| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20200121114553.2667556-1-arnd@arndb.de>
Date: Tue, 21 Jan 2020 12:45:25 +0100
From: Arnd Bergmann <arnd@...db.de>
To: Lucas Stach <l.stach@...gutronix.de>
Cc: Arnd Bergmann <arnd@...db.de>,
Guido Günther <agx@...xcpu.org>,
Russell King <linux+etnaviv@...linux.org.uk>,
Christian Gmeiner <christian.gmeiner@...il.com>,
David Airlie <airlied@...ux.ie>,
Daniel Vetter <daniel@...ll.ch>,
Philipp Zabel <p.zabel@...gutronix.de>,
Sam Ravnborg <sam@...nborg.org>, Rob Herring <robh@...nel.org>,
Emil Velikov <emil.velikov@...labora.com>,
etnaviv@...ts.freedesktop.org, dri-devel@...ts.freedesktop.org,
linux-kernel@...r.kernel.org
Subject: [PATCH] drm/etnaviv: only reject timeouts with tv_nsec >= 2 seconds
As Guido Günther reported, get_abs_timeout() in the etnaviv user space
sometimes passes timeouts with nanosecond values larger than 1000000000,
which gets rejected after my first patch.
To avoid breaking this, while also not allowing completely arbitrary
values, set the limit to 1999999999 and use set_normalized_timespec64()
to get the correct format before comparing it.
This also addresses the off-by-1 glitch reported by Ben Hutchings.
Fixes: 172a216ff334 ("drm/etnaviv: reject timeouts with tv_nsec >= NSEC_PER_SEC")
Cc: Guido Günther <agx@...xcpu.org>
Link: https://patchwork.kernel.org/patch/11291089/
Signed-off-by: Arnd Bergmann <arnd@...db.de>
---
drivers/gpu/drm/etnaviv/etnaviv_drv.c | 10 +++++++---
drivers/gpu/drm/etnaviv/etnaviv_drv.h | 6 ++----
2 files changed, 9 insertions(+), 7 deletions(-)
diff --git a/drivers/gpu/drm/etnaviv/etnaviv_drv.c b/drivers/gpu/drm/etnaviv/etnaviv_drv.c
index 3eb0f9223bea..d94740c123d3 100644
--- a/drivers/gpu/drm/etnaviv/etnaviv_drv.c
+++ b/drivers/gpu/drm/etnaviv/etnaviv_drv.c
@@ -292,7 +292,11 @@ static int etnaviv_ioctl_gem_cpu_prep(struct drm_device *dev, void *data,
if (args->op & ~(ETNA_PREP_READ | ETNA_PREP_WRITE | ETNA_PREP_NOSYNC))
return -EINVAL;
- if (args->timeout.tv_nsec > NSEC_PER_SEC)
+ /*
+ * existing user space passes non-normalized timespecs, but never
+ * more than 2 seconds worth of nanoseconds
+ */
+ if (args->timeout.tv_nsec >= (2 * NSEC_PER_SEC))
return -EINVAL;
obj = drm_gem_object_lookup(file, args->handle);
@@ -358,7 +362,7 @@ static int etnaviv_ioctl_wait_fence(struct drm_device *dev, void *data,
if (args->flags & ~(ETNA_WAIT_NONBLOCK))
return -EINVAL;
- if (args->timeout.tv_nsec > NSEC_PER_SEC)
+ if (args->timeout.tv_nsec >= (2 * NSEC_PER_SEC))
return -EINVAL;
if (args->pipe >= ETNA_MAX_PIPES)
@@ -412,7 +416,7 @@ static int etnaviv_ioctl_gem_wait(struct drm_device *dev, void *data,
if (args->flags & ~(ETNA_WAIT_NONBLOCK))
return -EINVAL;
- if (args->timeout.tv_nsec > NSEC_PER_SEC)
+ if (args->timeout.tv_nsec >= (2 * NSEC_PER_SEC))
return -EINVAL;
if (args->pipe >= ETNA_MAX_PIPES)
diff --git a/drivers/gpu/drm/etnaviv/etnaviv_drv.h b/drivers/gpu/drm/etnaviv/etnaviv_drv.h
index efc656efeb0f..3e47050af706 100644
--- a/drivers/gpu/drm/etnaviv/etnaviv_drv.h
+++ b/drivers/gpu/drm/etnaviv/etnaviv_drv.h
@@ -109,12 +109,10 @@ static inline size_t size_vstruct(size_t nelem, size_t elem_size, size_t base)
static inline unsigned long etnaviv_timeout_to_jiffies(
const struct drm_etnaviv_timespec *timeout)
{
- struct timespec64 ts, to = {
- .tv_sec = timeout->tv_sec,
- .tv_nsec = timeout->tv_nsec,
- };
+ struct timespec64 ts, to;
ktime_get_ts64(&ts);
+ set_normalized_timespec64(&to, timeout->tv_sec, timeout->tv_nsec);
/* timeouts before "now" have already expired */
if (timespec64_compare(&to, &ts) <= 0)
--
2.25.0
Powered by blists - more mailing lists