From c7726fd7d34d352dbe69a18f3ae6306fc335d625 Mon Sep 17 00:00:00 2001 From: Arvind M Date: Tue, 9 Aug 2022 22:50:06 +0530 Subject: [PATCH] nvdla: kmd: fix upper bound check on fence limit 1. In Linux, MAX_NVDLA_*FENCES_PER_TASK is not same as that of MAX_NVDLA_EMU_*FENCES_PER_TASK. So there is an issue of buffer overflow during copy_from_user. 2. This commit fixes the issue by making use of EMU limits as the upper bound. Bug 3613311 Change-Id: Ibfcc7e871aea0b44576a690c60491777a4752003 Signed-off-by: Arvind M Reviewed-on: https://git-master.nvidia.com/r/c/linux-nvidia/+/2758528 Reviewed-by: svcacv Reviewed-by: svc_kernel_abi Reviewed-by: svc-mobile-coverity Reviewed-by: svc-mobile-cert Reviewed-by: Gunjan Mehta Reviewed-by: Amit Sharma (SW-TEGRA) Reviewed-by: Praveen K GVS: Gerrit_Virtual_Submit --- drivers/video/tegra/host/nvdla/nvdla_ioctl.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/drivers/video/tegra/host/nvdla/nvdla_ioctl.c b/drivers/video/tegra/host/nvdla/nvdla_ioctl.c index 02913016..75278ef4 100644 --- a/drivers/video/tegra/host/nvdla/nvdla_ioctl.c +++ b/drivers/video/tegra/host/nvdla/nvdla_ioctl.c @@ -896,18 +896,18 @@ static int nvdla_emu_task_submit(struct nvdla_private *priv, void *arg) nvdla_dbg_info(pdev, "submit [%d]th task", i + 1); - if (local_task.num_prefences > MAX_NVDLA_PREFENCES_PER_TASK) { + if (local_task.num_prefences > MAX_NVDLA_EMU_PREFENCES_PER_TASK) { nvdla_dbg_err(pdev, "#prefences[%u] > expected[%d]\n", local_task.num_prefences, - MAX_NVDLA_PREFENCES_PER_TASK); + MAX_NVDLA_EMU_PREFENCES_PER_TASK); err = -EINVAL; goto exit; } - if (local_task.num_postfences > MAX_NVDLA_POSTFENCES_PER_TASK) { + if (local_task.num_postfences > MAX_NVDLA_EMU_POSTFENCES_PER_TASK) { nvdla_dbg_err(pdev, "#postfences[%u] > expected[%d]\n", local_task.num_postfences, - MAX_NVDLA_POSTFENCES_PER_TASK); + MAX_NVDLA_EMU_POSTFENCES_PER_TASK); err = -EINVAL; goto exit; }