From b5eb67744215b3434a36b9251e28da3dc2a638a6 Mon Sep 17 00:00:00 2001 From: Rajesh Kemisetti Date: Mon, 9 May 2016 22:12:20 +0530 Subject: msm: kgsl: Add missing checks for alloc size and sglen In _kgsl_sharedmem_page_alloc(), check for boundary limits of requested alloc size before honoring and make sure sglen is greater than zero before marking it as end of sg list. Change-Id: I8b9e225e515a0f31593df6f4cad253236475d0ae Signed-off-by: Rajesh Kemisetti --- drivers/gpu/msm/kgsl_sharedmem.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/drivers/gpu/msm/kgsl_sharedmem.c b/drivers/gpu/msm/kgsl_sharedmem.c index 079b9ff..98f634d 100644 --- a/drivers/gpu/msm/kgsl_sharedmem.c +++ b/drivers/gpu/msm/kgsl_sharedmem.c @@ -609,6 +609,10 @@ _kgsl_sharedmem_page_alloc(struct kgsl_memdesc *memdesc, unsigned int align; int step = ((VMALLOC_END - VMALLOC_START)/8) >> PAGE_SHIFT; + size = PAGE_ALIGN(size); + if (size == 0 || size > UINT_MAX) + return -EINVAL; + align = (memdesc->flags & KGSL_MEMALIGN_MASK) >> KGSL_MEMALIGN_SHIFT; page_size = get_page_size(size, align); @@ -712,7 +716,9 @@ _kgsl_sharedmem_page_alloc(struct kgsl_memdesc *memdesc, memdesc->sglen = sglen; memdesc->size = size; - sg_mark_end(&memdesc->sg[sglen - 1]); + + if (sglen > 0) + sg_mark_end(&memdesc->sg[sglen - 1]); /* * All memory that goes to the user has to be zeroed out before it gets -- cgit v1.1