From 2c8cad71e1d6756e0ff7077e8ddd612c29a4935c Mon Sep 17 00:00:00 2001 From: Asahi Lina Date: Wed, 17 Jan 2024 17:20:29 +0900 Subject: [PATCH] drm/asahi: Check command structure sizes Eventually this can be used to extend the structure at the end backwards-compatibly, for cases where we missed core fields in the UAPI. More discrete features should be implemented via extensions. Signed-off-by: Asahi Lina --- drivers/gpu/drm/asahi/queue/compute.rs | 9 +++++++++ drivers/gpu/drm/asahi/queue/render.rs | 9 +++++++++ 2 files changed, 18 insertions(+) diff --git a/drivers/gpu/drm/asahi/queue/compute.rs b/drivers/gpu/drm/asahi/queue/compute.rs index f710e148f3c696..1cd52f338d0583 100644 --- a/drivers/gpu/drm/asahi/queue/compute.rs +++ b/drivers/gpu/drm/asahi/queue/compute.rs @@ -55,6 +55,15 @@ impl super::Queue::ver { mod_dev_dbg!(self.dev, "[Submission {}] Compute!\n", id); + if cmd.cmd_buffer_size as usize != core::mem::size_of::() { + cls_pr_debug!( + Errors, + "Invalid compute command size ({:#x})\n", + cmd.cmd_buffer_size + ); + return Err(EINVAL); + } + let mut cmdbuf_reader = unsafe { UserSlicePtr::new( cmd.cmd_buffer as usize as *mut _, diff --git a/drivers/gpu/drm/asahi/queue/render.rs b/drivers/gpu/drm/asahi/queue/render.rs index 3df13005509f12..719672fecdf7f6 100644 --- a/drivers/gpu/drm/asahi/queue/render.rs +++ b/drivers/gpu/drm/asahi/queue/render.rs @@ -222,6 +222,15 @@ impl super::Queue::ver { mod_dev_dbg!(self.dev, "[Submission {}] Render!\n", id); + if cmd.cmd_buffer_size as usize != core::mem::size_of::() { + cls_pr_debug!( + Errors, + "Invalid render command size ({:#x})\n", + cmd.cmd_buffer_size + ); + return Err(EINVAL); + } + let mut cmdbuf_reader = unsafe { UserSlicePtr::new( cmd.cmd_buffer as usize as *mut _,