mirror of
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
synced 2024-09-14 06:35:12 +00:00
6dfa2fab8d
Currently we allow rediculous amounts of kernel memory being allocated via the etnaviv GEM_SUBMIT ioctl, which is a pretty easy DoS vector. Put some reasonable limits in to fix this. The commandstream size is limited to 64KB, which was already a soft limit on older kernels after which the kernel only took submits on a best effort base, so there is no userspace that tries to submit commandstreams larger than this. Even if the whole commandstream is a single incrementing address load, the size limit also limits the number of potential relocs and referenced buffers to slightly under 64K, so use the same limit for those arguments. The performance monitoring infrastructure currently supports less than 50 performance counter signals, so limiting them to 128 on a single submit seems like a reasonably future-proof number for now. This number can be bumped if needed without breaking the interface. Cc: stable@vger.kernel.org Reported-by: Dan Carpenter <dan.carpenter@oracle.com> Signed-off-by: Lucas Stach <l.stach@pengutronix.de> Reviewed-by: Christian Gmeiner <christian.gmeiner@gmail.com> |
||
|---|---|---|
| .. | ||
| cmdstream.xml.h | ||
| common.xml.h | ||
| etnaviv_buffer.c | ||
| etnaviv_cmd_parser.c | ||
| etnaviv_cmdbuf.c | ||
| etnaviv_cmdbuf.h | ||
| etnaviv_drv.c | ||
| etnaviv_drv.h | ||
| etnaviv_dump.c | ||
| etnaviv_dump.h | ||
| etnaviv_gem.c | ||
| etnaviv_gem.h | ||
| etnaviv_gem_prime.c | ||
| etnaviv_gem_submit.c | ||
| etnaviv_gpu.c | ||
| etnaviv_gpu.h | ||
| etnaviv_hwdb.c | ||
| etnaviv_iommu.c | ||
| etnaviv_iommu_v2.c | ||
| etnaviv_mmu.c | ||
| etnaviv_mmu.h | ||
| etnaviv_perfmon.c | ||
| etnaviv_perfmon.h | ||
| etnaviv_sched.c | ||
| etnaviv_sched.h | ||
| Kconfig | ||
| Makefile | ||
| state.xml.h | ||
| state_3d.xml.h | ||
| state_blt.xml.h | ||
| state_hi.xml.h | ||