From 46e6bb7c8c18527fcfd45c9aa0756463e6196573 Mon Sep 17 00:00:00 2001 From: Asahi Lina Date: Wed, 17 Jan 2024 17:20:29 +0900 Subject: [PATCH] drm/asahi: Check command structure sizes Eventually this can be used to extend the structure at the end backwards-compatibly, for cases where we missed core fields in the UAPI. More discrete features should be implemented via extensions. Signed-off-by: Asahi Lina --- drivers/gpu/drm/asahi/queue/compute.rs | 9 +++++++++ drivers/gpu/drm/asahi/queue/render.rs | 9 +++++++++ 2 files changed, 18 insertions(+) diff --git a/drivers/gpu/drm/asahi/queue/compute.rs b/drivers/gpu/drm/asahi/queue/compute.rs index 99bc484920d8e9..d6f93edfb20e7c 100644 --- a/drivers/gpu/drm/asahi/queue/compute.rs +++ b/drivers/gpu/drm/asahi/queue/compute.rs @@ -55,6 +55,15 @@ impl super::Queue::ver { mod_dev_dbg!(self.dev, "[Submission {}] Compute!\n", id); + if cmd.cmd_buffer_size as usize != core::mem::size_of::() { + cls_pr_debug!( + Errors, + "Invalid compute command size ({:#x})\n", + cmd.cmd_buffer_size + ); + return Err(EINVAL); + } + let mut cmdbuf_reader = unsafe { UserSlicePtr::new( cmd.cmd_buffer as usize as *mut _, diff --git a/drivers/gpu/drm/asahi/queue/render.rs b/drivers/gpu/drm/asahi/queue/render.rs index ae797a1d29038f..267058c9d0f4c2 100644 --- a/drivers/gpu/drm/asahi/queue/render.rs +++ b/drivers/gpu/drm/asahi/queue/render.rs @@ -222,6 +222,15 @@ impl super::Queue::ver { mod_dev_dbg!(self.dev, "[Submission {}] Render!\n", id); + if cmd.cmd_buffer_size as usize != core::mem::size_of::() { + cls_pr_debug!( + Errors, + "Invalid render command size ({:#x})\n", + cmd.cmd_buffer_size + ); + return Err(EINVAL); + } + let mut cmdbuf_reader = unsafe { UserSlicePtr::new( cmd.cmd_buffer as usize as *mut _,