drm/i915/cmdparser: Fix jump whitelist clearing

commit ea0b163 upstream. When a jump_whitelist bitmap is reused, it needs to be cleared. Currently this is done with memset() and the size calculation assumes bitmaps are made of 32-bit words, not longs. So on 64-bit architectures, only the first half of the bitmap is cleared. If some whitelist bits are carried over between successive batches submitted on the same context, this will presumably allow embedding the rogue instructions that we're trying to reject. Use bitmap_zero() instead, which gets the calculation right. Fixes: f8c08d8 ("drm/i915/cmdparser: Add support for backward jumps") Signed-off-by: Ben Hutchings <ben@decadent.org.uk> Signed-off-by: Jon Bloomfield <jon.bloomfield@intel.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
mariux64 · Nov 12, 2019 · 139bb57 · 139bb57
1 parent 00194ec
commit 139bb57
Showing 1 changed file with 2 additions and 3 deletions.
diff --git a/drivers/gpu/drm/i915/i915_cmd_parser.c b/drivers/gpu/drm/i915/i915_cmd_parser.c
@@ -1374,7 +1374,7 @@ static void init_whitelist(struct i915_gem_context *ctx, u32 batch_len)
 		return;
 
 	if (batch_cmds <= ctx->jump_whitelist_cmds) {
-		memset(ctx->jump_whitelist, 0, exact_size * sizeof(u32));
+		bitmap_zero(ctx->jump_whitelist, batch_cmds);
 		return;
 	}
 
@@ -1394,8 +1394,7 @@ static void init_whitelist(struct i915_gem_context *ctx, u32 batch_len)
 	}
 
 	DRM_DEBUG("CMD: Failed to extend whitelist. BB_START may be disallowed\n");
-	memset(ctx->jump_whitelist, 0,
-	       BITS_TO_LONGS(ctx->jump_whitelist_cmds) * sizeof(u32));
+	bitmap_zero(ctx->jump_whitelist, ctx->jump_whitelist_cmds);
 
 	return;
 }