[RFC PATCH] dma-buf: Fix dma reservation with zero fences

[Mika Kuoppala]

Driver can initialize without any fences. If so
roundup_power_of_two will overflow as it will try to
subtract one from initial value before shift,
(1 << fls_long(-1)).

Fix this using default (4) if num_fences is zero.

Another more radical option would be to return error on
zero but that would need a callsite comb.

Caught-by: UBSAN
Cc: Christian König <christian.koenig at amd.com>
Cc: Thomas Hellström <thomas.hellstrom at linux.intel.com>
Signed-off-by: Mika Kuoppala <mika.kuoppala at linux.intel.com>
---
 drivers/dma-buf/dma-resv.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/drivers/dma-buf/dma-resv.c b/drivers/dma-buf/dma-resv.c
index 38b4110378de..f5ad3ecd0d4f 100644
--- a/drivers/dma-buf/dma-resv.c
+++ b/drivers/dma-buf/dma-resv.c
@@ -192,7 +192,10 @@ int dma_resv_reserve_fences(struct dma_resv *obj, unsigned int num_fences)
 			return 0;
 		max = max(old->num_fences + num_fences, old->max_fences * 2);
 	} else {
-		max = max(4ul, roundup_pow_of_two(num_fences));
+		if (num_fences)
+			max = max(4ul, roundup_pow_of_two(num_fences));
+		else
+			max = 4ul;
 	}
 
 	new = dma_resv_list_alloc(max);
-- 
2.34.1