drm/vmwgfx: Protect from excessive execbuf kernel memory allocations v3

With the new validation code, a malicious user-space app could potentially submit command streams with enough buffer-object and resource references in them to have the resulting allocated validion nodes and relocations make the kernel run out of GFP_KERNEL memory. Protect from this by having the validation code reserve TTM graphics memory when allocating. Signed-off-by: Thomas Hellstrom <thellstrom@vmware.com> Reviewed-by: Deepak Rawat <drawat@vmware.com> --- v2: Removed leftover debug printouts
author: Thomas Hellstrom <thellstrom@vmware.com> 2018-12-12 13:52:08 +0300
committer: Thomas Hellstrom <thellstrom@vmware.com> 2018-12-13 15:04:25 +0300
commit: fd567467753fac9f9f477550065018e7f4e3c8f3 (patch)
tree: 110744e9652bfbc00018fa572add924df2ca7ee0 /drivers/gpu/drm/vmwgfx/vmwgfx_execbuf.c
parent: e06d45d8c165a0b1a7aaa1b794c78d2db911c8f6 (diff)
download: linux-fd567467753fac9f9f477550065018e7f4e3c8f3.tar.xz
1 files changed, 2 insertions, 0 deletions
diff --git a/drivers/gpu/drm/vmwgfx/vmwgfx_execbuf.c b/drivers/gpu/drm/vmwgfx/vmwgfx_execbuf.c
index 260650bb5560..f2d13a72c05d 100644
--- a/drivers/gpu/drm/vmwgfx/vmwgfx_execbuf.c
+++ b/drivers/gpu/drm/vmwgfx/vmwgfx_execbuf.c
@@ -3835,6 +3835,8 @@ int vmw_execbuf_process(struct drm_file *file_priv,
 	struct sync_file *sync_file = NULL;
 	DECLARE_VAL_CONTEXT(val_ctx, &sw_context->res_ht, 1);
 
+	vmw_validation_set_val_mem(&val_ctx, &dev_priv->vvm);
+
 	if (flags & DRM_VMW_EXECBUF_FLAG_EXPORT_FENCE_FD) {
 		out_fence_fd = get_unused_fd_flags(O_CLOEXEC);
 		if (out_fence_fd < 0) {
author	Thomas Hellstrom <thellstrom@vmware.com>	2018-12-12 13:52:08 +0300
committer	Thomas Hellstrom <thellstrom@vmware.com>	2018-12-13 15:04:25 +0300
commit	fd567467753fac9f9f477550065018e7f4e3c8f3 (patch)
tree	110744e9652bfbc00018fa572add924df2ca7ee0 /drivers/gpu/drm/vmwgfx/vmwgfx_execbuf.c
parent	e06d45d8c165a0b1a7aaa1b794c78d2db911c8f6 (diff)
download	linux-fd567467753fac9f9f477550065018e7f4e3c8f3.tar.xz