On Mon, Jan 30, 2017 at 02:41:15PM +0200, Joonas Lahtinen wrote: > On pe, 2017-01-27 at 17:20 +0000, Chris Wilson wrote: > > Just do a quick check that the stolen memory address range doesn't > > overflow our chosen integer type. > > > > Signed-off-by: Chris Wilson <chris@xxxxxxxxxxxxxxxxxx> > > <SNIP> > > > @@ -189,7 +189,7 @@ static dma_addr_t i915_stolen_to_dma(struct drm_i915_private *dev_priv) > > base = tom - tseg_size - ggtt->stolen_size; > > } > > > > - if (base == 0) > > + if (base == 0 || base + ggtt->stolen_size <= base) > > range_overflows? if (base == 0 || range_overflows(base, ggtt->stolen_size, U64_MAX /* DMA_ADDR_MAX */)) Bleh. #define add_overflows(A, B) __builtin_add_overflow_p((A), (B), (typeof((A) + (B)))0) if (base == 0 || add_overflows(base, ggtt->stolen_size)) -Chris -- Chris Wilson, Intel Open Source Technology Centre _______________________________________________ Intel-gfx mailing list Intel-gfx@xxxxxxxxxxxxxxxxxxxxx https://lists.freedesktop.org/mailman/listinfo/intel-gfx
