[Intel-gfx] [PATCH] drm/i915: Defend against userspace creating a gem object with size==0
Ben Widawsky
ben at bwidawsk.net
Wed Sep 14 23:22:33 CEST 2011
On Wed, 14 Sep 2011 20:02:10 +0000
Ben Widawsky <ben at bwidawsk.net> wrote:
> On Wed, Sep 14, 2011 at 02:14:28PM +0200, Daniel Vetter wrote:
> > From: Chris Wilson <chris at chris-wilson.co.uk>
> >
> > We currently only round up the userspace size to the next page. We
> > assume that userspace hasn't made a mistake and requested a
> > zero-length gem object and all through our internal code we then
> > presume that every object is backed by at least a single page. Fix
> > that oversight and report EINVAL back to userspace if they try to
> > create a zero length object.
> >
> > Signed-off-by: Chris Wilson <chris at chris-wilson.co.uk>
> > [danvet: This fixes tests/gem_bad_length]
> > Signed-Off-by: Daniel Vetter <daniel.vetter at ffwll.ch>
> > ---
> > drivers/gpu/drm/i915/i915_gem.c | 2 ++
> > 1 files changed, 2 insertions(+), 0 deletions(-)
> >
> > diff --git a/drivers/gpu/drm/i915/i915_gem.c
> > b/drivers/gpu/drm/i915/i915_gem.c index 7998827..9857e9d 100644
> > --- a/drivers/gpu/drm/i915/i915_gem.c
> > +++ b/drivers/gpu/drm/i915/i915_gem.c
> > @@ -195,6 +195,8 @@ i915_gem_create(struct drm_file *file,
> > u32 handle;
> >
> > size = roundup(size, PAGE_SIZE);
> > + if (size == 0)
> > + return -EINVAL;
> >
> > /* Allocate the new object */
> > obj = i915_gem_alloc_object(dev, size);
>
> Could we just: s/roundup/DIV_ROUND_UP and be happy?
Rescinded.
Reviewed-by: Ben Widawsky <ben at bwidawsk.net>
More information about the Intel-gfx
mailing list