[Intel-gfx] [PATCH] drm/i915: Defend against userspace creating a gem object with size==0
Daniel Vetter
daniel.vetter at ffwll.ch
Wed Sep 14 14:14:28 CEST 2011
From: Chris Wilson <chris at chris-wilson.co.uk>
We currently only round up the userspace size to the next page. We
assume that userspace hasn't made a mistake and requested a zero-length
gem object and all through our internal code we then presume that every
object is backed by at least a single page. Fix that oversight and
report EINVAL back to userspace if they try to create a zero length
object.
Signed-off-by: Chris Wilson <chris at chris-wilson.co.uk>
[danvet: This fixes tests/gem_bad_length]
Signed-Off-by: Daniel Vetter <daniel.vetter at ffwll.ch>
---
drivers/gpu/drm/i915/i915_gem.c | 2 ++
1 files changed, 2 insertions(+), 0 deletions(-)
diff --git a/drivers/gpu/drm/i915/i915_gem.c b/drivers/gpu/drm/i915/i915_gem.c
index 7998827..9857e9d 100644
--- a/drivers/gpu/drm/i915/i915_gem.c
+++ b/drivers/gpu/drm/i915/i915_gem.c
@@ -195,6 +195,8 @@ i915_gem_create(struct drm_file *file,
u32 handle;
size = roundup(size, PAGE_SIZE);
+ if (size == 0)
+ return -EINVAL;
/* Allocate the new object */
obj = i915_gem_alloc_object(dev, size);
--
1.7.6
More information about the Intel-gfx
mailing list