msm: kgsl: Add missing check for snapshot IB dump · 8774e7b998 - evie/android_kernel_oneplus_msm8998 - Gay Catgirls Forgejo: gay catgirls having sex

evie/android_kernel_oneplus_msm8998

msm: kgsl: Add missing check for snapshot IB dump

During ringbuffer parsing, same IB can exist multiple times
but size validation happens only for the first time.
This leads to out of bound access if the subsequent sizes are
greater than the allocated size.

Add a check to make sure that requested size is within the
allocated range.

Change-Id: Ie5d3c02c1669de2e6188821399e985f0991aa57c
Signed-off-by: Rajesh Kemisetti <rajeshk@codeaurora.org>

This commit is contained in:

Rajesh Kemisetti

2019-06-19 20:53:52 +05:30

• committed by

codeworkx

parent 350a145574

commit 8774e7b998

1 changed files with 14 additions and 1 deletions

									
										15

drivers/gpu/msm/adreno_snapshot.c
									
										View file
										
				@ -1,4 +1,4 @@

				/* Copyright (c) 2012-2018 The Linux Foundation. All rights reserved.

				/* Copyright (c) 2012-2019 The Linux Foundation. All rights reserved.

				 *

				 * This program is free software; you can redistribute it and/or modify

				 * it under the terms of the GNU General Public License version 2 and

				@ -70,6 +70,19 @@ void kgsl_snapshot_push_object(struct kgsl_process_private *process,

					for (index = 0; index < objbufptr; index++) {

						if (objbuf[index].gpuaddr == gpuaddr &&

							objbuf[index].entry->priv == process) {

							/*

							 * Check if newly requested size is within the

							 * allocated range or not, otherwise continue

							 * with previous size.

							 */

							if (!kgsl_gpuaddr_in_memdesc(

								&objbuf[index].entry->memdesc,

								gpuaddr, dwords << 2)) {

								KGSL_CORE_ERR(

									"snapshot: IB 0x%016llx size is not within the memdesc range\n",

									gpuaddr);

								return;

							}

							objbuf[index].size = max_t(uint64_t,

										objbuf[index].size,