Sākums Izpētīt Palīdzība
Pierakstīties
GfA
/
linux_kernel
5
0
Atdalīts 0
Faili Problēmas 0 Izmaiņu pieprasījumi 0 Vikivietne
Pārlūkot izejas kodu

drm/msm: Fix the check for the command size

The overrun check for the size of submitted commands is off by one.
It should allow the offset plus the size to be equal to the
size of the memory object when the command stream is very tightly
constructed.

Signed-off-by: Jordan Crouse <jcrouse@codeaurora.org>
Signed-off-by: Rob Clark <robdclark@gmail.com>
Jordan Crouse 8 gadi atpakaļ
vecāks
90dd57de4a
revīzija
d72fea538f
1 mainītis faili ar 3 papildinājumiem un 2 dzēšanām
Apvienotais skats Rādīt salīdzināšanas statistiku
  1. 3 2
      drivers/gpu/drm/msm/msm_gem_submit.c

+ 3 - 2
drivers/gpu/drm/msm/msm_gem_submit.c
Parādīt failu 

@@ -495,8 +495,9 @@ int msm_ioctl_gem_submit(struct drm_device *dev, void *data,
 
 			goto out;
 
 			goto out;
 
 		}
 
 		}
 
 
 
-		if ((submit_cmd.size + submit_cmd.submit_offset) >=
 
-				msm_obj->base.size) {
 
+		if (!submit_cmd.size ||
 
+			((submit_cmd.size + submit_cmd.submit_offset) >
 
+				msm_obj->base.size)) {
 
 			DRM_ERROR("invalid cmdstream size: %u\n", submit_cmd.size);
 
 			DRM_ERROR("invalid cmdstream size: %u\n", submit_cmd.size);
 
 			ret = -EINVAL;
 
 			ret = -EINVAL;
 
 			goto out;
 
 			goto out;