diff mbox series

[RESEND] drm/mediatek: Add 0 size check to mtk_drm_gem_obj

Message ID 20240307180051.4104425-1-greenjustin@chromium.org (mailing list archive)
State New, archived
Headers show
Series [RESEND] drm/mediatek: Add 0 size check to mtk_drm_gem_obj | expand

Commit Message

Justin Green March 7, 2024, 6 p.m. UTC
Add a check to mtk_drm_gem_init if we attempt to allocate a GEM object
of 0 bytes. Currently, no such check exists and the kernel will panic if
a userspace application attempts to allocate a 0x0 GBM buffer.

Tested by attempting to allocate a 0x0 GBM buffer on an MT8188 and
verifying that we now return EINVAL.

Fixes: 119f5173628a ("drm/mediatek: Add DRM Driver for Mediatek SoC MT8173.")
Signed-off-by: Justin green <greenjustin@chromium.org>
Reviewed-by: AngeloGioacchino Del Regno <angelogioacchino.delregno@collabora.com>
---
 drivers/gpu/drm/mediatek/mtk_drm_gem.c | 3 +++
 1 file changed, 3 insertions(+)

Comments

CK Hu (胡俊光) March 19, 2024, 6 a.m. UTC | #1
Hi, Justin:

On Thu, 2024-03-07 at 13:00 -0500, Justin Green wrote:
>  	 
> External email : Please do not click links or open attachments until
> you have verified the sender or the content.
>  Add a check to mtk_drm_gem_init if we attempt to allocate a GEM
> object
> of 0 bytes. Currently, no such check exists and the kernel will panic
> if
> a userspace application attempts to allocate a 0x0 GBM buffer.
> 
> Tested by attempting to allocate a 0x0 GBM buffer on an MT8188 and
> verifying that we now return EINVAL.

Reviewed-by: CK Hu <ck.hu@mediatek.com>

> 
> Fixes: 119f5173628a ("drm/mediatek: Add DRM Driver for Mediatek SoC
> MT8173.")
> Signed-off-by: Justin green <greenjustin@chromium.org>
> Reviewed-by: AngeloGioacchino Del Regno <
> angelogioacchino.delregno@collabora.com>
> ---
>  drivers/gpu/drm/mediatek/mtk_drm_gem.c | 3 +++
>  1 file changed, 3 insertions(+)
> 
> diff --git a/drivers/gpu/drm/mediatek/mtk_drm_gem.c
> b/drivers/gpu/drm/mediatek/mtk_drm_gem.c
> index 4f2e3feabc0f..ee49367b6138 100644
> --- a/drivers/gpu/drm/mediatek/mtk_drm_gem.c
> +++ b/drivers/gpu/drm/mediatek/mtk_drm_gem.c
> @@ -38,6 +38,9 @@ static struct mtk_drm_gem_obj
> *mtk_drm_gem_init(struct drm_device *dev,
>  
>  	size = round_up(size, PAGE_SIZE);
>  
> +        if (size == 0)
> +		return ERR_PTR(-EINVAL);
> +
>  	mtk_gem_obj = kzalloc(sizeof(*mtk_gem_obj), GFP_KERNEL);
>  	if (!mtk_gem_obj)
>  		return ERR_PTR(-ENOMEM);
> -- 
> 2.44.0.278.ge034bb2e1d-goog
>
diff mbox series

Patch

diff --git a/drivers/gpu/drm/mediatek/mtk_drm_gem.c b/drivers/gpu/drm/mediatek/mtk_drm_gem.c
index 4f2e3feabc0f..ee49367b6138 100644
--- a/drivers/gpu/drm/mediatek/mtk_drm_gem.c
+++ b/drivers/gpu/drm/mediatek/mtk_drm_gem.c
@@ -38,6 +38,9 @@  static struct mtk_drm_gem_obj *mtk_drm_gem_init(struct drm_device *dev,
 
 	size = round_up(size, PAGE_SIZE);
 
+        if (size == 0)
+		return ERR_PTR(-EINVAL);
+
 	mtk_gem_obj = kzalloc(sizeof(*mtk_gem_obj), GFP_KERNEL);
 	if (!mtk_gem_obj)
 		return ERR_PTR(-ENOMEM);