[Intel-gfx] [PATCH] drm/i915: Sanity check the computed size and base of stolen memory
Chris Wilson
chris at chris-wilson.co.uk
Mon Jan 30 13:15:45 UTC 2017
On Mon, Jan 30, 2017 at 02:41:15PM +0200, Joonas Lahtinen wrote:
> On pe, 2017-01-27 at 17:20 +0000, Chris Wilson wrote:
> > Just do a quick check that the stolen memory address range doesn't
> > overflow our chosen integer type.
> >
> > Signed-off-by: Chris Wilson <chris at chris-wilson.co.uk>
>
> <SNIP>
>
> > @@ -189,7 +189,7 @@ static dma_addr_t i915_stolen_to_dma(struct drm_i915_private *dev_priv)
> > base = tom - tseg_size - ggtt->stolen_size;
> > }
> >
> > - if (base == 0)
> > + if (base == 0 || base + ggtt->stolen_size <= base)
>
> range_overflows?
if (base == 0 || range_overflows(base, ggtt->stolen_size, U64_MAX /* DMA_ADDR_MAX */))
Bleh.
#define add_overflows(A, B) __builtin_add_overflow_p((A), (B), (typeof((A) + (B)))0)
if (base == 0 || add_overflows(base, ggtt->stolen_size))
-Chris
--
Chris Wilson, Intel Open Source Technology Centre
More information about the Intel-gfx
mailing list