[PATCH v2 25/40] drm: Detect overflow in drm_mm_reserve_node()
Chris Wilson
chris at chris-wilson.co.uk
Fri Dec 16 07:47:03 UTC 2016
Protect ourselves from a caller passing in node.start + node.size that
will overflow and trick us into reserving that node.
Signed-off-by: Chris Wilson <chris at chris-wilson.co.uk>
---
drivers/gpu/drm/drm_mm.c | 5 ++---
1 file changed, 2 insertions(+), 3 deletions(-)
diff --git a/drivers/gpu/drm/drm_mm.c b/drivers/gpu/drm/drm_mm.c
index ead164093ac7..6450690f5578 100644
--- a/drivers/gpu/drm/drm_mm.c
+++ b/drivers/gpu/drm/drm_mm.c
@@ -308,10 +308,9 @@ int drm_mm_reserve_node(struct drm_mm *mm, struct drm_mm_node *node)
u64 hole_start, hole_end;
u64 adj_start, adj_end;
- if (WARN_ON(node->size == 0))
- return -EINVAL;
-
end = node->start + node->size;
+ if (unlikely(end <= node->start))
+ return -ENOSPC;
/* Find the relevant hole to add our node to */
hole = drm_mm_interval_tree_iter_first(&mm->interval_tree,
--
2.11.0
More information about the dri-devel
mailing list