From patchwork Thu Sep 19 10:18:35 2013
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Daniel Vetter <daniel.vetter@ffwll.ch>
X-Patchwork-Id: 2910671
Return-Path: 
 <intel-gfx-bounces+patchwork-intel-gfx=patchwork.kernel.org@lists.freedesktop.org>
X-Original-To: patchwork-intel-gfx@patchwork.kernel.org
Delivered-To: patchwork-parsemail@patchwork1.web.kernel.org
Received: from mail.kernel.org (mail.kernel.org [198.145.19.201])
	by patchwork1.web.kernel.org (Postfix) with ESMTP id 1650E9F1E1
	for <patchwork-intel-gfx@patchwork.kernel.org>;
	Thu, 19 Sep 2013 10:22:02 +0000 (UTC)
Received: from mail.kernel.org (localhost [127.0.0.1])
	by mail.kernel.org (Postfix) with ESMTP id C6C7920452
	for <patchwork-intel-gfx@patchwork.kernel.org>;
	Thu, 19 Sep 2013 10:22:00 +0000 (UTC)
Received: from gabe.freedesktop.org (gabe.freedesktop.org [131.252.210.177])
	by mail.kernel.org (Postfix) with ESMTP id 2A74720448
	for <patchwork-intel-gfx@patchwork.kernel.org>;
	Thu, 19 Sep 2013 10:21:59 +0000 (UTC)
Received: from gabe.freedesktop.org (localhost [127.0.0.1])
	by gabe.freedesktop.org (Postfix) with ESMTP id 341F5E7389
	for <patchwork-intel-gfx@patchwork.kernel.org>;
	Thu, 19 Sep 2013 03:21:59 -0700 (PDT)
X-Original-To: intel-gfx@lists.freedesktop.org
Delivered-To: intel-gfx@lists.freedesktop.org
Received: from mail-ee0-f49.google.com (mail-ee0-f49.google.com
	[74.125.83.49])
	by gabe.freedesktop.org (Postfix) with ESMTP id DD637E6813
	for <intel-gfx@lists.freedesktop.org>;
	Thu, 19 Sep 2013 03:18:29 -0700 (PDT)
Received: by mail-ee0-f49.google.com with SMTP id d41so3974329eek.8
	for <intel-gfx@lists.freedesktop.org>;
	Thu, 19 Sep 2013 03:18:29 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ffwll.ch; s=google;
	h=from:to:cc:subject:date:message-id:in-reply-to:references;
	bh=okF2HME1dbGDUwk98HLKuDNrH5OJZZqcbd7RiRyVYTE=;
	b=NpwaJyzeXzq+tcDsEIvCA4a8MdlshZfgnBabRkJbPBpxauAPIDSHpR4nTh329mXE64
	zqFnvfZ8vveP+kvRkZVYFp5GtpQmAhUzq0k2y441I0fCDQsmTUWAH1/j0ZTlcLBQkgLn
	RWlvd+GlMNFwD+paBoacmcCv2z2i7nDZJXfS0=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20130820;
	h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
	:references;
	bh=okF2HME1dbGDUwk98HLKuDNrH5OJZZqcbd7RiRyVYTE=;
	b=Tfsk5v6JFVq9sFmBk6d//BpMi/qpQLElBRqj2mSwesaHiSI+WQRHbJbtw5GRQRSM4A
	rbnddL+bQdOTJ503LIYi/C0IQZf4P6kWUXGMh9k9YaeIW0N5JElt4L/N1u4L3IOw7h5P
	V7v+0tgw58ZwTrTwQjG1eu9kNFsIFRxabwuy0chrEO3A+ue9/E8r8SnRTlPw346+vJkr
	3MPJUqpFw9wfPtCdvsqhMb8HbW4sBSEDUkTLx5cCSOTJVlPaI0oj1ZDEht2EbqC1GH2u
	FZRIu7ecN58jPrzjfCdK6jRrQ2+HA0rolsgj2GGBbjOt1GwG1io+GXOT7vubHFjkQKcJ
	oK3g==
X-Gm-Message-State: 
 ALoCoQm6T/dA91866JLmZiegScAcci/od343f406I4W/lhMUYTNGQTUhX+B7nITuQ7PjF8W956GL
X-Received: by 10.15.110.12 with SMTP id cg12mr94450eeb.103.1379585908930;
	Thu, 19 Sep 2013 03:18:28 -0700 (PDT)
Received: from phenom.ffwll.local (178-83-130-250.dynamic.hispeed.ch.
	[178.83.130.250]) by mx.google.com with ESMTPSA id
	bn13sm10059572eeb.11.1969.12.31.16.00.00
	(version=TLSv1.2 cipher=ECDHE-RSA-RC4-SHA bits=128/128);
	Thu, 19 Sep 2013 03:18:28 -0700 (PDT)
From: Daniel Vetter <daniel.vetter@ffwll.ch>
To: Intel Graphics Development <intel-gfx@lists.freedesktop.org>
Date: Thu, 19 Sep 2013 12:18:35 +0200
Message-Id: <1379585916-6521-4-git-send-email-daniel.vetter@ffwll.ch>
X-Mailer: git-send-email 1.8.4.rc3
In-Reply-To: <1379585916-6521-1-git-send-email-daniel.vetter@ffwll.ch>
References: <1379585916-6521-1-git-send-email-daniel.vetter@ffwll.ch>
Cc: Daniel Vetter <daniel.vetter@ffwll.ch>
Subject: [Intel-gfx] [PATCH 4/5] drm/i915: check for allocation overflow in
	error state capture
X-BeenThere: intel-gfx@lists.freedesktop.org
X-Mailman-Version: 2.1.13
Precedence: list
List-Id: Intel graphics driver community testing & development
	<intel-gfx.lists.freedesktop.org>
List-Unsubscribe: <http://lists.freedesktop.org/mailman/options/intel-gfx>,
	<mailto:intel-gfx-request@lists.freedesktop.org?subject=unsubscribe>
List-Archive: <http://lists.freedesktop.org/archives/intel-gfx>
List-Post: <mailto:intel-gfx@lists.freedesktop.org>
List-Help: <mailto:intel-gfx-request@lists.freedesktop.org?subject=help>
List-Subscribe: <http://lists.freedesktop.org/mailman/listinfo/intel-gfx>,
	<mailto:intel-gfx-request@lists.freedesktop.org?subject=subscribe>
MIME-Version: 1.0
Sender: 
 intel-gfx-bounces+patchwork-intel-gfx=patchwork.kernel.org@lists.freedesktop.org
Errors-To: 
 intel-gfx-bounces+patchwork-intel-gfx=patchwork.kernel.org@lists.freedesktop.org
X-Spam-Status: No, score=-4.7 required=5.0 tests=BAYES_00,DKIM_SIGNED,
	RCVD_IN_DNSWL_MED,RP_MATCHES_RCVD,T_DKIM_INVALID,UNPARSEABLE_RELAY
	autolearn=unavailable version=3.3.1
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on mail.kernel.org
X-Virus-Scanned: ClamAV using ClamSMTP

Pretty harmless since actually binding such a giant thing would be
really hard to pull off - it doesn't fit into the gtt of any shipping
gpu right now.

Signed-off-by: Daniel Vetter <daniel.vetter@ffwll.ch>
---
 drivers/gpu/drm/i915/i915_gpu_error.c | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/drivers/gpu/drm/i915/i915_gpu_error.c b/drivers/gpu/drm/i915/i915_gpu_error.c
index 763283e..6c80636 100644
--- a/drivers/gpu/drm/i915/i915_gpu_error.c
+++ b/drivers/gpu/drm/i915/i915_gpu_error.c
@@ -478,7 +478,7 @@ static void i915_error_state_free(struct kref *error_ref)
 static struct drm_i915_error_object *
 i915_error_object_create_sized(struct drm_i915_private *dev_priv,
 			       struct drm_i915_gem_object *src,
-			       const int num_pages)
+			       const unsigned int num_pages)
 {
 	struct drm_i915_error_object *dst;
 	int i;
@@ -487,6 +487,12 @@ i915_error_object_create_sized(struct drm_i915_private *dev_priv,
 	if (src == NULL || src->pages == NULL)
 		return NULL;
 
+	if (num_pages > (UINT_MAX - sizeof(*dst)) / sizeof(u32 *)) {
+		DRM_DEBUG("error object with overflowing num_pages %u\n",
+			  num_pages);
+		return NULL;
+	}
+
 	dst = kmalloc(sizeof(*dst) + num_pages * sizeof(u32 *), GFP_ATOMIC);
 	if (dst == NULL)
 		return NULL;