drm/amdgpu: validate the parameters of bo mapping operations more clearly

	trace_amdgpu_vm_bo_map(bo_va, mapping);

}

/* Validate operation parameters to prevent potential abuse */

static int amdgpu_vm_verify_parameters(struct amdgpu_device *adev,

					  struct amdgpu_bo *bo,

					  uint64_t saddr,

					  uint64_t offset,

					  uint64_t size)

{

	uint64_t tmp, lpfn;

	if (saddr & AMDGPU_GPU_PAGE_MASK

	    || offset & AMDGPU_GPU_PAGE_MASK

	    || size & AMDGPU_GPU_PAGE_MASK)

		return -EINVAL;

	if (check_add_overflow(saddr, size, &tmp)

	    || check_add_overflow(offset, size, &tmp)

	    || size == 0 /* which also leads to end < begin */)

		return -EINVAL;

	/* make sure object fit at this offset */

	if (bo && offset + size > amdgpu_bo_size(bo))

		return -EINVAL;

	/* Ensure last pfn not exceed max_pfn */

	lpfn = (saddr + size - 1) >> AMDGPU_GPU_PAGE_SHIFT;

	if (lpfn >= adev->vm_manager.max_pfn)

		return -EINVAL;

	return 0;

}

/**

 * amdgpu_vm_bo_map - map bo inside a vm

 *

	struct amdgpu_bo *bo = bo_va->base.bo;

	struct amdgpu_vm *vm = bo_va->base.vm;

	uint64_t eaddr;

	int r;

	/* validate the parameters */

	if (saddr & ~PAGE_MASK || offset & ~PAGE_MASK || size & ~PAGE_MASK)

		return -EINVAL;

	if (saddr + size <= saddr || offset + size <= offset)

		return -EINVAL;

	/* make sure object fit at this offset */

	eaddr = saddr + size - 1;

	if ((bo && offset + size > amdgpu_bo_size(bo)) ||

	    (eaddr >= adev->vm_manager.max_pfn << AMDGPU_GPU_PAGE_SHIFT))

		return -EINVAL;

	r = amdgpu_vm_verify_parameters(adev, bo, saddr, offset, size);

	if (r)

		return r;

	saddr /= AMDGPU_GPU_PAGE_SIZE;

	eaddr /= AMDGPU_GPU_PAGE_SIZE;

	eaddr = saddr + (size - 1) / AMDGPU_GPU_PAGE_SIZE;

	tmp = amdgpu_vm_it_iter_first(&vm->va, saddr, eaddr);

	if (tmp) {

	uint64_t eaddr;

	int r;

	/* validate the parameters */

	if (saddr & ~PAGE_MASK || offset & ~PAGE_MASK || size & ~PAGE_MASK)

		return -EINVAL;

	if (saddr + size <= saddr || offset + size <= offset)

		return -EINVAL;

	/* make sure object fit at this offset */

	eaddr = saddr + size - 1;

	if ((bo && offset + size > amdgpu_bo_size(bo)) ||

	    (eaddr >= adev->vm_manager.max_pfn << AMDGPU_GPU_PAGE_SHIFT))

		return -EINVAL;

	r = amdgpu_vm_verify_parameters(adev, bo, saddr, offset, size);

	if (r)

		return r;

	/* Allocate all the needed memory */

	mapping = kmalloc(sizeof(*mapping), GFP_KERNEL);

	}

	saddr /= AMDGPU_GPU_PAGE_SIZE;

	eaddr /= AMDGPU_GPU_PAGE_SIZE;

	eaddr = saddr + (size - 1) / AMDGPU_GPU_PAGE_SIZE;

	mapping->start = saddr;

	mapping->last = eaddr;

	struct amdgpu_bo_va_mapping *before, *after, *tmp, *next;

	LIST_HEAD(removed);

	uint64_t eaddr;

	int r;

	r = amdgpu_vm_verify_parameters(adev, NULL, saddr, 0, size);

	if (r)

		return r;

	eaddr = saddr + size - 1;

	saddr /= AMDGPU_GPU_PAGE_SIZE;

	eaddr /= AMDGPU_GPU_PAGE_SIZE;

	eaddr = saddr + (size - 1) / AMDGPU_GPU_PAGE_SIZE;

	/* Allocate all the needed memory */

	before = kzalloc(sizeof(*before), GFP_KERNEL);