From 067b7d7c67865d695adb42e5cff914aa38c29e4a Mon Sep 17 00:00:00 2001
From: Alexander Boettcher <alexander.boettcher@genode-labs.com>
Date: Fri, 25 Jun 2021 16:23:46 +0200
Subject: [PATCH] gpu/intel: deny virtual address above 1 << 48

commit avoids memory corruption in the ppgtt page insertion code

Issue #4148 #4233
---
 repos/os/src/drivers/gpu/intel/ppgtt.h | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/repos/os/src/drivers/gpu/intel/ppgtt.h b/repos/os/src/drivers/gpu/intel/ppgtt.h
index d52c2a8663..7faaefac42 100644
--- a/repos/os/src/drivers/gpu/intel/ppgtt.h
+++ b/repos/os/src/drivers/gpu/intel/ppgtt.h
@@ -226,6 +226,7 @@ class Genode::Level_4_translation_table
 		static constexpr size_t PAGE_MASK      = ~((1UL << PAGE_SIZE_LOG2) - 1);
 
 		class Misaligned {};
+		class Invalid_address {};
 		class Invalid_range {};
 		class Double_insertion {};
 
@@ -309,6 +310,9 @@ class Genode::Level_4_translation_table
 				addr_t end = (vo + PAGE_SIZE) & PAGE_MASK;
 				size_t sz  = min(size, end-vo);
 
+				if (i >= MAX_ENTRIES)
+					throw Invalid_address();
+
 				func(vo, pa, sz, _entries[i]);
 
 				/* check whether we wrap */
@@ -398,6 +402,7 @@ class Genode::Page_directory
 		static constexpr size_t PAGE_MASK   = ~((1UL << PAGE_SIZE_LOG2) - 1);
 
 		class Misaligned {};
+		class Invalid_address {};
 		class Invalid_range {};
 		class Double_insertion {};
 
@@ -563,6 +568,9 @@ class Genode::Page_directory
 				addr_t end = (vo + PAGE_SIZE) & PAGE_MASK;
 				size_t sz  = min(size, end-vo);
 
+				if (i >= MAX_ENTRIES)
+					throw Invalid_address();
+
 				func(vo, pa, sz, _entries[i]);
 
 				/* check whether we wrap */
@@ -649,6 +657,7 @@ class Genode::Pml4_table
 		static constexpr uint64_t PAGE_MASK    = ~((1ULL << PAGE_SIZE_LOG2) - 1);
 
 		class Misaligned {};
+		class Invalid_address {};
 		class Invalid_range {};
 
 		struct Descriptor : Common_descriptor
@@ -746,9 +755,13 @@ class Genode::Pml4_table
 		{
 			for (size_t i = vo >> PAGE_SIZE_LOG2; size > 0;
 			     i = vo >> PAGE_SIZE_LOG2) {
+
 				addr_t const end = (vo + PAGE_SIZE) & PAGE_MASK;
 				size_t const sz  = min(size, end-vo);
 
+				if (i >= MAX_ENTRIES)
+					throw Invalid_address();
+
 				func(vo, pa, sz, _entries[i]);
 
 				/* check whether we wrap */