From b91f57d93338c7f897bce5c570dd1dd07eef4f6c Mon Sep 17 00:00:00 2001 From: shashank singh Date: Wed, 17 Feb 2021 16:52:20 +0530 Subject: [PATCH] gpu: nvgpu: remove assert in devctl processing path Asserting in the path of devctl processing is not safe here because incompr_kind can be passed out of range by a malicious app and it will cause nvgpu-rm to crash. Instead return error in case of out of range value. Jira NVGPU-6496 Change-Id: I9c3264776110f606a67f27ce7b01fdce82aa3021 Signed-off-by: shashank singh Reviewed-on: https://git-master.nvidia.com/r/c/linux-nvgpu/+/2485752 (cherry picked from commit 689054d65fff2c61b9f1d413eef4a44a5f27fc54) Reviewed-on: https://git-master.nvidia.com/r/c/linux-nvgpu/+/2492290 Tested-by: mobile promotions Reviewed-by: mobile promotions --- drivers/gpu/nvgpu/common/mm/vm.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/drivers/gpu/nvgpu/common/mm/vm.c b/drivers/gpu/nvgpu/common/mm/vm.c index 804323608..565acf2db 100644 --- a/drivers/gpu/nvgpu/common/mm/vm.c +++ b/drivers/gpu/nvgpu/common/mm/vm.c @@ -1295,13 +1295,12 @@ static int nvgpu_vm_do_map(struct vm_gk20a *vm, binfo_ptr->ctag_offset = ctag_offset; } else #endif - if (binfo_ptr->incompr_kind != NVGPU_KIND_INVALID) { + if ((binfo_ptr->incompr_kind >= 0) && + (binfo_ptr->incompr_kind <= (s16)U8_MAX)) { /* * Incompressible kind, ctag offset will not be programmed */ ctag_offset = 0; - nvgpu_assert((binfo_ptr->incompr_kind >= 0) && - (binfo_ptr->incompr_kind <= (s16)U8_MAX)); pte_kind = (u8)binfo_ptr->incompr_kind; } else { /*