diff options
Diffstat (limited to 'meta/recipes-graphics/virglrenderer/virglrenderer')
3 files changed, 156 insertions, 0 deletions
diff --git a/meta/recipes-graphics/virglrenderer/virglrenderer/CVE-2019-18390.patch b/meta/recipes-graphics/virglrenderer/virglrenderer/CVE-2019-18390.patch new file mode 100644 index 0000000000..ad61c95be3 --- /dev/null +++ b/meta/recipes-graphics/virglrenderer/virglrenderer/CVE-2019-18390.patch | |||
@@ -0,0 +1,66 @@ | |||
1 | From 24f67de7a9088a873844a39be03cee6882260ac9 Mon Sep 17 00:00:00 2001 | ||
2 | From: Gert Wollny <gert.wollny@collabora.com> | ||
3 | Date: Mon, 7 Oct 2019 10:59:56 +0200 | ||
4 | Subject: [PATCH] vrend: check info formats in blits | ||
5 | |||
6 | Closes #141 | ||
7 | Closes #142 | ||
8 | |||
9 | v2 : drop colon in error description (Emil) | ||
10 | |||
11 | Signed-off-by: Gert Wollny <gert.wollny@collabora.com> | ||
12 | Reviewed-by: Emil Velikov <emil.velikov@collabora.com> | ||
13 | |||
14 | Upstream-Status: Backport | ||
15 | [https://gitlab.freedesktop.org/virgl/virglrenderer/commit/24f67de7a9088a873844a39be03cee6882260ac9] | ||
16 | CVE: CVE-2019-18390 | ||
17 | Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com> | ||
18 | --- | ||
19 | src/virgl_hw.h | 1 + | ||
20 | src/vrend_renderer.c | 11 +++++++++++ | ||
21 | 2 files changed, 12 insertions(+) | ||
22 | |||
23 | diff --git a/src/virgl_hw.h b/src/virgl_hw.h | ||
24 | index 145780bf..5ccf3073 100644 | ||
25 | --- a/src/virgl_hw.h | ||
26 | +++ b/src/virgl_hw.h | ||
27 | @@ -426,6 +426,7 @@ enum virgl_ctx_errors { | ||
28 | VIRGL_ERROR_CTX_ILLEGAL_CMD_BUFFER, | ||
29 | VIRGL_ERROR_CTX_GLES_HAVE_TES_BUT_MISS_TCS, | ||
30 | VIRGL_ERROR_GL_ANY_SAMPLES_PASSED, | ||
31 | + VIRGL_ERROR_CTX_ILLEGAL_FORMAT, | ||
32 | }; | ||
33 | |||
34 | #define VIRGL_RESOURCE_Y_0_TOP (1 << 0) | ||
35 | diff --git a/src/vrend_renderer.c b/src/vrend_renderer.c | ||
36 | index 14fefb38..aa6a89c1 100644 | ||
37 | --- a/src/vrend_renderer.c | ||
38 | +++ b/src/vrend_renderer.c | ||
39 | @@ -758,6 +758,7 @@ static const char *vrend_ctx_error_strings[] = { | ||
40 | [VIRGL_ERROR_CTX_ILLEGAL_CMD_BUFFER] = "Illegal command buffer", | ||
41 | [VIRGL_ERROR_CTX_GLES_HAVE_TES_BUT_MISS_TCS] = "On GLES context and shader program has tesselation evaluation shader but no tesselation control shader", | ||
42 | [VIRGL_ERROR_GL_ANY_SAMPLES_PASSED] = "Query for ANY_SAMPLES_PASSED not supported", | ||
43 | + [VIRGL_ERROR_CTX_ILLEGAL_FORMAT] = "Illegal format ID", | ||
44 | }; | ||
45 | |||
46 | static void __report_context_error(const char *fname, struct vrend_context *ctx, | ||
47 | @@ -8492,6 +8493,16 @@ void vrend_renderer_blit(struct vrend_context *ctx, | ||
48 | if (ctx->in_error) | ||
49 | return; | ||
50 | |||
51 | + if (!info->src.format || (enum virgl_formats)info->src.format >= VIRGL_FORMAT_MAX) { | ||
52 | + report_context_error(ctx, VIRGL_ERROR_CTX_ILLEGAL_FORMAT, info->src.format); | ||
53 | + return; | ||
54 | + } | ||
55 | + | ||
56 | + if (!info->dst.format || (enum virgl_formats)info->dst.format >= VIRGL_FORMAT_MAX) { | ||
57 | + report_context_error(ctx, VIRGL_ERROR_CTX_ILLEGAL_FORMAT, info->dst.format); | ||
58 | + return; | ||
59 | + } | ||
60 | + | ||
61 | if (info->render_condition_enable == false) | ||
62 | vrend_pause_render_condition(ctx, true); | ||
63 | |||
64 | -- | ||
65 | 2.24.1 | ||
66 | |||
diff --git a/meta/recipes-graphics/virglrenderer/virglrenderer/CVE-2019-18391.patch b/meta/recipes-graphics/virglrenderer/virglrenderer/CVE-2019-18391.patch new file mode 100644 index 0000000000..cc641d8293 --- /dev/null +++ b/meta/recipes-graphics/virglrenderer/virglrenderer/CVE-2019-18391.patch | |||
@@ -0,0 +1,51 @@ | |||
1 | From 2abeb1802e3c005b17a7123e382171b3fb665971 Mon Sep 17 00:00:00 2001 | ||
2 | From: Gert Wollny <gert.wollny@collabora.com> | ||
3 | Date: Tue, 8 Oct 2019 17:27:01 +0200 | ||
4 | Subject: [PATCH] vrend: check that the transfer iov holds enough data for the | ||
5 | data upload | ||
6 | |||
7 | Closes #140 | ||
8 | |||
9 | Signed-off-by: Gert Wollny <gert.wollny@collabora.com> | ||
10 | Reviewed-by: Emil Velikov <emil.velikov@collabora.com> | ||
11 | |||
12 | Upstream-Status: Backport | ||
13 | [https://gitlab.freedesktop.org/virgl/virglrenderer/commit/2abeb1802e3c005b17a7123e382171b3fb665971] | ||
14 | CVE: CVE-2019-18391 | ||
15 | Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com> | ||
16 | --- | ||
17 | src/vrend_renderer.c | 11 +++++++++-- | ||
18 | 1 file changed, 9 insertions(+), 2 deletions(-) | ||
19 | |||
20 | diff --git a/src/vrend_renderer.c b/src/vrend_renderer.c | ||
21 | index 694e1d0e..fe23846b 100644 | ||
22 | --- a/src/vrend_renderer.c | ||
23 | +++ b/src/vrend_renderer.c | ||
24 | @@ -7005,15 +7005,22 @@ static int vrend_renderer_transfer_write_iov(struct vrend_context *ctx, | ||
25 | invert = true; | ||
26 | } | ||
27 | |||
28 | + send_size = util_format_get_nblocks(res->base.format, info->box->width, | ||
29 | + info->box->height) * elsize; | ||
30 | + if (res->target == GL_TEXTURE_3D || | ||
31 | + res->target == GL_TEXTURE_2D_ARRAY || | ||
32 | + res->target == GL_TEXTURE_CUBE_MAP_ARRAY) | ||
33 | + send_size *= info->box->depth; | ||
34 | + | ||
35 | if (need_temp) { | ||
36 | - send_size = util_format_get_nblocks(res->base.format, info->box->width, | ||
37 | - info->box->height) * elsize * info->box->depth; | ||
38 | data = malloc(send_size); | ||
39 | if (!data) | ||
40 | return ENOMEM; | ||
41 | read_transfer_data(iov, num_iovs, data, res->base.format, info->offset, | ||
42 | stride, layer_stride, info->box, invert); | ||
43 | } else { | ||
44 | + if (send_size > iov[0].iov_len - info->offset) | ||
45 | + return EINVAL; | ||
46 | data = (char*)iov[0].iov_base + info->offset; | ||
47 | } | ||
48 | |||
49 | -- | ||
50 | 2.24.1 | ||
51 | |||
diff --git a/meta/recipes-graphics/virglrenderer/virglrenderer/CVE-2020-8002.patch b/meta/recipes-graphics/virglrenderer/virglrenderer/CVE-2020-8002.patch new file mode 100644 index 0000000000..925f2c8eb0 --- /dev/null +++ b/meta/recipes-graphics/virglrenderer/virglrenderer/CVE-2020-8002.patch | |||
@@ -0,0 +1,39 @@ | |||
1 | From 63bcca251f093d83da7e290ab4bbd38ae69089b5 Mon Sep 17 00:00:00 2001 | ||
2 | From: Gert Wollny <gert.wollny@collabora.com> | ||
3 | Date: Wed, 15 Jan 2020 13:43:58 +0100 | ||
4 | Subject: [PATCH] vrend: Don't try launching a grid if no CS is available | ||
5 | |||
6 | Closes #155 | ||
7 | |||
8 | Signed-off-by: Gert Wollny <gert.wollny@collabora.com> | ||
9 | Reviewed-by: Gurchetan Singh <gurchetansingh@chromium.org> | ||
10 | |||
11 | Upstream-Status: Backport | ||
12 | [https://gitlab.freedesktop.org/virgl/virglrenderer/-/commit/63bcca251f093d83da7e290ab4bbd38ae69089b5.patch] | ||
13 | CVE: CVE-2020-8002 | ||
14 | Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com> | ||
15 | --- | ||
16 | src/vrend_renderer.c | 7 +++++++ | ||
17 | 1 file changed, 7 insertions(+) | ||
18 | |||
19 | diff --git a/src/vrend_renderer.c b/src/vrend_renderer.c | ||
20 | index a054bad8..2280fc43 100644 | ||
21 | --- a/src/vrend_renderer.c | ||
22 | +++ b/src/vrend_renderer.c | ||
23 | @@ -4604,6 +4604,13 @@ void vrend_launch_grid(struct vrend_context *ctx, | ||
24 | } | ||
25 | ctx->sub->shader_dirty = true; | ||
26 | } | ||
27 | + | ||
28 | + if (!ctx->sub->prog) { | ||
29 | + vrend_printf("%s: Skipping compute shader execution due to missing shaders: %s\n", | ||
30 | + __func__, ctx->debug_name); | ||
31 | + return; | ||
32 | + } | ||
33 | + | ||
34 | vrend_use_program(ctx, ctx->sub->prog->id); | ||
35 | |||
36 | vrend_draw_bind_ubo_shader(ctx, PIPE_SHADER_COMPUTE, 0); | ||
37 | -- | ||
38 | 2.24.1 | ||
39 | |||