From: Guangming <Guangming.Cao@xxxxxxxxxxxx>
Add a size check for allocation since the allocation size is
always less than the total DRAM size.
Without this check, once the invalid size allocation runs on a process that
can't be killed by OOM flow(such as "gralloc" on Android devices), it will
cause a kernel exception, and to make matters worse, we can't find who are using
so many memory with "dma_buf_debug_show" since the relevant dma-buf hasn't exported.
To make OOM issue easier, maybe need dma-buf framework to dump the buffer size
under allocating in "dma_buf_debug_show".
Signed-off-by: Guangming <Guangming.Cao@xxxxxxxxxxxx>
Signed-off-by: jianjiao zeng <jianjiao.zeng@xxxxxxxxxxxx>
---
v3: 1. update patch, use right shift to replace division.
2. update patch, add reason in code and commit message.
v2: 1. update size limitation as total_dram page size.
2. update commit message
---
drivers/dma-buf/dma-heap.c | 10 ++++++++++
1 file changed, 10 insertions(+)
diff --git a/drivers/dma-buf/dma-heap.c b/drivers/dma-buf/dma-heap.c
index 56bf5ad01ad5..1fd382712584 100644
--- a/drivers/dma-buf/dma-heap.c
+++ b/drivers/dma-buf/dma-heap.c
@@ -55,6 +55,16 @@ static int dma_heap_buffer_alloc(struct dma_heap *heap, size_t len,
struct dma_buf *dmabuf;
int fd;
+ /*
+ * Invalid size check. The "len" should be less than totalram.
+ *
+ * Without this check, once the invalid size allocation runs on a process that
+ * can't be killed by OOM flow(such as "gralloc" on Android devices), it will
+ * cause a kernel exception, and to make matters worse, we can't find who are using
+ * so many memory with "dma_buf_debug_show" since the relevant dma-buf hasn't exported.
+ */
+ if (len >> PAGE_SHIFT > totalram_pages())
+ return -EINVAL;
/*
* Allocations from all heaps have to begin
* and end on page boundaries.
--
2.17.1
