tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
fork atom

drm/xe/guc: Don't read data from G2H prior to length check

While highly unlikely, incoming G2H message might be too short
so we shouldn't read any data from it prior to checking a length.

Signed-off-by: Michal Wajdeczko <michal.wajdeczko@intel.com>
Cc: Matthew Brost <matthew.brost@intel.com>
Reviewed-by: Matthew Brost <matthew.brost@intel.com>
Link: https://patchwork.freedesktop.org/patch/msgid/20241105173032.1947-4-michal.wajdeczko@intel.com

Michal Wajdeczko 6b5f1544 94b58540

+13 -5
+13 -5
drivers/gpu/drm/xe/xe_guc_submit.c
··· 1883 1883 int xe_guc_sched_done_handler(struct xe_guc *guc, u32 *msg, u32 len) 1884 1884 { 1885 1885 struct xe_exec_queue *q; 1886 - u32 guc_id = msg[0]; 1887 - u32 runnable_state = msg[1]; 1886 + u32 guc_id, runnable_state; 1888 1887 1889 1888 if (unlikely(len < 2)) 1890 1889 return -EPROTO; 1890 + 1891 + guc_id = msg[0]; 1892 + runnable_state = msg[1]; 1891 1893 1892 1894 q = g2h_exec_queue_lookup(guc, guc_id); 1893 1895 if (unlikely(!q)) ··· 1924 1922 int xe_guc_deregister_done_handler(struct xe_guc *guc, u32 *msg, u32 len) 1925 1923 { 1926 1924 struct xe_exec_queue *q; 1927 - u32 guc_id = msg[0]; 1925 + u32 guc_id; 1928 1926 1929 1927 if (unlikely(len < 1)) 1930 1928 return -EPROTO; 1929 + 1930 + guc_id = msg[0]; 1931 1931 1932 1932 q = g2h_exec_queue_lookup(guc, guc_id); 1933 1933 if (unlikely(!q)) ··· 1952 1948 { 1953 1949 struct xe_gt *gt = guc_to_gt(guc); 1954 1950 struct xe_exec_queue *q; 1955 - u32 guc_id = msg[0]; 1951 + u32 guc_id; 1956 1952 1957 1953 if (unlikely(len < 1)) 1958 1954 return -EPROTO; 1955 + 1956 + guc_id = msg[0]; 1959 1957 1960 1958 q = g2h_exec_queue_lookup(guc, guc_id); 1961 1959 if (unlikely(!q)) ··· 2014 2008 { 2015 2009 struct xe_gt *gt = guc_to_gt(guc); 2016 2010 struct xe_exec_queue *q; 2017 - u32 guc_id = msg[0]; 2011 + u32 guc_id; 2018 2012 2019 2013 if (unlikely(len < 1)) 2020 2014 return -EPROTO; 2015 + 2016 + guc_id = msg[0]; 2021 2017 2022 2018 q = g2h_exec_queue_lookup(guc, guc_id); 2023 2019 if (unlikely(!q))