[PATCH 2/2] drm/mst: Add range check for max_payloads during init
David Weinehall
david.weinehall at linux.intel.com
Fri Jan 29 05:52:50 PST 2016
On Fri, Jan 29, 2016 at 02:44:29PM +0200, Imre Deak wrote:
> max_payload is limited by the space we have in
> drm_dp_mst_topology_mgr::vcpi_mask,payload_mask. We need to track
> max_payloads+1 IDs in these masks, see drm_dp_mst_assign_payload_id().
> Add a sanity check for this.
>
> Caught by coverity.
>
> Signed-off-by: Imre Deak <imre.deak at intel.com>
Reviewed-by: David Weinehall <david.weinehall at intel.com>
> ---
> drivers/gpu/drm/drm_dp_mst_topology.c | 3 +++
> 1 file changed, 3 insertions(+)
>
> diff --git a/drivers/gpu/drm/drm_dp_mst_topology.c b/drivers/gpu/drm/drm_dp_mst_topology.c
> index 8f749e6..05c2702 100644
> --- a/drivers/gpu/drm/drm_dp_mst_topology.c
> +++ b/drivers/gpu/drm/drm_dp_mst_topology.c
> @@ -2847,6 +2847,9 @@ int drm_dp_mst_topology_mgr_init(struct drm_dp_mst_topology_mgr *mgr,
> mgr->max_dpcd_transaction_bytes = max_dpcd_transaction_bytes;
> mgr->max_payloads = max_payloads;
> mgr->conn_base_id = conn_base_id;
> + if (max_payloads + 1 > sizeof(mgr->payload_mask) * 8 ||
> + max_payloads + 1 > sizeof(mgr->vcpi_mask) * 8)
> + return -EINVAL;
> mgr->payloads = kcalloc(max_payloads, sizeof(struct drm_dp_payload), GFP_KERNEL);
> if (!mgr->payloads)
> return -ENOMEM;
> --
> 2.5.0
>
More information about the dri-devel
mailing list