All of lore.kernel.org
 help / color / mirror / Atom feed
From: Oleksandr Andrushchenko <andr2000@gmail.com>
To: xen-devel@lists.xenproject.org, dri-devel@lists.freedesktop.org,
	linux-kernel@vger.kernel.org, boris.ostrovsky@oracle.com,
	jgross@suse.com, airlied@linux.ie, daniel@ffwll.ch
Cc: sstabellini@kernel.org, dan.carpenter@oracle.com,
	intel-gfx@lists.freedesktop.org,
	Oleksandr Andrushchenko <oleksandr_andrushchenko@epam.com>,
	stable@vger.kernel.org
Subject: [PATCH v2 1/5] xen/gntdev: Fix dmabuf import with non-zero sgt offset
Date: Thu, 13 Aug 2020 09:21:09 +0300	[thread overview]
Message-ID: <20200813062113.11030-2-andr2000@gmail.com> (raw)
In-Reply-To: <20200813062113.11030-1-andr2000@gmail.com>

From: Oleksandr Andrushchenko <oleksandr_andrushchenko@epam.com>

It is possible that the scatter-gather table during dmabuf import has
non-zero offset of the data, but user-space doesn't expect that.
Fix this by failing the import, so user-space doesn't access wrong data.

Fixes: bf8dc55b1358 ("xen/gntdev: Implement dma-buf import functionality")

Signed-off-by: Oleksandr Andrushchenko <oleksandr_andrushchenko@epam.com>
Acked-by: Juergen Gross <jgross@suse.com>
Cc: <stable@vger.kernel.org>
---
 drivers/xen/gntdev-dmabuf.c | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/drivers/xen/gntdev-dmabuf.c b/drivers/xen/gntdev-dmabuf.c
index 75d3bb948bf3..b1b6eebafd5d 100644
--- a/drivers/xen/gntdev-dmabuf.c
+++ b/drivers/xen/gntdev-dmabuf.c
@@ -613,6 +613,14 @@ dmabuf_imp_to_refs(struct gntdev_dmabuf_priv *priv, struct device *dev,
 		goto fail_detach;
 	}
 
+	/* Check that we have zero offset. */
+	if (sgt->sgl->offset) {
+		ret = ERR_PTR(-EINVAL);
+		pr_debug("DMA buffer has %d bytes offset, user-space expects 0\n",
+			 sgt->sgl->offset);
+		goto fail_unmap;
+	}
+
 	/* Check number of pages that imported buffer has. */
 	if (attach->dmabuf->size != gntdev_dmabuf->nr_pages << PAGE_SHIFT) {
 		ret = ERR_PTR(-EINVAL);
-- 
2.17.1


WARNING: multiple messages have this Message-ID (diff)
From: Oleksandr Andrushchenko <andr2000@gmail.com>
To: xen-devel@lists.xenproject.org, dri-devel@lists.freedesktop.org,
	linux-kernel@vger.kernel.org, boris.ostrovsky@oracle.com,
	jgross@suse.com, airlied@linux.ie, daniel@ffwll.ch
Cc: intel-gfx@lists.freedesktop.org, sstabellini@kernel.org,
	stable@vger.kernel.org, dan.carpenter@oracle.com,
	Oleksandr Andrushchenko <oleksandr_andrushchenko@epam.com>
Subject: [PATCH v2 1/5] xen/gntdev: Fix dmabuf import with non-zero sgt offset
Date: Thu, 13 Aug 2020 09:21:09 +0300	[thread overview]
Message-ID: <20200813062113.11030-2-andr2000@gmail.com> (raw)
In-Reply-To: <20200813062113.11030-1-andr2000@gmail.com>

From: Oleksandr Andrushchenko <oleksandr_andrushchenko@epam.com>

It is possible that the scatter-gather table during dmabuf import has
non-zero offset of the data, but user-space doesn't expect that.
Fix this by failing the import, so user-space doesn't access wrong data.

Fixes: bf8dc55b1358 ("xen/gntdev: Implement dma-buf import functionality")

Signed-off-by: Oleksandr Andrushchenko <oleksandr_andrushchenko@epam.com>
Acked-by: Juergen Gross <jgross@suse.com>
Cc: <stable@vger.kernel.org>
---
 drivers/xen/gntdev-dmabuf.c | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/drivers/xen/gntdev-dmabuf.c b/drivers/xen/gntdev-dmabuf.c
index 75d3bb948bf3..b1b6eebafd5d 100644
--- a/drivers/xen/gntdev-dmabuf.c
+++ b/drivers/xen/gntdev-dmabuf.c
@@ -613,6 +613,14 @@ dmabuf_imp_to_refs(struct gntdev_dmabuf_priv *priv, struct device *dev,
 		goto fail_detach;
 	}
 
+	/* Check that we have zero offset. */
+	if (sgt->sgl->offset) {
+		ret = ERR_PTR(-EINVAL);
+		pr_debug("DMA buffer has %d bytes offset, user-space expects 0\n",
+			 sgt->sgl->offset);
+		goto fail_unmap;
+	}
+
 	/* Check number of pages that imported buffer has. */
 	if (attach->dmabuf->size != gntdev_dmabuf->nr_pages << PAGE_SHIFT) {
 		ret = ERR_PTR(-EINVAL);
-- 
2.17.1

_______________________________________________
dri-devel mailing list
dri-devel@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/dri-devel

WARNING: multiple messages have this Message-ID (diff)
From: Oleksandr Andrushchenko <andr2000@gmail.com>
To: xen-devel@lists.xenproject.org, dri-devel@lists.freedesktop.org,
	linux-kernel@vger.kernel.org, boris.ostrovsky@oracle.com,
	jgross@suse.com, airlied@linux.ie, daniel@ffwll.ch
Cc: intel-gfx@lists.freedesktop.org, sstabellini@kernel.org,
	stable@vger.kernel.org, dan.carpenter@oracle.com,
	Oleksandr Andrushchenko <oleksandr_andrushchenko@epam.com>
Subject: [Intel-gfx] [PATCH v2 1/5] xen/gntdev: Fix dmabuf import with non-zero sgt offset
Date: Thu, 13 Aug 2020 09:21:09 +0300	[thread overview]
Message-ID: <20200813062113.11030-2-andr2000@gmail.com> (raw)
In-Reply-To: <20200813062113.11030-1-andr2000@gmail.com>

From: Oleksandr Andrushchenko <oleksandr_andrushchenko@epam.com>

It is possible that the scatter-gather table during dmabuf import has
non-zero offset of the data, but user-space doesn't expect that.
Fix this by failing the import, so user-space doesn't access wrong data.

Fixes: bf8dc55b1358 ("xen/gntdev: Implement dma-buf import functionality")

Signed-off-by: Oleksandr Andrushchenko <oleksandr_andrushchenko@epam.com>
Acked-by: Juergen Gross <jgross@suse.com>
Cc: <stable@vger.kernel.org>
---
 drivers/xen/gntdev-dmabuf.c | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/drivers/xen/gntdev-dmabuf.c b/drivers/xen/gntdev-dmabuf.c
index 75d3bb948bf3..b1b6eebafd5d 100644
--- a/drivers/xen/gntdev-dmabuf.c
+++ b/drivers/xen/gntdev-dmabuf.c
@@ -613,6 +613,14 @@ dmabuf_imp_to_refs(struct gntdev_dmabuf_priv *priv, struct device *dev,
 		goto fail_detach;
 	}
 
+	/* Check that we have zero offset. */
+	if (sgt->sgl->offset) {
+		ret = ERR_PTR(-EINVAL);
+		pr_debug("DMA buffer has %d bytes offset, user-space expects 0\n",
+			 sgt->sgl->offset);
+		goto fail_unmap;
+	}
+
 	/* Check number of pages that imported buffer has. */
 	if (attach->dmabuf->size != gntdev_dmabuf->nr_pages << PAGE_SHIFT) {
 		ret = ERR_PTR(-EINVAL);
-- 
2.17.1

_______________________________________________
Intel-gfx mailing list
Intel-gfx@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/intel-gfx

  reply	other threads:[~2020-08-13  6:21 UTC|newest]

Thread overview: 46+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2020-08-13  6:21 [PATCH v2 0/5] Fixes and improvements for Xen pvdrm Oleksandr Andrushchenko
2020-08-13  6:21 ` [Intel-gfx] " Oleksandr Andrushchenko
2020-08-13  6:21 ` Oleksandr Andrushchenko
2020-08-13  6:21 ` Oleksandr Andrushchenko [this message]
2020-08-13  6:21   ` [Intel-gfx] [PATCH v2 1/5] xen/gntdev: Fix dmabuf import with non-zero sgt offset Oleksandr Andrushchenko
2020-08-13  6:21   ` Oleksandr Andrushchenko
2020-08-13  6:21 ` [PATCH v2 2/5] drm/xen-front: Fix misused IS_ERR_OR_NULL checks Oleksandr Andrushchenko
2020-08-13  6:21   ` [Intel-gfx] " Oleksandr Andrushchenko
2020-08-13  6:21   ` Oleksandr Andrushchenko
2020-08-19 23:56   ` Sasha Levin
2020-08-19 23:56     ` Sasha Levin
2020-08-20  7:14     ` Oleksandr Andrushchenko
2020-08-20  7:14       ` Oleksandr Andrushchenko
2020-08-13  6:21 ` [PATCH v2 3/5] drm/xen-front: Add YUYV to supported formats Oleksandr Andrushchenko
2020-08-13  6:21   ` [Intel-gfx] " Oleksandr Andrushchenko
2020-08-13  6:21   ` Oleksandr Andrushchenko
2020-08-13  6:21 ` [PATCH v2 4/5] xen: Sync up with the canonical protocol definition in Xen Oleksandr Andrushchenko
2020-08-13  6:21   ` [Intel-gfx] " Oleksandr Andrushchenko
2020-08-13  6:21   ` Oleksandr Andrushchenko
2020-08-13  6:21 ` [PATCH v2 5/5] drm/xen-front: Pass dumb buffer data offset to the backend Oleksandr Andrushchenko
2020-08-13  6:21   ` [Intel-gfx] " Oleksandr Andrushchenko
2020-08-13  6:21   ` Oleksandr Andrushchenko
2020-08-13  6:32 ` [PATCH v2 0/5] Fixes and improvements for Xen pvdrm Oleksandr Andrushchenko
2020-08-13  6:32   ` [Intel-gfx] " Oleksandr Andrushchenko
2020-08-13  6:32   ` Oleksandr Andrushchenko
2020-08-13  7:05   ` Jürgen Groß
2020-08-13  7:05     ` [Intel-gfx] " Jürgen Groß
2020-08-13  7:05     ` Jürgen Groß
2020-08-13  7:21     ` Oleksandr Andrushchenko
2020-08-13  7:21       ` [Intel-gfx] " Oleksandr Andrushchenko
2020-08-13  7:21       ` Oleksandr Andrushchenko
2020-08-13  6:37 ` [Intel-gfx] ✗ Fi.CI.CHECKPATCH: warning for Fixes and improvements for Xen pvdrm (rev2) Patchwork
2020-08-13  6:59 ` [Intel-gfx] ✓ Fi.CI.BAT: success " Patchwork
2020-08-13  8:01 ` [Intel-gfx] ✓ Fi.CI.IGT: " Patchwork
2020-08-13 15:02 ` [PATCH v2 0/5] Fixes and improvements for Xen pvdrm Jürgen Groß
2020-08-13 15:02   ` [Intel-gfx] " Jürgen Groß
2020-08-13 15:02   ` Jürgen Groß
2020-08-13 15:10   ` Oleksandr Andrushchenko
2020-08-13 15:10     ` [Intel-gfx] " Oleksandr Andrushchenko
2020-08-13 15:10     ` Oleksandr Andrushchenko
2020-08-13 15:13     ` Jürgen Groß
2020-08-13 15:13       ` [Intel-gfx] " Jürgen Groß
2020-08-13 15:13       ` Jürgen Groß
2020-08-13 16:30       ` Oleksandr Andrushchenko
2020-08-13 16:30         ` [Intel-gfx] " Oleksandr Andrushchenko
2020-08-13 16:30         ` Oleksandr Andrushchenko

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20200813062113.11030-2-andr2000@gmail.com \
    --to=andr2000@gmail.com \
    --cc=airlied@linux.ie \
    --cc=boris.ostrovsky@oracle.com \
    --cc=dan.carpenter@oracle.com \
    --cc=daniel@ffwll.ch \
    --cc=dri-devel@lists.freedesktop.org \
    --cc=intel-gfx@lists.freedesktop.org \
    --cc=jgross@suse.com \
    --cc=linux-kernel@vger.kernel.org \
    --cc=oleksandr_andrushchenko@epam.com \
    --cc=sstabellini@kernel.org \
    --cc=stable@vger.kernel.org \
    --cc=xen-devel@lists.xenproject.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.