When conditionally checking for heap existence of a certian address in
pvr_vm_bind_op_map_init the condition whether the map request comes from a
user is incorrect: The context must not be the kernel-context to be a
user(space) context and should be looked up in pvr_heaps.
That makes addresses coming from userspace not being verfied against the
defined ranges and prevents firmware loading for meta cores.
Fixes: ff5f643de0bf ("drm/imagination: Add GEM and VM related code")
Signed-off-by: Alex Bee <[email protected]>
---
drivers/gpu/drm/imagination/pvr_vm.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/gpu/drm/imagination/pvr_vm.c b/drivers/gpu/drm/imagination/pvr_vm.c
index f42345fbe4bf..82690cee978c 100644
--- a/drivers/gpu/drm/imagination/pvr_vm.c
+++ b/drivers/gpu/drm/imagination/pvr_vm.c
@@ -225,7 +225,7 @@ pvr_vm_bind_op_map_init(struct pvr_vm_bind_op *bind_op,
u64 device_addr, u64 size)
{
struct drm_gem_object *obj = gem_from_pvr_gem(pvr_obj);
- const bool is_user = vm_ctx == vm_ctx->pvr_dev->kernel_vm_ctx;
+ const bool is_user = vm_ctx != vm_ctx->pvr_dev->kernel_vm_ctx;
const u64 pvr_obj_size = pvr_gem_object_size(pvr_obj);
struct sg_table *sgt;
u64 offset_plus_size;
--
2.43.0
Thanks Alex!
Reviewed-by: Donald Robson <[email protected]>
On Fri, 2023-12-08 at 18:08 +0100, Alex Bee wrote:
> *** CAUTION: This email originates from a source not known to Imagination Technologies. Think before you click a link or open an attachment ***
>
> When conditionally checking for heap existence of a certian address in
> pvr_vm_bind_op_map_init the condition whether the map request comes from a
> user is incorrect: The context must not be the kernel-context to be a
> user(space) context and should be looked up in pvr_heaps.
>
> That makes addresses coming from userspace not being verfied against the
> defined ranges and prevents firmware loading for meta cores.
>
> Fixes: ff5f643de0bf ("drm/imagination: Add GEM and VM related code")
> Signed-off-by: Alex Bee <[email protected]>
> ---
> drivers/gpu/drm/imagination/pvr_vm.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/drivers/gpu/drm/imagination/pvr_vm.c b/drivers/gpu/drm/imagination/pvr_vm.c
> index f42345fbe4bf..82690cee978c 100644
> --- a/drivers/gpu/drm/imagination/pvr_vm.c
> +++ b/drivers/gpu/drm/imagination/pvr_vm.c
> @@ -225,7 +225,7 @@ pvr_vm_bind_op_map_init(struct pvr_vm_bind_op *bind_op,
> u64 device_addr, u64 size)
> {
> struct drm_gem_object *obj = gem_from_pvr_gem(pvr_obj);
> - const bool is_user = vm_ctx == vm_ctx->pvr_dev->kernel_vm_ctx;
> + const bool is_user = vm_ctx != vm_ctx->pvr_dev->kernel_vm_ctx;
> const u64 pvr_obj_size = pvr_gem_object_size(pvr_obj);
> struct sg_table *sgt;
> u64 offset_plus_size;
On Fri, 08 Dec 2023 18:08:56 +0100, Alex Bee wrote:
> When conditionally checking for heap existence of a certian address in
> pvr_vm_bind_op_map_init the condition whether the map request comes from a
> user is incorrect: The context must not be the kernel-context to be a
> user(space) context and should be looked up in pvr_heaps.
>
> That makes addresses coming from userspace not being verfied against the
> defined ranges and prevents firmware loading for meta cores.
>
> [...]
Applied to drm/drm-misc (drm-misc-next).
Thanks!
Maxime