[Intel-gfx] [PATCH] drm/i915: add sanity check for partial view creation

[Matthew Auld]

When binding pages for a partial view we should check that the offset +
size is valid relative to the size of the gem object.

v2: Don't use pages->nents to determine the page count (Tvrtko Ursulin)
v3: Handle potential overflow (Chris Wilson)

Cc: Joonas Lahtinen <joonas.lahtinen at linux.intel.com>
Signed-off-by: Matthew Auld <matthew.auld at intel.com>
---
 drivers/gpu/drm/i915/i915_gem_gtt.c | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/drivers/gpu/drm/i915/i915_gem_gtt.c b/drivers/gpu/drm/i915/i915_gem_gtt.c
index 7b8de85..596692b 100644
--- a/drivers/gpu/drm/i915/i915_gem_gtt.c
+++ b/drivers/gpu/drm/i915/i915_gem_gtt.c
@@ -3493,6 +3493,13 @@ intel_partial_pages(const struct i915_ggtt_view *view,
 	struct sg_page_iter obj_sg_iter;
 	int ret = -ENOMEM;
 
+	if (U64_MAX - view->params.partial.offset < view->params.partial.size)
+		return ERR_PTR(-ERANGE);
+
+	if (view->params.partial.offset + view->params.partial.size >
+	    obj->base.size >> PAGE_SHIFT)
+		return ERR_PTR(-EINVAL);
+
 	st = kmalloc(sizeof(*st), GFP_KERNEL);
 	if (!st)
 		goto err_st_alloc;
-- 
2.4.3