gpu: nvgpu: remove assert in devctl processing path

Asserting in the path of devctl processing is not safe here because incompr_kind can be passed out of range by a malicious app and it will cause nvgpu-rm to crash. Instead return error in case of out of range value. Jira NVGPU-6496 Change-Id: I9c3264776110f606a67f27ce7b01fdce82aa3021 Signed-off-by: shashank singh <shashsingh@nvidia.com> Reviewed-on: https://git-master.nvidia.com/r/c/linux-nvgpu/+/2485752 (cherry picked from commit 689054d65fff2c61b9f1d413eef4a44a5f27fc54) Reviewed-on: https://git-master.nvidia.com/r/c/linux-nvgpu/+/2492290 Tested-by: mobile promotions <svcmobile_promotions@nvidia.com> Reviewed-by: mobile promotions <svcmobile_promotions@nvidia.com>
2025-12-23 18:16:01 +03:00 · 2021-02-17 16:52:20 +05:30
parent 625d942c52
commit b91f57d933
1 changed files with 2 additions and 3 deletions
--- a/drivers/gpu/nvgpu/common/mm/vm.c
+++ b/drivers/gpu/nvgpu/common/mm/vm.c
@@ -1295,13 +1295,12 @@ static int nvgpu_vm_do_map(struct vm_gk20a *vm,
 		binfo_ptr->ctag_offset = ctag_offset;
 	} else
 #endif
-	if (binfo_ptr->incompr_kind != NVGPU_KIND_INVALID) {
+	if ((binfo_ptr->incompr_kind >= 0) &&
+			(binfo_ptr->incompr_kind <= (s16)U8_MAX)) {
 		/*
 		 * Incompressible kind, ctag offset will not be programmed
 		 */
 		ctag_offset = 0;
-		nvgpu_assert((binfo_ptr->incompr_kind >= 0) &&
-				(binfo_ptr->incompr_kind <= (s16)U8_MAX));
 		pte_kind = (u8)binfo_ptr->incompr_kind;
 	} else {
 		/*