From: Christian König <christian.koenig@amd.com>
Date: Mon, 6 Jul 2015 17:42:10 +0000 (+0200)
Subject: drm/amdgpu: validate the context id in the dependencies
X-Git-Url: https://git.stricted.de/?a=commitdiff_plain;h=76a1ea618f01b2bf5a325832d1c273c039c4ea81;p=GitHub%2Fmoto-9609%2Fandroid_kernel_motorola_exynos9610.git

drm/amdgpu: validate the context id in the dependencies

Just to make sure userspace don't send nonsense to the kernel.

Signed-off-by: Christian König <christian.koenig@amd.com>
Reviewed-by: Alex Deucher <alexander.deucher@amd.com>
Reviewed-by: Jammy Zhou <Jammy.Zhou@amd.com>
---

diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c b/drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c
index d63135bf29c0..469b6f2364bc 100644
--- a/drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c
+++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c
@@ -669,6 +669,7 @@ static int amdgpu_cs_ib_fill(struct amdgpu_device *adev,
 static int amdgpu_cs_dependencies(struct amdgpu_device *adev,
 				  struct amdgpu_cs_parser *p)
 {
+	struct amdgpu_fpriv *fpriv = p->filp->driver_priv;
 	struct amdgpu_ib *ib;
 	int i, j, r;
 
@@ -694,6 +695,7 @@ static int amdgpu_cs_dependencies(struct amdgpu_device *adev,
 		for (j = 0; j < num_deps; ++j) {
 			struct amdgpu_fence *fence;
 			struct amdgpu_ring *ring;
+			struct amdgpu_ctx *ctx;
 
 			r = amdgpu_cs_get_ring(adev, deps[j].ip_type,
 					       deps[j].ip_instance,
@@ -701,14 +703,21 @@ static int amdgpu_cs_dependencies(struct amdgpu_device *adev,
 			if (r)
 				return r;
 
+			ctx = amdgpu_ctx_get(fpriv, deps[j].ctx_id);
+			if (ctx == NULL)
+				return -EINVAL;
+
 			r = amdgpu_fence_recreate(ring, p->filp,
 						  deps[j].handle,
 						  &fence);
-			if (r)
+			if (r) {
+				amdgpu_ctx_put(ctx);
 				return r;
+			}
 
 			amdgpu_sync_fence(&ib->sync, fence);
 			amdgpu_fence_unref(&fence);
+			amdgpu_ctx_put(ctx);
 		}
 	}