[PATCH 03/22] drm/tegra: Check whether page belongs to BO in tegra_bo_kmap()
Dmitry Osipenko
digetx at gmail.com
Tue May 23 00:14:18 UTC 2017
This fixes an OOPS in case of out-of-bounds accessing of a kmap'ed cmdbuf
(non-IOMMU allocation) while patching the relocations in do_relocs().
Signed-off-by: Dmitry Osipenko <digetx at gmail.com>
---
drivers/gpu/drm/tegra/gem.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/drivers/gpu/drm/tegra/gem.c b/drivers/gpu/drm/tegra/gem.c
index 424569b53e57..ca0d4439e97b 100644
--- a/drivers/gpu/drm/tegra/gem.c
+++ b/drivers/gpu/drm/tegra/gem.c
@@ -74,6 +74,9 @@ static void *tegra_bo_kmap(struct host1x_bo *bo, unsigned int page)
{
struct tegra_bo *obj = host1x_to_tegra_bo(bo);
+ if (page * PAGE_SIZE >= obj->gem.size)
+ return NULL;
+
if (obj->vaddr)
return obj->vaddr + page * PAGE_SIZE;
else if (obj->gem.import_attach)
--
2.13.0
More information about the dri-devel
mailing list