Re: [PATCH] drm/i915: Sanity check the computed size and base of stolen memory

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Mon, Jan 30, 2017 at 02:41:15PM +0200, Joonas Lahtinen wrote:
> On pe, 2017-01-27 at 17:20 +0000, Chris Wilson wrote:
> > Just do a quick check that the stolen memory address range doesn't
> > overflow our chosen integer type.
> > 
> > Signed-off-by: Chris Wilson <chris@xxxxxxxxxxxxxxxxxx>
> 
> <SNIP>
> 
> > @@ -189,7 +189,7 @@ static dma_addr_t i915_stolen_to_dma(struct drm_i915_private *dev_priv)
> >  		base = tom - tseg_size - ggtt->stolen_size;
> >  	}
> >  
> > -	if (base == 0)
> > +	if (base == 0 || base + ggtt->stolen_size <= base)
> 
> range_overflows?

if (base == 0 || range_overflows(base, ggtt->stolen_size, U64_MAX /* DMA_ADDR_MAX */))

Bleh.

#define add_overflows(A, B) __builtin_add_overflow_p((A), (B), (typeof((A) + (B)))0)

if (base == 0 || add_overflows(base, ggtt->stolen_size))
-Chris

-- 
Chris Wilson, Intel Open Source Technology Centre
_______________________________________________
Intel-gfx mailing list
Intel-gfx@xxxxxxxxxxxxxxxxxxxxx
https://lists.freedesktop.org/mailman/listinfo/intel-gfx




[Index of Archives]     [Linux USB Devel]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]
  Powered by Linux