Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit ec022ec0 authored by Prakash Kamliya's avatar Prakash Kamliya
Browse files

msm: kgsl: avoid zero length scatterlist allocation 



During sglist allocation we calculate sglen as
per below

sglen_alloc = PAGE_ALIGN(size) >> PAGE_SHIFT;

sglen_alloc can be zero if size falls within the
last page. For example, when size = 0xFFFF_FF7B,
PAGE_ALIGN(0xFFFF_FF7B) will be 0, considering
0x1000 (4kb) PAGE_SIZE. if kzalloc() with
zero size, it will return ZERO_SIZE_PTR which is
not NULL and we always do NULL check. Dereferencing
ZERO_SIZE_PTR will lead to a distinct access fault.

Change-Id: Ibcc6198438c13b5111be0faa736328db92511597
CRs-Fixed: 563106
Signed-off-by: default avatarPrakash Kamliya <pkamliya@codeaurora.org>
parent f80b0e48

drivers/gpu/msm/kgsl_sharedmem.h

+1 −1
Original line number Diff line number Diff line
@@ -131,7 +131,7 @@ static inline unsigned int kgsl_get_sg_pa(struct scatterlist *sg) 


static inline void *kgsl_sg_alloc(unsigned int sglen)

{

	if (sglen >= ULONG_MAX / sizeof(struct scatterlist))

	if ((sglen == 0) || (sglen >= ULONG_MAX / sizeof(struct scatterlist)))

		return NULL;



	if ((sglen * sizeof(struct scatterlist)) <  PAGE_SIZE)