projects / GitHub / moto-9609 / android_kernel_motorola_exynos9610.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: ba004e3)
drm: Detect overflow in drm_mm_reserve_node()
authorChris Wilson <chris@chris-wilson.co.uk>
Thu, 22 Dec 2016 08:36:26 +0000 (08:36 +0000)
committerDaniel Vetter <daniel.vetter@ffwll.ch>
Tue, 27 Dec 2016 13:16:59 +0000 (14:16 +0100)
Protect ourselves from a caller passing in node.start + node.size that
will overflow and trick us into reserving that node.

Signed-off-by: Chris Wilson <chris@chris-wilson.co.uk>
Reviewed-by: Joonas Lahtinen <joonas.lahtinen@linux.intel.com>
Signed-off-by: Daniel Vetter <daniel.vetter@ffwll.ch>
Link: http://patchwork.freedesktop.org/patch/msgid/20161222083641.2691-24-chris@chris-wilson.co.uk
drivers/gpu/drm/drm_mm.c patch | blob | blame | history

diff --git a/drivers/gpu/drm/drm_mm.c b/drivers/gpu/drm/drm_mm.c
index 767cfd05c628323527215dce11b961f76254fad9..370cb8ee91c9d51c3c19726a19162547b552c0ad 100644 (file)
--- a/drivers/gpu/drm/drm_mm.c
+++ b/drivers/gpu/drm/drm_mm.c
@@ -308,10 +308,9 @@ int drm_mm_reserve_node(struct drm_mm *mm, struct drm_mm_node *node)
        u64 hole_start, hole_end;
        u64 adj_start, adj_end;
 
-       if (WARN_ON(node->size == 0))
-               return -EINVAL;
-
        end = node->start + node->size;
+       if (unlikely(end <= node->start))
+               return -ENOSPC;
 
        /* Find the relevant hole to add our node to */
        hole = drm_mm_interval_tree_iter_first(&mm->interval_tree,