* [PATCH RESEND] drm/mediatek: Add 0 size check to mtk_drm_gem_obj
@ 2024-03-07 18:00 Justin Green
2024-03-19 6:00 ` CK Hu (胡俊光)
0 siblings, 1 reply; 2+ messages in thread
From: Justin Green @ 2024-03-07 18:00 UTC (permalink / raw
To: linux-mediatek
Cc: dri-devel, chunkuang.hu, fshao, angelogioacchino.delregno,
Justin Green
Add a check to mtk_drm_gem_init if we attempt to allocate a GEM object
of 0 bytes. Currently, no such check exists and the kernel will panic if
a userspace application attempts to allocate a 0x0 GBM buffer.
Tested by attempting to allocate a 0x0 GBM buffer on an MT8188 and
verifying that we now return EINVAL.
Fixes: 119f5173628a ("drm/mediatek: Add DRM Driver for Mediatek SoC MT8173.")
Signed-off-by: Justin green <greenjustin@chromium.org>
Reviewed-by: AngeloGioacchino Del Regno <angelogioacchino.delregno@collabora.com>
---
drivers/gpu/drm/mediatek/mtk_drm_gem.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/drivers/gpu/drm/mediatek/mtk_drm_gem.c b/drivers/gpu/drm/mediatek/mtk_drm_gem.c
index 4f2e3feabc0f..ee49367b6138 100644
--- a/drivers/gpu/drm/mediatek/mtk_drm_gem.c
+++ b/drivers/gpu/drm/mediatek/mtk_drm_gem.c
@@ -38,6 +38,9 @@ static struct mtk_drm_gem_obj *mtk_drm_gem_init(struct drm_device *dev,
size = round_up(size, PAGE_SIZE);
+ if (size == 0)
+ return ERR_PTR(-EINVAL);
+
mtk_gem_obj = kzalloc(sizeof(*mtk_gem_obj), GFP_KERNEL);
if (!mtk_gem_obj)
return ERR_PTR(-ENOMEM);
--
2.44.0.278.ge034bb2e1d-goog
^ permalink raw reply related [flat|nested] 2+ messages in thread
* Re: [PATCH RESEND] drm/mediatek: Add 0 size check to mtk_drm_gem_obj
2024-03-07 18:00 [PATCH RESEND] drm/mediatek: Add 0 size check to mtk_drm_gem_obj Justin Green
@ 2024-03-19 6:00 ` CK Hu (胡俊光)
0 siblings, 0 replies; 2+ messages in thread
From: CK Hu (胡俊光) @ 2024-03-19 6:00 UTC (permalink / raw
To: linux-mediatek@lists.infradead.org, greenjustin@chromium.org
Cc: dri-devel@lists.freedesktop.org, chunkuang.hu@kernel.org,
angelogioacchino.delregno@collabora.com
[-- Attachment #1: Type: text/plain, Size: 1517 bytes --]
Hi, Justin:
On Thu, 2024-03-07 at 13:00 -0500, Justin Green wrote:
>
> External email : Please do not click links or open attachments until
> you have verified the sender or the content.
> Add a check to mtk_drm_gem_init if we attempt to allocate a GEM
> object
> of 0 bytes. Currently, no such check exists and the kernel will panic
> if
> a userspace application attempts to allocate a 0x0 GBM buffer.
>
> Tested by attempting to allocate a 0x0 GBM buffer on an MT8188 and
> verifying that we now return EINVAL.
Reviewed-by: CK Hu <ck.hu@mediatek.com>
>
> Fixes: 119f5173628a ("drm/mediatek: Add DRM Driver for Mediatek SoC
> MT8173.")
> Signed-off-by: Justin green <greenjustin@chromium.org>
> Reviewed-by: AngeloGioacchino Del Regno <
> angelogioacchino.delregno@collabora.com>
> ---
> drivers/gpu/drm/mediatek/mtk_drm_gem.c | 3 +++
> 1 file changed, 3 insertions(+)
>
> diff --git a/drivers/gpu/drm/mediatek/mtk_drm_gem.c
> b/drivers/gpu/drm/mediatek/mtk_drm_gem.c
> index 4f2e3feabc0f..ee49367b6138 100644
> --- a/drivers/gpu/drm/mediatek/mtk_drm_gem.c
> +++ b/drivers/gpu/drm/mediatek/mtk_drm_gem.c
> @@ -38,6 +38,9 @@ static struct mtk_drm_gem_obj
> *mtk_drm_gem_init(struct drm_device *dev,
>
> size = round_up(size, PAGE_SIZE);
>
> + if (size == 0)
> + return ERR_PTR(-EINVAL);
> +
> mtk_gem_obj = kzalloc(sizeof(*mtk_gem_obj), GFP_KERNEL);
> if (!mtk_gem_obj)
> return ERR_PTR(-ENOMEM);
> --
> 2.44.0.278.ge034bb2e1d-goog
>
[-- Attachment #2: Type: text/html, Size: 3361 bytes --]
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2024-03-19 6:00 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2024-03-07 18:00 [PATCH RESEND] drm/mediatek: Add 0 size check to mtk_drm_gem_obj Justin Green
2024-03-19 6:00 ` CK Hu (胡俊光)
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).