diff options
Diffstat (limited to 'jacinto6/sgx_src/eurasia_km/services4/srvkm/devices/sgx/sgxutils.c')
| -rw-r--r-- | jacinto6/sgx_src/eurasia_km/services4/srvkm/devices/sgx/sgxutils.c | 35 |
1 files changed, 35 insertions, 0 deletions
diff --git a/jacinto6/sgx_src/eurasia_km/services4/srvkm/devices/sgx/sgxutils.c b/jacinto6/sgx_src/eurasia_km/services4/srvkm/devices/sgx/sgxutils.c index bce7945..6ca6bc2 100644 --- a/jacinto6/sgx_src/eurasia_km/services4/srvkm/devices/sgx/sgxutils.c +++ b/jacinto6/sgx_src/eurasia_km/services4/srvkm/devices/sgx/sgxutils.c @@ -1100,6 +1100,7 @@ IMG_HANDLE SGXRegisterHWRenderContextKM(IMG_HANDLE hDeviceNode, IMG_UINT8 *pDst; PRESMAN_ITEM psResItem; IMG_UINT32 ui32PDDevPAddrInDirListFormat; + IMG_UINT8 *pStartPDDevPAddr, *pEndPDDevPAddr; eError = OSAllocMem(PVRSRV_OS_PAGEABLE_HEAP, sizeof(SGX_HW_RENDER_CONTEXT_CLEANUP), @@ -1135,6 +1136,16 @@ IMG_HANDLE SGXRegisterHWRenderContextKM(IMG_HANDLE hDeviceNode, PVR_DPF((PVR_DBG_ERROR, "SGXRegisterHWRenderContextKM: Couldn't allocate device memory for HW Render Context")); goto exit1; } + /* Ensure that the offset of Page directory dev physical address field is within the allocated context memory */ + pStartPDDevPAddr = (IMG_UINT8 *)(psCleanup->psHWRenderContextMemInfo->pvLinAddrKM) + ui32OffsetToPDDevPAddr; + pEndPDDevPAddr = pStartPDDevPAddr + sizeof(ui32PDDevPAddrInDirListFormat) - 1; + + if (pStartPDDevPAddr < (IMG_UINT8 *)psCleanup->psHWRenderContextMemInfo->pvLinAddrKM || + pEndPDDevPAddr >= (IMG_UINT8 *)(psCleanup->psHWRenderContextMemInfo->pvLinAddrKM) + ui32HWRenderContextSize) + { + PVR_DPF((PVR_DBG_ERROR, "SGXRegisterHWRenderContextKM: Offset of page directory device physical address is invalid")); + goto exit2; + } eError = OSCopyFromUser(psPerProc, psCleanup->psHWRenderContextMemInfo->pvLinAddrKM, @@ -1287,6 +1298,7 @@ IMG_HANDLE SGXRegisterHWTransferContextKM(IMG_HANDLE hDeviceNode, IMG_UINT8 *pDst; PRESMAN_ITEM psResItem; IMG_UINT32 ui32PDDevPAddrInDirListFormat; + IMG_UINT8 *pStartPDDevPAddr, *pEndPDDevPAddr; eError = OSAllocMem(PVRSRV_OS_PAGEABLE_HEAP, sizeof(SGX_HW_TRANSFER_CONTEXT_CLEANUP), @@ -1324,6 +1336,17 @@ IMG_HANDLE SGXRegisterHWTransferContextKM(IMG_HANDLE hDeviceNode, goto exit1; } + /* Ensure that the offset of Page directory dev physical address field is within the allocated context memory */ + pStartPDDevPAddr = (IMG_UINT8 *)(psCleanup->psHWTransferContextMemInfo->pvLinAddrKM) + ui32OffsetToPDDevPAddr; + pEndPDDevPAddr = pStartPDDevPAddr + sizeof(ui32PDDevPAddrInDirListFormat) - 1; + + if (pStartPDDevPAddr < (IMG_UINT8 *)psCleanup->psHWTransferContextMemInfo->pvLinAddrKM || + pEndPDDevPAddr >= (IMG_UINT8 *)(psCleanup->psHWTransferContextMemInfo->pvLinAddrKM) + ui32HWTransferContextSize) + { + PVR_DPF((PVR_DBG_ERROR, "SGXRegisterHWTransferContextKM: Offset of page directory device physical address is invalid")); + goto exit2; + } + eError = OSCopyFromUser(psPerProc, psCleanup->psHWTransferContextMemInfo->pvLinAddrKM, psHWTransferContextCpuVAddr, @@ -1628,6 +1651,7 @@ IMG_HANDLE SGXRegisterHW2DContextKM(IMG_HANDLE hDeviceNode, IMG_UINT8 *pDst; PRESMAN_ITEM psResItem; IMG_UINT32 ui32PDDevPAddrInDirListFormat; + IMG_UINT8 *pStartPDDevPAddr, *pEndPDDevPAddr; eError = OSAllocMem(PVRSRV_OS_PAGEABLE_HEAP, sizeof(SGX_HW_2D_CONTEXT_CLEANUP), @@ -1664,6 +1688,17 @@ IMG_HANDLE SGXRegisterHW2DContextKM(IMG_HANDLE hDeviceNode, goto exit1; } + /* Ensure that the offset of Page directory dev physical address field is within the allocated context memory */ + pStartPDDevPAddr = (IMG_UINT8 *)(psCleanup->psHW2DContextMemInfo->pvLinAddrKM) + ui32OffsetToPDDevPAddr; + pEndPDDevPAddr = pStartPDDevPAddr + sizeof(ui32PDDevPAddrInDirListFormat) - 1; + + if (pStartPDDevPAddr < (IMG_UINT8 *)psCleanup->psHW2DContextMemInfo->pvLinAddrKM || + pEndPDDevPAddr >= (IMG_UINT8 *)(psCleanup->psHW2DContextMemInfo->pvLinAddrKM) + ui32HW2DContextSize) + { + PVR_DPF((PVR_DBG_ERROR, "SGXRegisterHWTransferContextKM: Offset of page directory device physical address is invalid")); + goto exit2; + } + eError = OSCopyFromUser(psPerProc, psCleanup->psHW2DContextMemInfo->pvLinAddrKM, psHW2DContextCpuVAddr, |