From: Rob Clark robdclark@chromium.org
The UABI was already defined for pointer to 64b value, and all the userspace users of this ioctl that I could find are already using a uint64_t (but zeroing it out to work around kernel only copying 32b). Unfortunately this ioctl doesn't have a length field, so out of paranoia I restricted the change to copy 64b to the single 64b param that can be queried.
Fixes: 78aa20fa4381 ("drm/virtio: implement context init: advertise feature to userspace") Signed-off-by: Rob Clark robdclark@chromium.org --- drivers/gpu/drm/virtio/virtgpu_ioctl.c | 16 ++++++++++++---- 1 file changed, 12 insertions(+), 4 deletions(-)
diff --git a/drivers/gpu/drm/virtio/virtgpu_ioctl.c b/drivers/gpu/drm/virtio/virtgpu_ioctl.c index 0f2f3f54dbf9..0158d27d5645 100644 --- a/drivers/gpu/drm/virtio/virtgpu_ioctl.c +++ b/drivers/gpu/drm/virtio/virtgpu_ioctl.c @@ -269,7 +269,8 @@ static int virtio_gpu_getparam_ioctl(struct drm_device *dev, void *data, { struct virtio_gpu_device *vgdev = dev->dev_private; struct drm_virtgpu_getparam *param = data; - int value; + int value, ret, sz = sizeof(int); + uint64_t value64;
switch (param->param) { case VIRTGPU_PARAM_3D_FEATURES: @@ -291,13 +292,20 @@ static int virtio_gpu_getparam_ioctl(struct drm_device *dev, void *data, value = vgdev->has_context_init ? 1 : 0; break; case VIRTGPU_PARAM_SUPPORTED_CAPSET_IDs: - value = vgdev->capset_id_mask; + value64 = vgdev->capset_id_mask; + sz = sizeof(value64); break; default: return -EINVAL; } - if (copy_to_user(u64_to_user_ptr(param->value), &value, sizeof(int))) - return -EFAULT; + + if (sz == sizeof(int)) { + if (copy_to_user(u64_to_user_ptr(param->value), &value, sz)) + return -EFAULT; + } else { + if (copy_to_user(u64_to_user_ptr(param->value), &value64, sz)) + return -EFAULT; + }
return 0; }
On Tue, Feb 15, 2022 at 5:15 PM Rob Clark robdclark@gmail.com wrote:
From: Rob Clark robdclark@chromium.org
The UABI was already defined for pointer to 64b value, and all the userspace users of this ioctl that I could find are already using a uint64_t (but zeroing it out to work around kernel only copying 32b). Unfortunately this ioctl doesn't have a length field, so out of paranoia I restricted the change to copy 64b to the single 64b param that can be queried.
Fixes: 78aa20fa4381 ("drm/virtio: implement context init: advertise feature to userspace") Signed-off-by: Rob Clark robdclark@chromium.org
Reviewed-by: Gurchetan Singh gurchetansingh@chromium.org
drivers/gpu/drm/virtio/virtgpu_ioctl.c | 16 ++++++++++++---- 1 file changed, 12 insertions(+), 4 deletions(-)
diff --git a/drivers/gpu/drm/virtio/virtgpu_ioctl.c b/drivers/gpu/drm/virtio/virtgpu_ioctl.c index 0f2f3f54dbf9..0158d27d5645 100644 --- a/drivers/gpu/drm/virtio/virtgpu_ioctl.c +++ b/drivers/gpu/drm/virtio/virtgpu_ioctl.c @@ -269,7 +269,8 @@ static int virtio_gpu_getparam_ioctl(struct drm_device *dev, void *data, { struct virtio_gpu_device *vgdev = dev->dev_private; struct drm_virtgpu_getparam *param = data;
int value;
int value, ret, sz = sizeof(int);uint64_t value64; switch (param->param) { case VIRTGPU_PARAM_3D_FEATURES:@@ -291,13 +292,20 @@ static int virtio_gpu_getparam_ioctl(struct drm_device *dev, void *data, value = vgdev->has_context_init ? 1 : 0; break; case VIRTGPU_PARAM_SUPPORTED_CAPSET_IDs:
value = vgdev->capset_id_mask;
value64 = vgdev->capset_id_mask;sz = sizeof(value64); break; default: return -EINVAL; }
if (copy_to_user(u64_to_user_ptr(param->value), &value,sizeof(int)))
return -EFAULT;
if (sz == sizeof(int)) {if (copy_to_user(u64_to_user_ptr(param->value), &value,sz))
return -EFAULT;} else {if (copy_to_user(u64_to_user_ptr(param->value), &value64,sz))
return -EFAULT;} return 0;}
2.34.1
dri-devel@lists.freedesktop.org
-
Gurchetan Singh -
Rob Clark