From: Jordan Crouse <jcrouse@xxxxxxxxxxxxxx> [ Upstream commit 6672e11cad662ce6631e04c38f92a140a99c042c ] Before loading the zap shader we should ensure that the reserved memory region is big enough to hold the loaded file. Signed-off-by: Jordan Crouse <jcrouse@xxxxxxxxxxxxxx> Reviewed-by: Bjorn Andersson <bjorn.andersson@xxxxxxxxxx> Reviewed-by: Jeffrey Hugo <jeffrey.l.hugo@xxxxxxxxx> Signed-off-by: Rob Clark <robdclark@xxxxxxxxxxxx> Signed-off-by: Sasha Levin <sashal@xxxxxxxxxx> --- drivers/gpu/drm/msm/adreno/adreno_gpu.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/drivers/gpu/drm/msm/adreno/adreno_gpu.c b/drivers/gpu/drm/msm/adreno/adreno_gpu.c index a9c0ac937b00..9acbbc0f3232 100644 --- a/drivers/gpu/drm/msm/adreno/adreno_gpu.c +++ b/drivers/gpu/drm/msm/adreno/adreno_gpu.c @@ -56,7 +56,6 @@ static int zap_shader_load_mdt(struct msm_gpu *gpu, const char *fwname, return ret; mem_phys = r.start; - mem_size = resource_size(&r); /* Request the MDT file for the firmware */ fw = adreno_request_fw(to_adreno_gpu(gpu), fwname); @@ -72,6 +71,13 @@ static int zap_shader_load_mdt(struct msm_gpu *gpu, const char *fwname, goto out; } + if (mem_size > resource_size(&r)) { + DRM_DEV_ERROR(dev, + "memory region is too small to load the MDT\n"); + ret = -E2BIG; + goto out; + } + /* Allocate memory for the firmware image */ mem_region = memremap(mem_phys, mem_size, MEMREMAP_WC); if (!mem_region) { -- 2.20.1