Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit c820186d authored by Chris Wilson's avatar Chris Wilson Committed by Daniel Vetter
Browse files

drm: Detect overflow in drm_mm_reserve_node() 



Protect ourselves from a caller passing in node.start + node.size that
will overflow and trick us into reserving that node.

Signed-off-by: default avatarChris Wilson <chris@chris-wilson.co.uk>
Reviewed-by: default avatarJoonas Lahtinen <joonas.lahtinen@linux.intel.com>
Signed-off-by: default avatarDaniel Vetter <daniel.vetter@ffwll.ch>
Link: http://patchwork.freedesktop.org/patch/msgid/20161222083641.2691-24-chris@chris-wilson.co.uk
parent ba004e39

drivers/gpu/drm/drm_mm.c

+2 −3
Original line number Original line Diff line number Diff line
@@ -308,10 +308,9 @@ int drm_mm_reserve_node(struct drm_mm *mm, struct drm_mm_node *node) 
	u64 hole_start, hole_end;

	u64 hole_start, hole_end;

	u64 adj_start, adj_end;

	u64 adj_start, adj_end;





	if (WARN_ON(node->size == 0))

		return -EINVAL;



	end = node->start + node->size;

	end = node->start + node->size;

	if (unlikely(end <= node->start))

		return -ENOSPC;





	/* Find the relevant hole to add our node to */

	/* Find the relevant hole to add our node to */

	hole = drm_mm_interval_tree_iter_first(&mm->interval_tree,

	hole = drm_mm_interval_tree_iter_first(&mm->interval_tree,