msm: kgsl: Fix out of bound write in adreno_profile_submit_time

/* Copyright (c) 2016-2019, The Linux Foundation. All rights reserved.

/* Copyright (c) 2016-2019,2021, The Linux Foundation. All rights reserved.

 *

 * This program is free software; you can redistribute it and/or modify

 * it under the terms of the GNU General Public License version 2 and

{

	struct kgsl_mem_entry *entry;

	struct kgsl_drawobj *drawobj = DRAWOBJ(cmdobj);

	u64 start;

	if (!(drawobj->flags & KGSL_DRAWOBJ_PROFILING))

		return;

			gpuaddr);

	if (entry != NULL) {

		if (!kgsl_gpuaddr_in_memdesc(&entry->memdesc, gpuaddr, size)) {

		start = id ? (entry->memdesc.gpuaddr + offset) : gpuaddr;

		/*

		 * Make sure there is enough room in the object to store the

		 * entire profiling buffer object

		 */

		if (!kgsl_gpuaddr_in_memdesc(&entry->memdesc, gpuaddr, size) ||

			!kgsl_gpuaddr_in_memdesc(&entry->memdesc, start,

				sizeof(struct kgsl_drawobj_profiling_buffer))) {

			kgsl_mem_entry_put(entry);

			entry = NULL;

		}

		return;

	}

	if (!id) {

		cmdobj->profiling_buffer_gpuaddr = gpuaddr;

	} else {

		u64 off = offset + sizeof(struct kgsl_drawobj_profiling_buffer);

		/*

		 * Make sure there is enough room in the object to store the

		 * entire profiling buffer object

		 */

		if (off < offset || off >= entry->memdesc.size) {

			dev_err(device->dev,

				"ignore invalid profile offset ctxt %d id %d offset %lld gpuaddr %llx size %lld\n",

			drawobj->context->id, id, offset, gpuaddr, size);

			kgsl_mem_entry_put(entry);

			return;

		}

		cmdobj->profiling_buffer_gpuaddr =

			entry->memdesc.gpuaddr + offset;

	}

	cmdobj->profiling_buffer_gpuaddr = start;

	cmdobj->profiling_buf_entry = entry;

}