drm/amdgpu: validate the context id in the dependencies
authorChristian König <christian.koenig@amd.com>
Mon, 6 Jul 2015 17:42:10 +0000 (19:42 +0200)
committerAlex Deucher <alexander.deucher@amd.com>
Thu, 16 Jul 2015 16:39:38 +0000 (12:39 -0400)
Just to make sure userspace don't send nonsense to the kernel.

Signed-off-by: Christian König <christian.koenig@amd.com>
Reviewed-by: Alex Deucher <alexander.deucher@amd.com>
Reviewed-by: Jammy Zhou <Jammy.Zhou@amd.com>
drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c

index d63135bf29c0c258f72025fa6f41f34677576ec4..469b6f2364bc0be43c7e8de091e6c9c766baf0f5 100644 (file)
@@ -669,6 +669,7 @@ static int amdgpu_cs_ib_fill(struct amdgpu_device *adev,
 static int amdgpu_cs_dependencies(struct amdgpu_device *adev,
                                  struct amdgpu_cs_parser *p)
 {
+       struct amdgpu_fpriv *fpriv = p->filp->driver_priv;
        struct amdgpu_ib *ib;
        int i, j, r;
 
@@ -694,6 +695,7 @@ static int amdgpu_cs_dependencies(struct amdgpu_device *adev,
                for (j = 0; j < num_deps; ++j) {
                        struct amdgpu_fence *fence;
                        struct amdgpu_ring *ring;
+                       struct amdgpu_ctx *ctx;
 
                        r = amdgpu_cs_get_ring(adev, deps[j].ip_type,
                                               deps[j].ip_instance,
@@ -701,14 +703,21 @@ static int amdgpu_cs_dependencies(struct amdgpu_device *adev,
                        if (r)
                                return r;
 
+                       ctx = amdgpu_ctx_get(fpriv, deps[j].ctx_id);
+                       if (ctx == NULL)
+                               return -EINVAL;
+
                        r = amdgpu_fence_recreate(ring, p->filp,
                                                  deps[j].handle,
                                                  &fence);
-                       if (r)
+                       if (r) {
+                               amdgpu_ctx_put(ctx);
                                return r;
+                       }
 
                        amdgpu_sync_fence(&ib->sync, fence);
                        amdgpu_fence_unref(&fence);
+                       amdgpu_ctx_put(ctx);
                }
        }