[PATCH RFC 016/111] staging: etnaviv: validation: ensure space for the LINK command

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



From: Russell King <rmk+kernel@xxxxxxxxxxxxxxxx>

Ensure that we reject command buffers which are fully populated, as
we always need to append two words for a LINK command to the end of
the buffer.

Signed-off-by: Russell King <rmk+kernel@xxxxxxxxxxxxxxxx>
---
 drivers/staging/etnaviv/etnaviv_gem_submit.c | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/drivers/staging/etnaviv/etnaviv_gem_submit.c b/drivers/staging/etnaviv/etnaviv_gem_submit.c
index dd87fdfe7ab5..f8b733a0e313 100644
--- a/drivers/staging/etnaviv/etnaviv_gem_submit.c
+++ b/drivers/staging/etnaviv/etnaviv_gem_submit.c
@@ -348,6 +348,7 @@ int etnaviv_ioctl_gem_submit(struct drm_device *dev, void *data,
 		void __user *userptr =
 			to_user_ptr(args->cmds + (i * sizeof(submit_cmd)));
 		struct etnaviv_gem_object *etnaviv_obj;
+		unsigned max_size;
 
 		ret = copy_from_user(&submit_cmd, userptr, sizeof(submit_cmd));
 		if (ret) {
@@ -373,8 +374,13 @@ int etnaviv_ioctl_gem_submit(struct drm_device *dev, void *data,
 			goto out;
 		}
 
-		if ((submit_cmd.size + submit_cmd.submit_offset) >=
-				etnaviv_obj->base.size) {
+		/*
+		 * We must have space to add a LINK command at the end of
+		 * the command buffer.
+		 */
+		max_size = etnaviv_obj->base.size - 8;
+
+		if ((submit_cmd.size + submit_cmd.submit_offset) > max_size) {
 			DRM_ERROR("invalid cmdstream size: %u\n", submit_cmd.size);
 			ret = -EINVAL;
 			goto out;
-- 
2.1.4

_______________________________________________
dri-devel mailing list
dri-devel@xxxxxxxxxxxxxxxxxxxxx
http://lists.freedesktop.org/mailman/listinfo/dri-devel





[Index of Archives]     [Linux DRI Users]     [Linux Intel Graphics]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]     [XFree86]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Linux Kernel]     [Linux SCSI]     [XFree86]
  Powered by Linux