[PATCH] dma-buf/sw_sync: Fix timeline/pt overflow cases

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Protect against long-running processes from overflowing the timeline
and creating fences that go back in time. While we're at it, avoid
overflowing while we're incrementing the timeline.

Signed-off-by: Sean Paul <seanpaul@xxxxxxxxxxxx>
---
 drivers/dma-buf/sw_sync.c | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/drivers/dma-buf/sw_sync.c b/drivers/dma-buf/sw_sync.c
index 69c5ff36e2f9..40934619ed88 100644
--- a/drivers/dma-buf/sw_sync.c
+++ b/drivers/dma-buf/sw_sync.c
@@ -142,7 +142,7 @@ static void sync_timeline_signal(struct sync_timeline *obj, unsigned int inc)
 
 	spin_lock_irqsave(&obj->child_list_lock, flags);
 
-	obj->value += inc;
+	obj->value += min(inc, ~0x0U - obj->value);
 
 	list_for_each_entry_safe(pt, next, &obj->active_list_head,
 				 active_list) {
@@ -178,6 +178,11 @@ static struct sync_pt *sync_pt_create(struct sync_timeline *obj, int size,
 		return NULL;
 
 	spin_lock_irqsave(&obj->child_list_lock, flags);
+	if (value < obj->value) {
+		spin_unlock_irqrestore(&obj->child_list_lock, flags);
+		return NULL;
+	}
+
 	sync_timeline_get(obj);
 	dma_fence_init(&pt->base, &timeline_fence_ops, &obj->child_list_lock,
 		       obj->context, value);
-- 
2.13.2.725.g09c95d1e9-goog




[Index of Archives]     [Linux Input]     [Video for Linux]     [Gstreamer Embedded]     [Mplayer Users]     [Linux USB Devel]     [Linux Audio Users]     [Linux Kernel]     [Linux SCSI]     [Yosemite Backpacking]
  Powered by Linux