For a few subtypes of DRM_IOCTL_PVR_DEV_QUERY, driver was overriding
the returned size unconditionally. This would have resulted in
increase of reported size beyond the amount of data returned to
userspace when args->size < size of query structure.

Updated behaviour matches with the description of
drm_pvr_ioctl_dev_query_args.size and written byte length.
None of the structures of DRM_IOCTL_PVR_DEV_QUERY changed after addition,
so change will not break any compatibility with earlier version.

Fixes: f99f5f3ea7ef ("drm/imagination: Add GPU ID parsing and firmware loading")
Fixes: ff5f643de0bf ("drm/imagination: Add GEM and VM related code")
Signed-off-by: Brajesh Gupta <[email protected]>
Reviewed-by: Alessio Belle <[email protected]>
---
Changes in v2:
- Fixed description of commit message to be clear.
- Link to v1: 
https://lore.kernel.org/r/[email protected]
---
 drivers/gpu/drm/imagination/pvr_drv.c | 6 ++++--
 drivers/gpu/drm/imagination/pvr_vm.c  | 6 ++++--
 2 files changed, 8 insertions(+), 4 deletions(-)

diff --git a/drivers/gpu/drm/imagination/pvr_drv.c 
b/drivers/gpu/drm/imagination/pvr_drv.c
index ca3042d14253..ee86c74df0d7 100644
--- a/drivers/gpu/drm/imagination/pvr_drv.c
+++ b/drivers/gpu/drm/imagination/pvr_drv.c
@@ -515,7 +515,8 @@ pvr_dev_query_quirks_get(struct pvr_device *pvr_dev,
        if (err < 0)
                return err;
 
-       args->size = sizeof(query);
+       if (args->size > sizeof(query))
+               args->size = sizeof(query);
        return 0;
 }
 
@@ -596,7 +597,8 @@ pvr_dev_query_enhancements_get(struct pvr_device *pvr_dev,
        if (err < 0)
                return err;
 
-       args->size = sizeof(query);
+       if (args->size > sizeof(query))
+               args->size = sizeof(query);
        return 0;
 }
 
diff --git a/drivers/gpu/drm/imagination/pvr_vm.c 
b/drivers/gpu/drm/imagination/pvr_vm.c
index e1ec60f34b6e..396d349fb6ce 100644
--- a/drivers/gpu/drm/imagination/pvr_vm.c
+++ b/drivers/gpu/drm/imagination/pvr_vm.c
@@ -1019,7 +1019,8 @@ pvr_static_data_areas_get(const struct pvr_device 
*pvr_dev,
        if (err < 0)
                return err;
 
-       args->size = sizeof(query);
+       if (args->size > sizeof(query))
+               args->size = sizeof(query);
        return 0;
 }
 
@@ -1069,7 +1070,8 @@ pvr_heap_info_get(const struct pvr_device *pvr_dev,
        if (err < 0)
                return err;
 
-       args->size = sizeof(query);
+       if (args->size > sizeof(query))
+               args->size = sizeof(query);
        return 0;
 }
 

---
base-commit: 60dc0946bbad3eef8bc66a5a8b09b98dbc6e09c0
change-id: 20260629-b4-b4-query-bfc68c2c5cef

Best regards,
-- 
Brajesh Gupta <[email protected]>

Reply via email to