning it is sufficient to use + * it to rederive any additional data, like the GPU address. * This metadata structure binds a single external resource to a single * context, ensuring that per context mapping is tracked separately so it can * be overridden when needed and abuses by the application (freeing the resource @@ -1988,8 +1986,7 @@ struct kbasep_gwt_list_element { */ struct kbase_ctx_ext_res_meta { struct list_head ext_res_node; - struct kbase_mem_phy_alloc *alloc; - u64 gpu_addr; + struct kbase_va_region *reg; u32 ref; }; |