dma_buf_mmap_internal() already checks for overflowing the buffer's size. In addition, the check in i915_gem_dmabuf_mmap() is incomplete, which doesn't consider a page offset. --- drivers/gpu/drm/i915/i915_gem_dmabuf.c | 3 --- 1 file changed, 3 deletions(-) diff --git a/drivers/gpu/drm/i915/i915_gem_dmabuf.c b/drivers/gpu/drm/i915/i915_gem_dmabuf.c index 6176e58..91fc456 100644 --- a/drivers/gpu/drm/i915/i915_gem_dmabuf.c +++ b/drivers/gpu/drm/i915/i915_gem_dmabuf.c @@ -159,9 +159,6 @@ static int i915_gem_dmabuf_mmap(struct dma_buf *dma_buf, struct vm_area_struct * struct drm_i915_gem_object *obj = dma_buf_to_obj(dma_buf); int ret; - if (obj->base.size < vma->vm_end - vma->vm_start) - return -EINVAL; - if (!obj->base.filp) return -ENODEV; -- 2.7.4 _______________________________________________ Intel-gfx mailing list Intel-gfx@xxxxxxxxxxxxxxxxxxxxx https://lists.freedesktop.org/mailman/listinfo/intel-gfx
