msm: kgsl: Fix gpuaddr_in_range() to check upper bound (d1e8523c) · Commits · e / devices / android_kernel_fairphone_FP3

drivers/gpu/msm/adreno_dispatch.c

+2 −1

Original line number	Diff line number	Diff line
		@@ -1155,7 +1155,8 @@ static inline bool _verify_ib(struct kgsl_device_private *dev_priv,
		}

		/* Make sure that the address is mapped */
		if (!kgsl_mmu_gpuaddr_in_range(private->pagetable, ib->gpuaddr)) {
		if (!kgsl_mmu_gpuaddr_in_range(private->pagetable, ib->gpuaddr,
		ib->size)) {
		pr_context(device, context, "ctxt %d invalid ib gpuaddr %llX\n",
		context->id, ib->gpuaddr);
		return false;

+1 −1

Original line number	Diff line number	Diff line
		@@ -1257,7 +1257,7 @@ kgsl_sharedmem_find(struct kgsl_process_private *private, uint64_t gpuaddr)
		if (!private)
		return NULL;

		if (!kgsl_mmu_gpuaddr_in_range(private->pagetable, gpuaddr))
		if (!kgsl_mmu_gpuaddr_in_range(private->pagetable, gpuaddr, 0))
		return NULL;

		spin_lock(&private->mem_lock);

+5 −4

Original line number	Diff line number	Diff line
		@@ -2567,20 +2567,21 @@ static int kgsl_iommu_svm_range(struct kgsl_pagetable *pagetable,
		}

		static bool kgsl_iommu_addr_in_range(struct kgsl_pagetable *pagetable,
		uint64_t gpuaddr)
		uint64_t gpuaddr, uint64_t size)
		{
		struct kgsl_iommu_pt *pt = pagetable->priv;

		if (gpuaddr == 0)
		return false;

		if (gpuaddr >= pt->va_start && gpuaddr < pt->va_end)
		if (gpuaddr >= pt->va_start && (gpuaddr + size) < pt->va_end)
		return true;

		if (gpuaddr >= pt->compat_va_start && gpuaddr < pt->compat_va_end)
		if (gpuaddr >= pt->compat_va_start &&
		(gpuaddr + size) < pt->compat_va_end)
		return true;

		if (gpuaddr >= pt->svm_start && gpuaddr < pt->svm_end)
		if (gpuaddr >= pt->svm_start && (gpuaddr + size) < pt->svm_end)
		return true;

		return false;

+4 −3

Original line number	Diff line number	Diff line
		@@ -613,10 +613,11 @@ enum kgsl_mmutype kgsl_mmu_get_mmutype(struct kgsl_device *device)
		EXPORT_SYMBOL(kgsl_mmu_get_mmutype);

		bool kgsl_mmu_gpuaddr_in_range(struct kgsl_pagetable *pagetable,
		uint64_t gpuaddr)
		uint64_t gpuaddr, uint64_t size)
		{
		if (PT_OP_VALID(pagetable, addr_in_range))
		return pagetable->pt_ops->addr_in_range(pagetable, gpuaddr);
		return pagetable->pt_ops->addr_in_range(pagetable,
		gpuaddr, size);

		return false;
		}
		@@ -652,7 +653,7 @@ EXPORT_SYMBOL(kgsl_mmu_get_qtimer_global_entry);
		*/

		static bool nommu_gpuaddr_in_range(struct kgsl_pagetable *pagetable,
		uint64_t gpuaddr)
		uint64_t gpuaddr, uint64_t size)
		{
		return (gpuaddr != 0) ? true : false;
		}

+4 −2

Original line number	Diff line number	Diff line
		@@ -102,7 +102,8 @@ struct kgsl_mmu_pt_ops {
		int (set_svm_region)(struct kgsl_pagetable , uint64_t, uint64_t);
		int (svm_range)(struct kgsl_pagetable , uint64_t , uint64_t ,
		uint64_t);
		bool (addr_in_range)(struct kgsl_pagetable pagetable, uint64_t);
		bool (addr_in_range)(struct kgsl_pagetable pagetable,
		uint64_t, uint64_t);
		int (mmu_map_offset)(struct kgsl_pagetable pt,
		uint64_t virtaddr, uint64_t virtoffset,
		struct kgsl_memdesc *memdesc, uint64_t physoffset,
		@@ -194,7 +195,8 @@ unsigned int kgsl_virtaddr_to_physaddr(void *virtaddr);
		unsigned int kgsl_mmu_log_fault_addr(struct kgsl_mmu *mmu,
		u64 ttbr0, uint64_t addr);
		enum kgsl_mmutype kgsl_mmu_get_mmutype(struct kgsl_device *device);
		bool kgsl_mmu_gpuaddr_in_range(struct kgsl_pagetable *pt, uint64_t gpuaddr);
		bool kgsl_mmu_gpuaddr_in_range(struct kgsl_pagetable *pt, uint64_t gpuaddr,
		uint64_t size);

		int kgsl_mmu_get_region(struct kgsl_pagetable *pagetable,
		uint64_t gpuaddr, uint64_t size);