[Intel-gfx] [PATCH] drm/i915: Defend against userspace creating a gem object with size==0

[Ben Widawsky]

On Wed, Sep 14, 2011 at 02:14:28PM +0200, Daniel Vetter wrote:
> From: Chris Wilson <chris at chris-wilson.co.uk>
> 
> We currently only round up the userspace size to the next page. We
> assume that userspace hasn't made a mistake and requested a zero-length
> gem object and all through our internal code we then presume that every
> object is backed by at least a single page. Fix that oversight and
> report EINVAL back to userspace if they try to create a zero length
> object.
> 
> Signed-off-by: Chris Wilson <chris at chris-wilson.co.uk>
> [danvet: This fixes tests/gem_bad_length]
> Signed-Off-by: Daniel Vetter <daniel.vetter at ffwll.ch>
> ---
>  drivers/gpu/drm/i915/i915_gem.c |    2 ++
>  1 files changed, 2 insertions(+), 0 deletions(-)
> 
> diff --git a/drivers/gpu/drm/i915/i915_gem.c b/drivers/gpu/drm/i915/i915_gem.c
> index 7998827..9857e9d 100644
> --- a/drivers/gpu/drm/i915/i915_gem.c
> +++ b/drivers/gpu/drm/i915/i915_gem.c
> @@ -195,6 +195,8 @@ i915_gem_create(struct drm_file *file,
>  	u32 handle;
>  
>  	size = roundup(size, PAGE_SIZE);
> +	if (size == 0)
> +		return -EINVAL;
>  
>  	/* Allocate the new object */
>  	obj = i915_gem_alloc_object(dev, size);

Could we just: s/roundup/DIV_ROUND_UP and be happy?

Ben