| Message ID | 1368791388-31441-4-git-send-email-amerilainen@nvidia.com (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
On Fri, May 17, 2013 at 02:49:45PM +0300, Arto Merilainen wrote: > This patch fixes a bad memory access in syncpoint request code. If > no syncpoints were available, the code accessed unreserved memory > area causing unexpected behaviour. > > Signed-off-by: Arto Merilainen <amerilainen@nvidia.com> > --- > drivers/gpu/host1x/syncpt.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/drivers/gpu/host1x/syncpt.c b/drivers/gpu/host1x/syncpt.c > index 5bf5366..6b7ee88 100644 > --- a/drivers/gpu/host1x/syncpt.c > +++ b/drivers/gpu/host1x/syncpt.c > @@ -40,7 +40,7 @@ static struct host1x_syncpt *_host1x_syncpt_alloc(struct host1x *host, > > for (i = 0; i < host->info->nb_pts && sp->name; i++, sp++) > ; > - if (sp->dev) > + if (i >= host->info->nb_pts) > return NULL; While changing this, can you please add a blank line between the loop and the new 'if (...)'? Thierry
On 05/26/2013 01:15 PM, Thierry Reding wrote: > * PGP Signed by an unknown key > > On Fri, May 17, 2013 at 02:49:45PM +0300, Arto Merilainen wrote: >> This patch fixes a bad memory access in syncpoint request code. If >> no syncpoints were available, the code accessed unreserved memory >> area causing unexpected behaviour. >> >> Signed-off-by: Arto Merilainen <amerilainen@nvidia.com> >> --- >> drivers/gpu/host1x/syncpt.c | 2 +- >> 1 file changed, 1 insertion(+), 1 deletion(-) >> >> diff --git a/drivers/gpu/host1x/syncpt.c b/drivers/gpu/host1x/syncpt.c >> index 5bf5366..6b7ee88 100644 >> --- a/drivers/gpu/host1x/syncpt.c >> +++ b/drivers/gpu/host1x/syncpt.c >> @@ -40,7 +40,7 @@ static struct host1x_syncpt *_host1x_syncpt_alloc(struct host1x *host, >> >> for (i = 0; i < host->info->nb_pts && sp->name; i++, sp++) >> ; >> - if (sp->dev) >> + if (i >= host->info->nb_pts) >> return NULL; > > While changing this, can you please add a blank line between the loop > and the new 'if (...)'? > Yep. Will do. - Arto
diff --git a/drivers/gpu/host1x/syncpt.c b/drivers/gpu/host1x/syncpt.c index 5bf5366..6b7ee88 100644 --- a/drivers/gpu/host1x/syncpt.c +++ b/drivers/gpu/host1x/syncpt.c @@ -40,7 +40,7 @@ static struct host1x_syncpt *_host1x_syncpt_alloc(struct host1x *host, for (i = 0; i < host->info->nb_pts && sp->name; i++, sp++) ; - if (sp->dev) + if (i >= host->info->nb_pts) return NULL; name = kasprintf(GFP_KERNEL, "%02d-%s", sp->id,
This patch fixes a bad memory access in syncpoint request code. If no syncpoints were available, the code accessed unreserved memory area causing unexpected behaviour. Signed-off-by: Arto Merilainen <amerilainen@nvidia.com> --- drivers/gpu/host1x/syncpt.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)