| Message ID | 20240306203702.3924719-1-greenjustin@chromium.org (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
| Series | drm/mediatek: Add 0 size check to mtk_drm_gem_obj | expand |
Il 06/03/24 21:37, Justin Green ha scritto: > Add a check to mtk_drm_gem_init if we attempt to allocate a GEM object > of 0 bytes. Currently, no such check exists and the kernel will panic if > a userspace application attempts to allocate a 0x0 GBM buffer. > > Tested by attempting to allocate a 0x0 GBM buffer on an MT8188 and > verifying that we now return EINVAL. > > Signed-off-by: Justin green <greenjustin@chromium.org> You need a Fixes tag for this one. Please add the right one and resend. After adding the correct Fixes tag, Reviewed-by: AngeloGioacchino Del Regno <angelogioacchino.delregno@collabora.com> Cheers, Angelo > --- > drivers/gpu/drm/mediatek/mtk_drm_gem.c | 3 +++ > 1 file changed, 3 insertions(+) > > diff --git a/drivers/gpu/drm/mediatek/mtk_drm_gem.c b/drivers/gpu/drm/mediatek/mtk_drm_gem.c > index 4f2e3feabc0f..ee49367b6138 100644 > --- a/drivers/gpu/drm/mediatek/mtk_drm_gem.c > +++ b/drivers/gpu/drm/mediatek/mtk_drm_gem.c > @@ -38,6 +38,9 @@ static struct mtk_drm_gem_obj *mtk_drm_gem_init(struct drm_device *dev, > > size = round_up(size, PAGE_SIZE); > > + if (size == 0) > + return ERR_PTR(-EINVAL); > + > mtk_gem_obj = kzalloc(sizeof(*mtk_gem_obj), GFP_KERNEL); > if (!mtk_gem_obj) > return ERR_PTR(-ENOMEM);
diff --git a/drivers/gpu/drm/mediatek/mtk_drm_gem.c b/drivers/gpu/drm/mediatek/mtk_drm_gem.c index 4f2e3feabc0f..ee49367b6138 100644 --- a/drivers/gpu/drm/mediatek/mtk_drm_gem.c +++ b/drivers/gpu/drm/mediatek/mtk_drm_gem.c @@ -38,6 +38,9 @@ static struct mtk_drm_gem_obj *mtk_drm_gem_init(struct drm_device *dev, size = round_up(size, PAGE_SIZE); + if (size == 0) + return ERR_PTR(-EINVAL); + mtk_gem_obj = kzalloc(sizeof(*mtk_gem_obj), GFP_KERNEL); if (!mtk_gem_obj) return ERR_PTR(-ENOMEM);
Add a check to mtk_drm_gem_init if we attempt to allocate a GEM object of 0 bytes. Currently, no such check exists and the kernel will panic if a userspace application attempts to allocate a 0x0 GBM buffer. Tested by attempting to allocate a 0x0 GBM buffer on an MT8188 and verifying that we now return EINVAL. Signed-off-by: Justin green <greenjustin@chromium.org> --- drivers/gpu/drm/mediatek/mtk_drm_gem.c | 3 +++ 1 file changed, 3 insertions(+)