msm: kgsl: Fix overflow in sharedmem read/write functions (6f65a30c) · Commits · e / devices / android_kernel_xiaomi_markw

drivers/gpu/msm/kgsl_sharedmem.c

+8 −8

Original line number	Diff line number	Diff line
		@@ -901,8 +901,8 @@ kgsl_sharedmem_readl(const struct kgsl_memdesc *memdesc,
		if (offsetbytes % sizeof(uint32_t) != 0)
		return -EINVAL;

		WARN_ON(offsetbytes + sizeof(uint32_t) > memdesc->size);
		if (offsetbytes + sizeof(uint32_t) > memdesc->size)
		WARN_ON(offsetbytes > (memdesc->size - sizeof(uint32_t)));
		if (offsetbytes > (memdesc->size - sizeof(uint32_t)))
		return -ERANGE;

		rmb();
		@@ -924,8 +924,8 @@ kgsl_sharedmem_writel(struct kgsl_device *device,
		if (offsetbytes % sizeof(uint32_t) != 0)
		return -EINVAL;

		WARN_ON(offsetbytes + sizeof(uint32_t) > memdesc->size);
		if (offsetbytes + sizeof(uint32_t) > memdesc->size)
		WARN_ON(offsetbytes > (memdesc->size - sizeof(uint32_t)));
		if (offsetbytes > (memdesc->size - sizeof(uint32_t)))
		return -ERANGE;
		kgsl_cffdump_write(device,
		memdesc->gpuaddr + offsetbytes,
		@@ -950,8 +950,8 @@ kgsl_sharedmem_readq(const struct kgsl_memdesc *memdesc,
		if (offsetbytes % sizeof(uint32_t) != 0)
		return -EINVAL;

		WARN_ON(offsetbytes + sizeof(uint32_t) > memdesc->size);
		if (offsetbytes + sizeof(uint32_t) > memdesc->size)
		WARN_ON(offsetbytes > (memdesc->size - sizeof(uint32_t)));
		if (offsetbytes > (memdesc->size - sizeof(uint32_t)))
		return -ERANGE;

		/*
		@@ -977,8 +977,8 @@ kgsl_sharedmem_writeq(struct kgsl_device *device,
		if (offsetbytes % sizeof(uint32_t) != 0)
		return -EINVAL;

		WARN_ON(offsetbytes + sizeof(uint32_t) > memdesc->size);
		if (offsetbytes + sizeof(uint32_t) > memdesc->size)
		WARN_ON(offsetbytes > (memdesc->size - sizeof(uint32_t)));
		if (offsetbytes > (memdesc->size - sizeof(uint32_t)))
		return -ERANGE;
		kgsl_cffdump_write(device,
		lower_32_bits(memdesc->gpuaddr + offsetbytes), src);