[PATCH] drm/panfrost: Avoid user size passed to kvmalloc()
Rob Herring
robh at kernel.org
Thu Dec 16 17:12:42 UTC 2021
On Thu, Dec 16, 2021 at 10:16 AM Steven Price <steven.price at arm.com> wrote:
>
> panfrost_copy_in_sync() takes the number of fences from user space
> (in_sync_count) and used to kvmalloc() an array to hold that number of
> fences before processing them. This provides an easy method for user
> space to trigger the OOM killer (by temporarily allocating large amounts
> of kernel memory) or hit the WARN_ONCE() added by 7661809d493b ("mm:
> don't allow oversized kvmalloc() calls").
>
> Since we don't expect there to be a large number of fences we can
> instead iterate over the fences one-by-one and avoid the temporary
> allocation altogether. This also makes the code simpler.
Doesn't the BO lookup suffer from the same issue?
Rob
More information about the dri-devel
mailing list