Upon creating a partial view we should check that the offset + size is valid relative to the size of the gem object. v2: (Tvrtko Ursulin) - Don't use pages->nents to determine the page count v3: (Chris Wilson) - Handle potential overflow v4: (Chris Wilson) - Idiomatically handle overflow - Less idiotic placement - Treat as programmer error Cc: Joonas Lahtinen <joonas.lahtinen@xxxxxxxxxxxxxxx> Signed-off-by: Matthew Auld <matthew.auld@xxxxxxxxx> --- drivers/gpu/drm/i915/i915_gem_gtt.c | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/drivers/gpu/drm/i915/i915_gem_gtt.c b/drivers/gpu/drm/i915/i915_gem_gtt.c index fb0f963..593eb15 100644 --- a/drivers/gpu/drm/i915/i915_gem_gtt.c +++ b/drivers/gpu/drm/i915/i915_gem_gtt.c @@ -3356,6 +3356,14 @@ i915_gem_obj_lookup_or_create_ggtt_vma(struct drm_i915_gem_object *obj, if (WARN_ON(!view)) return ERR_PTR(-EINVAL); + if (view->type == I915_GGTT_VIEW_PARTIAL) { + unsigned int page_count = obj->base.size >> PAGE_SHIFT; + if (WARN_ON(view->params.partial.offset > page_count || + view->params.partial.size > page_count - + view->params.partial.offset)) + return ERR_PTR(-EINVAL); + } + vma = i915_gem_obj_to_ggtt_view(obj, view); if (IS_ERR(vma)) -- 2.4.3 _______________________________________________ Intel-gfx mailing list Intel-gfx@xxxxxxxxxxxxxxxxxxxxx https://lists.freedesktop.org/mailman/listinfo/intel-gfx