RedDoesStuff/eden
1
0
Fork 0
forked from eden-emu/eden
Code Pull requests Activity

[core/nvdrv] Fix Random Unmap Memory Access

Browse source
This commit is contained in:
SDK Chan 2025-08-01 19:00:28 +00:00
parent 6fd10fd85e
commit 98454aea5a
2 changed files with 12 additions and 10 deletions
Download patch file Download diff file Expand all files Collapse all files

10
src/core/hle/service/nvdrv/devices/nvhost_as_gpu.cpp
View file

@ -312,7 +312,7 @@ NvResult nvhost_as_gpu::Remap(std::span<IoctlRemapEntry> entries) {
NvResult nvhost_as_gpu::MapBufferEx(IoctlMapBufferEx& params) { NvResult nvhost_as_gpu::MapBufferEx(IoctlMapBufferEx& params) {
LOG_DEBUG(Service_NVDRV, LOG_DEBUG(Service_NVDRV,
"called, flags={:X}, nvmap_handle={:X}, buffer_offset={}, mapping_size={}" "called, flags={:X}, nvmap_handle={:X}, buffer_offset={}, mapping_size={}"
", offset={}", ", offset=0x{:X}",
params.flags, params.handle, params.buffer_offset, params.mapping_size, params.flags, params.handle, params.buffer_offset, params.mapping_size,
params.offset); params.offset);
@ -406,10 +406,13 @@ NvResult nvhost_as_gpu::MapBufferEx(IoctlMapBufferEx& params) {
mapping_map[params.offset] = mapping; mapping_map[params.offset] = mapping;
} }
buffer_offsets.insert(params.offset);
return NvResult::Success; return NvResult::Success;
} }
NvResult nvhost_as_gpu::UnmapBuffer(IoctlUnmapBuffer& params) { NvResult nvhost_as_gpu::UnmapBuffer(IoctlUnmapBuffer& params) {
if (buffer_offsets.find(params.offset) != buffer_offsets.end()) {
LOG_DEBUG(Service_NVDRV, "called, offset=0x{:X}", params.offset); LOG_DEBUG(Service_NVDRV, "called, offset=0x{:X}", params.offset);
std::scoped_lock lock(mutex); std::scoped_lock lock(mutex);
@ -418,7 +421,6 @@ NvResult nvhost_as_gpu::UnmapBuffer(IoctlUnmapBuffer& params) {
return NvResult::BadValue; return NvResult::BadValue;
} }
try {
auto mapping{mapping_map.at(params.offset)}; auto mapping{mapping_map.at(params.offset)};
if (!mapping->fixed) { if (!mapping->fixed) {
@ -440,10 +442,8 @@ NvResult nvhost_as_gpu::UnmapBuffer(IoctlUnmapBuffer& params) {
nvmap.UnpinHandle(mapping->handle); nvmap.UnpinHandle(mapping->handle);
mapping_map.erase(params.offset); mapping_map.erase(params.offset);
} catch (const std::out_of_range&) { buffer_offsets.erase(params.offset);
LOG_WARNING(Service_NVDRV, "Couldn't find region to unmap at 0x{:X}", params.offset);
} }
return NvResult::Success; return NvResult::Success;
} }

2
src/core/hle/service/nvdrv/devices/nvhost_as_gpu.h
View file

@ -10,6 +10,7 @@
#include <memory> #include <memory>
#include <mutex> #include <mutex>
#include <optional> #include <optional>
#include <unordered_set>
#include <vector> #include <vector>
#include "common/address_space.h" #include "common/address_space.h"
@ -109,6 +110,7 @@ private:
}; };
static_assert(sizeof(IoctlRemapEntry) == 20, "IoctlRemapEntry is incorrect size"); static_assert(sizeof(IoctlRemapEntry) == 20, "IoctlRemapEntry is incorrect size");
std::unordered_set<s64_le> buffer_offsets{};
struct IoctlMapBufferEx { struct IoctlMapBufferEx {
MappingFlags flags{}; // bit0: fixed_offset, bit2: cacheable MappingFlags flags{}; // bit0: fixed_offset, bit2: cacheable
u32_le kind{}; // -1 is default u32_le kind{}; // -1 is default