diff options
| author | Deepak Nibade <dnibade@nvidia.com> | 2017-06-05 06:32:46 -0400 |
|---|---|---|
| committer | mobile promotions <svcmobile_promotions@nvidia.com> | 2017-06-06 11:13:43 -0400 |
| commit | 9902a49b0bc43ceb64076bce78fe8189ccd24e17 (patch) | |
| tree | 6d6df6130758443d2c1fb06443bfba1f9d218690 /drivers/gpu/nvgpu/gk20a/kind_gk20a.h | |
| parent | 793bc318c558295f8c2a0a2af3e7729dcece6208 (diff) | |
gpu: nvgpu: fix use of untrusted scalar value
Kind value can be passed to API nvgpu_vm_map() from User
space (through IOCTL NVGPU_AS_IOCTL_MAP_BUFFER_EX)
But kind value is not checked for sane values
before storing it in bfr.kind_v
And then we use this kind value as array index
in gk20a_kind_is_supported() which is incorrect
Fix this by ensuring in nvgpu_vm_map() that the
kind value is well within range
Bug 200291879
Coverity id : 2567923
Coverity id : 2567924
Change-Id: Ic57395018727cbd2260c929581db256e427316c6
Signed-off-by: Deepak Nibade <dnibade@nvidia.com>
Reviewed-on: http://git-master/r/1496597
GVS: Gerrit_Virtual_Submit
Reviewed-by: svccoveritychecker <svccoveritychecker@nvidia.com>
Reviewed-by: Terje Bergstrom <tbergstrom@nvidia.com>
Diffstat (limited to 'drivers/gpu/nvgpu/gk20a/kind_gk20a.h')
| -rw-r--r-- | drivers/gpu/nvgpu/gk20a/kind_gk20a.h | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/drivers/gpu/nvgpu/gk20a/kind_gk20a.h b/drivers/gpu/nvgpu/gk20a/kind_gk20a.h index 9dec84a5..28d5802c 100644 --- a/drivers/gpu/nvgpu/gk20a/kind_gk20a.h +++ b/drivers/gpu/nvgpu/gk20a/kind_gk20a.h | |||
| @@ -27,6 +27,7 @@ void gk20a_init_uncompressed_kind_map(void); | |||
| 27 | void gk20a_init_kind_attr(void); | 27 | void gk20a_init_kind_attr(void); |
| 28 | 28 | ||
| 29 | extern u16 gk20a_kind_attr[]; | 29 | extern u16 gk20a_kind_attr[]; |
| 30 | #define NV_KIND_ATTR_SIZE 256 | ||
| 30 | #define NV_KIND_DEFAULT -1 | 31 | #define NV_KIND_DEFAULT -1 |
| 31 | 32 | ||
| 32 | #define GK20A_KIND_ATTR_SUPPORTED BIT(0) | 33 | #define GK20A_KIND_ATTR_SUPPORTED BIT(0) |