gpu: host1x: Forbid unrelated SETCLASS opcode in the firewall
Several channels could be made to write the same unit concurrently via the SETCLASS opcode, trusting userspace is a bad idea. It should be possible to drop the per-client channel reservation and add a per-unit locking by inserting MLOCK's to the command stream to re-allow the SETCLASS opcode, but it will be much more work. Let's forbid the unit-unrelated class changes for now. Signed-off-by: Dmitry Osipenko <digetx@gmail.com> Reviewed-by: Erik Faye-Lund <kusmabite@gmail.com> Reviewed-by: Mikko Perttunen <mperttunen@nvidia.com> Signed-off-by: Thierry Reding <treding@nvidia.com>
This commit is contained in:
parent
ef81624994
commit
0f563a4bf6
5 changed files with 32 additions and 4 deletions
|
@ -532,6 +532,7 @@ int tegra_drm_submit(struct tegra_drm_context *context,
|
|||
}
|
||||
|
||||
job->is_addr_reg = context->client->ops->is_addr_reg;
|
||||
job->is_valid_class = context->client->ops->is_valid_class;
|
||||
job->syncpt_incrs = syncpt.incrs;
|
||||
job->syncpt_id = syncpt.id;
|
||||
job->timeout = 10000;
|
||||
|
|
|
@ -83,6 +83,7 @@ struct tegra_drm_client_ops {
|
|||
struct tegra_drm_context *context);
|
||||
void (*close_channel)(struct tegra_drm_context *context);
|
||||
int (*is_addr_reg)(struct device *dev, u32 class, u32 offset);
|
||||
int (*is_valid_class)(u32 class);
|
||||
int (*submit)(struct tegra_drm_context *context,
|
||||
struct drm_tegra_submit *args, struct drm_device *drm,
|
||||
struct drm_file *file);
|
||||
|
|
|
@ -109,10 +109,17 @@ static int gr2d_is_addr_reg(struct device *dev, u32 class, u32 offset)
|
|||
return 0;
|
||||
}
|
||||
|
||||
static int gr2d_is_valid_class(u32 class)
|
||||
{
|
||||
return (class == HOST1X_CLASS_GR2D ||
|
||||
class == HOST1X_CLASS_GR2D_SB);
|
||||
}
|
||||
|
||||
static const struct tegra_drm_client_ops gr2d_ops = {
|
||||
.open_channel = gr2d_open_channel,
|
||||
.close_channel = gr2d_close_channel,
|
||||
.is_addr_reg = gr2d_is_addr_reg,
|
||||
.is_valid_class = gr2d_is_valid_class,
|
||||
.submit = tegra_drm_submit,
|
||||
};
|
||||
|
||||
|
|
|
@ -356,6 +356,9 @@ struct host1x_firewall {
|
|||
|
||||
static int check_register(struct host1x_firewall *fw, unsigned long offset)
|
||||
{
|
||||
if (!fw->job->is_addr_reg)
|
||||
return 0;
|
||||
|
||||
if (fw->job->is_addr_reg(fw->dev, fw->class, offset)) {
|
||||
if (!fw->num_relocs)
|
||||
return -EINVAL;
|
||||
|
@ -370,6 +373,19 @@ static int check_register(struct host1x_firewall *fw, unsigned long offset)
|
|||
return 0;
|
||||
}
|
||||
|
||||
static int check_class(struct host1x_firewall *fw, u32 class)
|
||||
{
|
||||
if (!fw->job->is_valid_class) {
|
||||
if (fw->class != class)
|
||||
return -EINVAL;
|
||||
} else {
|
||||
if (!fw->job->is_valid_class(fw->class))
|
||||
return -EINVAL;
|
||||
}
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
static int check_mask(struct host1x_firewall *fw)
|
||||
{
|
||||
u32 mask = fw->mask;
|
||||
|
@ -443,11 +459,9 @@ static int validate(struct host1x_firewall *fw, struct host1x_job_gather *g)
|
|||
{
|
||||
u32 *cmdbuf_base = (u32 *)fw->job->gather_copy_mapped +
|
||||
(g->offset / sizeof(u32));
|
||||
u32 job_class = fw->class;
|
||||
int err = 0;
|
||||
|
||||
if (!fw->job->is_addr_reg)
|
||||
return 0;
|
||||
|
||||
fw->words = g->words;
|
||||
fw->cmdbuf = g->bo;
|
||||
fw->offset = 0;
|
||||
|
@ -467,7 +481,9 @@ static int validate(struct host1x_firewall *fw, struct host1x_job_gather *g)
|
|||
fw->class = word >> 6 & 0x3ff;
|
||||
fw->mask = word & 0x3f;
|
||||
fw->reg = word >> 16 & 0xfff;
|
||||
err = check_mask(fw);
|
||||
err = check_class(fw, job_class);
|
||||
if (!err)
|
||||
err = check_mask(fw);
|
||||
if (err)
|
||||
goto out;
|
||||
break;
|
||||
|
|
|
@ -251,6 +251,9 @@ struct host1x_job {
|
|||
/* Check if register is marked as an address reg */
|
||||
int (*is_addr_reg)(struct device *dev, u32 reg, u32 class);
|
||||
|
||||
/* Check if class belongs to the unit */
|
||||
int (*is_valid_class)(u32 class);
|
||||
|
||||
/* Request a SETCLASS to this class */
|
||||
u32 class;
|
||||
|
||||
|
|
Loading…
Reference in a new issue