mirror of
https://github.com/Divested-Mobile/DivestOS-Build.git
synced 2024-10-01 01:35:54 -04:00
57 lines
1.6 KiB
Diff
57 lines
1.6 KiB
Diff
From cdde1a87792a52274763eb006d326ca254ec3c63 Mon Sep 17 00:00:00 2001
|
|
From: Manoj Rao <manojraj@codeaurora.org>
|
|
Date: Fri, 12 Apr 2013 18:37:14 -0700
|
|
Subject: msm: msm_fb: remove mmio access through mmap
|
|
|
|
Disable access to mm io and add
|
|
appropriate range checks to ensure valid accesses
|
|
through framebuffer mmap. This prevents illegal
|
|
access into memory.
|
|
|
|
CRs-Fixed: 474706
|
|
Change-Id: If25166f2732433ef967e99c716440030b567aae9
|
|
Signed-off-by: Manoj Rao <manojraj@codeaurora.org>
|
|
---
|
|
drivers/video/msm/msm_fb.c | 21 ++++++++-------------
|
|
1 file changed, 8 insertions(+), 13 deletions(-)
|
|
|
|
diff --git a/drivers/video/msm/msm_fb.c b/drivers/video/msm/msm_fb.c
|
|
index adf50ed..9efe766 100644
|
|
--- a/drivers/video/msm/msm_fb.c
|
|
+++ b/drivers/video/msm/msm_fb.c
|
|
@@ -1166,23 +1166,18 @@ static int msm_fb_mmap(struct fb_info *info, struct vm_area_struct * vma)
|
|
if (!start)
|
|
return -EINVAL;
|
|
|
|
- msm_fb_pan_idle(mfd);
|
|
- if (off >= len) {
|
|
- /* memory mapped io */
|
|
- off -= len;
|
|
- if (info->var.accel_flags) {
|
|
- mutex_unlock(&info->lock);
|
|
- return -EINVAL;
|
|
- }
|
|
- start = info->fix.mmio_start;
|
|
- len = PAGE_ALIGN((start & ~PAGE_MASK) + info->fix.mmio_len);
|
|
- }
|
|
+ if ((vma->vm_end <= vma->vm_start) ||
|
|
+ (off >= len) ||
|
|
+ ((vma->vm_end - vma->vm_start) > (len - off)))
|
|
+ return -EINVAL;
|
|
|
|
+ msm_fb_pan_idle(mfd);
|
|
/* Set VM flags. */
|
|
start &= PAGE_MASK;
|
|
- if ((vma->vm_end - vma->vm_start + off) > len)
|
|
- return -EINVAL;
|
|
off += start;
|
|
+ if (off < start)
|
|
+ return -EINVAL;
|
|
+
|
|
vma->vm_pgoff = off >> PAGE_SHIFT;
|
|
/* This is an IO map - tell maydump to skip this VMA */
|
|
vma->vm_flags |= VM_IO | VM_RESERVED;
|
|
--
|
|
cgit v1.1
|
|
|