Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit ac7349dd authored by Rohan Sethi's avatar Rohan Sethi Committed by Rohan Sethi
Browse files

msm: kgsl: Fix gpuaddr_in_range() to check upper bound 



Currently gpuaddr_in_range() accepts only the gpuaddr & returns
true if it lies in valid range. But this does not mean that the
entire buffer is within range.
Modify the function to accept size as a parameter and check that
both starting & ending points of buffer lie within mmu range.

Change-Id: I1d722295b9a27e746bfdb6d3bf409ffe722193cb
Signed-off-by: default avatarRohan Sethi <rohsethi@codeaurora.org>
parent 862b38de

drivers/gpu/msm/adreno_dispatch.c

+2 −2
Original line number Diff line number Diff line
@@ -1125,8 +1125,8 @@ static inline bool _verify_ib(struct kgsl_device_private *dev_priv, 
	}



	/* Make sure that the address is in range and dword aligned */

	if (!kgsl_mmu_gpuaddr_in_range(private->pagetable, ib->gpuaddr) ||

	    !IS_ALIGNED(ib->gpuaddr, 4)) {

	if (!kgsl_mmu_gpuaddr_in_range(private->pagetable, ib->gpuaddr,

		ib->size) || !IS_ALIGNED(ib->gpuaddr, 4)) {

		pr_context(device, context, "ctxt %d invalid ib gpuaddr %llX\n",

			context->id, ib->gpuaddr);

		return false;

drivers/gpu/msm/adreno_hwsched.c

+2 −1
Original line number Diff line number Diff line
@@ -657,7 +657,8 @@ static inline bool _verify_ib(struct kgsl_device_private *dev_priv, 
	}



	/* Make sure that the address is mapped */

	if (!kgsl_mmu_gpuaddr_in_range(private->pagetable, ib->gpuaddr)) {

	if (!kgsl_mmu_gpuaddr_in_range(private->pagetable, ib->gpuaddr,

		ib->size)) {

		pr_context(device, context, "ctxt %d invalid ib gpuaddr %llX\n",

			context->id, ib->gpuaddr);

		return false;

drivers/gpu/msm/kgsl.c

+2 −2
Original line number Diff line number Diff line
@@ -1302,9 +1302,9 @@ kgsl_sharedmem_find(struct kgsl_process_private *private, uint64_t gpuaddr) 
	if (!private)

		return NULL;



	if (!kgsl_mmu_gpuaddr_in_range(private->pagetable, gpuaddr) &&

	if (!kgsl_mmu_gpuaddr_in_range(private->pagetable, gpuaddr, 0) &&

		!kgsl_mmu_gpuaddr_in_range(

			private->pagetable->mmu->securepagetable, gpuaddr))

			private->pagetable->mmu->securepagetable, gpuaddr, 0))

		return NULL;



	spin_lock(&private->mem_lock);

drivers/gpu/msm/kgsl_iommu.c

+4 −4
Original line number Diff line number Diff line
@@ -2287,20 +2287,20 @@ static int kgsl_iommu_svm_range(struct kgsl_pagetable *pagetable, 
}



static bool kgsl_iommu_addr_in_range(struct kgsl_pagetable *pagetable,

		uint64_t gpuaddr)

		uint64_t gpuaddr, uint64_t size)

{

	struct kgsl_iommu_pt *pt = pagetable->priv;



	if (gpuaddr == 0)

		return false;



	if (gpuaddr >= pt->va_start && gpuaddr < pt->va_end)

	if (gpuaddr >= pt->va_start && (gpuaddr + size) < pt->va_end)

		return true;



	if (gpuaddr >= pt->compat_va_start && gpuaddr < pt->compat_va_end)

	if (gpuaddr >= pt->compat_va_start && (gpuaddr + size) < pt->compat_va_end)

		return true;



	if (gpuaddr >= pt->svm_start && gpuaddr < pt->svm_end)

	if (gpuaddr >= pt->svm_start && (gpuaddr + size) < pt->svm_end)

		return true;



	return false;

drivers/gpu/msm/kgsl_mmu.c

+3 −3
Original line number Diff line number Diff line
@@ -529,10 +529,10 @@ enum kgsl_mmutype kgsl_mmu_get_mmutype(struct kgsl_device *device) 
}



bool kgsl_mmu_gpuaddr_in_range(struct kgsl_pagetable *pagetable,

		uint64_t gpuaddr)

		uint64_t gpuaddr, uint64_t size)

{

	if (PT_OP_VALID(pagetable, addr_in_range))

		return pagetable->pt_ops->addr_in_range(pagetable, gpuaddr);

		return pagetable->pt_ops->addr_in_range(pagetable, gpuaddr, size);



	return false;

}
@@ -544,7 +544,7 @@ bool kgsl_mmu_gpuaddr_in_range(struct kgsl_pagetable *pagetable, 
 */



static bool nommu_gpuaddr_in_range(struct kgsl_pagetable *pagetable,

		uint64_t gpuaddr)

		uint64_t gpuaddr, uint64_t size)

{

	return (gpuaddr != 0) ? true : false;

}