From a0ae165cc3f8a7e254ce2a4119703d1a70a52846 Mon Sep 17 00:00:00 2001
From: Ping Li <pingli@codeaurora.org>
Date: Sun, 25 Oct 2020 23:00:59 -0700
Subject: [PATCH] msm: sde: prevent illegal register access

If event register is called from LA VM when the HW is owned by trusted
VM, it will lead to a crash. This change adds checks to prevent illegal
register access when the HW is not owned by LA VM.

Change-Id: Ib4d956fdce4b5aae41e765d7355082c5e233efe2
Signed-off-by: Ping Li <pingli@codeaurora.org>
---
 msm/sde/sde_kms.c | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/msm/sde/sde_kms.c b/msm/sde/sde_kms.c
index 8e5fe0c258..7a568a5477 100644
--- a/msm/sde/sde_kms.c
+++ b/msm/sde/sde_kms.c
@@ -4522,6 +4522,7 @@ static int _sde_kms_register_events(struct msm_kms *kms,
 	struct drm_crtc *crtc = NULL;
 	struct drm_connector *conn = NULL;
 	struct sde_kms *sde_kms = NULL;
+	struct sde_vm_ops *vm_ops;
 
 	if (!kms || !obj) {
 		SDE_ERROR("invalid argument kms %pK obj %pK\n", kms, obj);
@@ -4529,6 +4530,14 @@ static int _sde_kms_register_events(struct msm_kms *kms,
 	}
 
 	sde_kms = to_sde_kms(kms);
+	vm_ops = sde_vm_get_ops(sde_kms);
+	sde_vm_lock(sde_kms);
+	if (vm_ops && vm_ops->vm_owns_hw && !vm_ops->vm_owns_hw(sde_kms)) {
+		sde_vm_unlock(sde_kms);
+		DRM_INFO("HW is owned by other VM\n");
+		return -EACCES;
+	}
+
 	switch (obj->type) {
 	case DRM_MODE_OBJECT_CRTC:
 		crtc = obj_to_crtc(obj);
@@ -4541,6 +4550,7 @@ static int _sde_kms_register_events(struct msm_kms *kms,
 		break;
 	}
 
+	sde_vm_unlock(sde_kms);
 	return ret;
 }