@@ -617,6 +617,9 @@ int drm_addbufs_agp(struct drm_device * dev, struct drm_buf_desc * request)
int i, valid;
struct drm_buf **temp_buflist;
+ if (!dev->driver->dev_priv_size)
+ return -EINVAL;
+
if (!dma)
return -EINVAL;
@@ -672,7 +675,7 @@ int drm_addbufs_agp(struct drm_device * dev, struct drm_buf_desc * request)
return -ENOMEM; /* May only call once for each order */
}
- if (count < 0 || count > 4096) {
+ if (count <= 0 || count > 4096) {
mutex_unlock(&dev->struct_mutex);
atomic_dec(&dev->buf_alloc);
return -EINVAL;
@@ -781,6 +784,9 @@ int drm_addbufs_pci(struct drm_device * dev, struct drm_buf_desc * request)
unsigned long *temp_pagelist;
struct drm_buf **temp_buflist;
+ if (!dev->driver->dev_priv_size)
+ return -EINVAL;
+
if (!drm_core_check_feature(dev, DRIVER_PCI_DMA))
return -EINVAL;
@@ -821,7 +827,7 @@ int drm_addbufs_pci(struct drm_device * dev, struct drm_buf_desc * request)
return -ENOMEM; /* May only call once for each order */
}
- if (count < 0 || count > 4096) {
+ if (count <= 0 || count > 4096) {
mutex_unlock(&dev->struct_mutex);
atomic_dec(&dev->buf_alloc);
return -EINVAL;
@@ -1031,7 +1037,7 @@ static int drm_addbufs_sg(struct drm_device * dev, struct drm_buf_desc * request
return -ENOMEM; /* May only call once for each order */
}
- if (count < 0 || count > 4096) {
+ if (count <= 0 || count > 4096) {
mutex_unlock(&dev->struct_mutex);
atomic_dec(&dev->buf_alloc);
return -EINVAL;
Since we cannot make sure the 'count' and 'dev->driver->dev_priv_size' will always be none zero here, and then if either equal to zero, the kzalloc() will return ZERO_SIZE_PTR, which equals to ((void *)16). So this patch fix this with just doing the zero check before calling kzalloc(). Signed-off-by: Xiubo Li <Li.Xiubo@freescale.com> --- drivers/gpu/drm/drm_bufs.c | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-)