LinuxLists.cc - [PATCH] drm/msm: Fix legacy relocs path

2021-02-04 22:58:16

Subject: [PATCH] drm/msm: Fix legacy relocs path

From: Rob Clark <[email protected]>

In moving code around, we ended up using the same pointer to
copy_from_user() the relocs tables as we used for the cmd table
entry, which is clearly not right. This went unnoticed because
modern mesa on non-ancent kernels does not actually use relocs.
But this broke ancient mesa on modern kernels.

Reported-by: Emil Velikov <[email protected]>
Fixes: 20224d715a88 ("drm/msm/submit: Move copy_from_user ahead of locking bos")
Signed-off-by: Rob Clark <[email protected]>
---
drivers/gpu/drm/msm/msm_gem_submit.c | 2 ++
1 file changed, 2 insertions(+)

diff --git a/drivers/gpu/drm/msm/msm_gem_submit.c b/drivers/gpu/drm/msm/msm_gem_submit.c
index d04c349d8112..5480852bdeda 100644
--- a/drivers/gpu/drm/msm/msm_gem_submit.c
+++ b/drivers/gpu/drm/msm/msm_gem_submit.c
@@ -198,6 +198,8 @@ static int submit_lookup_cmds(struct msm_gem_submit *submit,
submit->cmd[i].idx = submit_cmd.submit_idx;
submit->cmd[i].nr_relocs = submit_cmd.nr_relocs;

+ userptr = u64_to_user_ptr(submit_cmd.relocs);
+
sz = array_size(submit_cmd.nr_relocs,
sizeof(struct drm_msm_gem_submit_reloc));
/* check for overflow: */
--
2.29.2

2021-02-05 06:44:26

by Akhil P Oommen

[permalink] [raw]

Subject: Re: [PATCH] drm/msm: Fix legacy relocs path

On 2/5/2021 4:26 AM, Rob Clark wrote:
> From: Rob Clark <[email protected]>
>
> In moving code around, we ended up using the same pointer to
> copy_from_user() the relocs tables as we used for the cmd table
> entry, which is clearly not right. This went unnoticed because
> modern mesa on non-ancent kernels does not actually use relocs.
> But this broke ancient mesa on modern kernels.
>
> Reported-by: Emil Velikov <[email protected]>
> Fixes: 20224d715a88 ("drm/msm/submit: Move copy_from_user ahead of locking bos")
> Signed-off-by: Rob Clark <[email protected]>
> ---
> drivers/gpu/drm/msm/msm_gem_submit.c | 2 ++
> 1 file changed, 2 insertions(+)
>
> diff --git a/drivers/gpu/drm/msm/msm_gem_submit.c b/drivers/gpu/drm/msm/msm_gem_submit.c
> index d04c349d8112..5480852bdeda 100644
> --- a/drivers/gpu/drm/msm/msm_gem_submit.c
> +++ b/drivers/gpu/drm/msm/msm_gem_submit.c
> @@ -198,6 +198,8 @@ static int submit_lookup_cmds(struct msm_gem_submit *submit,
> submit->cmd[i].idx = submit_cmd.submit_idx;
> submit->cmd[i].nr_relocs = submit_cmd.nr_relocs;
>
> + userptr = u64_to_user_ptr(submit_cmd.relocs);
> +
> sz = array_size(submit_cmd.nr_relocs,
> sizeof(struct drm_msm_gem_submit_reloc));
> /* check for overflow: */
>

Reviewed-by: Akhil P Oommen <[email protected]>

-Akhil.