msm: kgsl: Verify the offset of the profiling buffer (5eb952a6) · Commits · e / devices / android_kernel_fairphone_FP3

drivers/gpu/msm/kgsl_drawobj.c

+20 −4

Original line number	Diff line number	Diff line
		@@ -598,13 +598,29 @@ static void add_profiling_buffer(struct kgsl_device *device,
		return;
		}

		cmdobj->profiling_buf_entry = entry;

		if (id != 0)
		if (!id) {
		cmdobj->profiling_buffer_gpuaddr = gpuaddr;
		} else {
		u64 off = offset + sizeof(struct kgsl_drawobj_profiling_buffer);

		/*
		* Make sure there is enough room in the object to store the
		* entire profiling buffer object
		*/
		if (off < offset \|\| off >= entry->memdesc.size) {
		dev_err(device->dev,
		"ignore invalid profile offset ctxt %d id %d offset %lld gpuaddr %llx size %lld\n",
		drawobj->context->id, id, offset, gpuaddr, size);
		kgsl_mem_entry_put(entry);
		return;
		}

		cmdobj->profiling_buffer_gpuaddr =
		entry->memdesc.gpuaddr + offset;
		else
		cmdobj->profiling_buffer_gpuaddr = gpuaddr;
		}

		cmdobj->profiling_buf_entry = entry;
		}

		/**