From: Chris Wilson Date: Thu, 22 Dec 2016 08:36:26 +0000 (+0000) Subject: drm: Detect overflow in drm_mm_reserve_node() X-Git-Url: https://git.stricted.de/?a=commitdiff_plain;h=c820186d5b3b213c5a627c45e5db386bb739af25;p=GitHub%2Fmoto-9609%2Fandroid_kernel_motorola_exynos9610.git drm: Detect overflow in drm_mm_reserve_node() Protect ourselves from a caller passing in node.start + node.size that will overflow and trick us into reserving that node. Signed-off-by: Chris Wilson Reviewed-by: Joonas Lahtinen Signed-off-by: Daniel Vetter Link: http://patchwork.freedesktop.org/patch/msgid/20161222083641.2691-24-chris@chris-wilson.co.uk --- diff --git a/drivers/gpu/drm/drm_mm.c b/drivers/gpu/drm/drm_mm.c index 767cfd05c628..370cb8ee91c9 100644 --- a/drivers/gpu/drm/drm_mm.c +++ b/drivers/gpu/drm/drm_mm.c @@ -308,10 +308,9 @@ int drm_mm_reserve_node(struct drm_mm *mm, struct drm_mm_node *node) u64 hole_start, hole_end; u64 adj_start, adj_end; - if (WARN_ON(node->size == 0)) - return -EINVAL; - end = node->start + node->size; + if (unlikely(end <= node->start)) + return -ENOSPC; /* Find the relevant hole to add our node to */ hole = drm_mm_interval_tree_iter_first(&mm->interval_tree,