drivers/gpu/drm/mediatek/mtk_drm_gem.c | 5 +++++ 1 file changed, 5 insertions(+)
The buffer size is derived from parameters supplied by the userspace.
Having the size equal 0 causes allocation failure leading to kernel
panic.
Fix this by checking if size equals 0.
Fixes: 119f5173628a ("drm/mediatek: Add DRM Driver for Mediatek SoC MT8173.")
Signed-off-by: Hubert Mazur <hmazur@chromium.org>
---
drivers/gpu/drm/mediatek/mtk_drm_gem.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/drivers/gpu/drm/mediatek/mtk_drm_gem.c b/drivers/gpu/drm/mediatek/mtk_drm_gem.c
index 9f364df52478..3b985b99d5c6 100644
--- a/drivers/gpu/drm/mediatek/mtk_drm_gem.c
+++ b/drivers/gpu/drm/mediatek/mtk_drm_gem.c
@@ -62,6 +62,11 @@ struct mtk_drm_gem_obj *mtk_drm_gem_create(struct drm_device *dev,
struct drm_gem_object *obj;
int ret;
+ if (size == 0) {
+ DRM_ERROR("Invalid allocation size: %zu", size);
+ return ERR_PTR(-EINVAL);
+ }
+
mtk_gem = mtk_drm_gem_init(dev, size);
if (IS_ERR(mtk_gem))
return ERR_CAST(mtk_gem);
--
2.42.0.515.g380fc7ccd1-goog
Hi, Hubert: On Mon, 2023-09-25 at 09:22 +0000, Hubert Mazur wrote: > > External email : Please do not click links or open attachments until > you have verified the sender or the content. > The buffer size is derived from parameters supplied by the > userspace. > Having the size equal 0 causes allocation failure leading to kernel > panic. The size is calculated by width and height, and drm_mode_create_dumb() has checked the width and height, so the size would not be 0. So this patch is redundant. Regards, CK > > Fix this by checking if size equals 0. > > Fixes: 119f5173628a ("drm/mediatek: Add DRM Driver for Mediatek SoC > MT8173.") > > Signed-off-by: Hubert Mazur <hmazur@chromium.org> > --- > drivers/gpu/drm/mediatek/mtk_drm_gem.c | 5 +++++ > 1 file changed, 5 insertions(+) > > diff --git a/drivers/gpu/drm/mediatek/mtk_drm_gem.c > b/drivers/gpu/drm/mediatek/mtk_drm_gem.c > index 9f364df52478..3b985b99d5c6 100644 > --- a/drivers/gpu/drm/mediatek/mtk_drm_gem.c > +++ b/drivers/gpu/drm/mediatek/mtk_drm_gem.c > @@ -62,6 +62,11 @@ struct mtk_drm_gem_obj *mtk_drm_gem_create(struct > drm_device *dev, > struct drm_gem_object *obj; > int ret; > > + if (size == 0) { > + DRM_ERROR("Invalid allocation size: %zu", size); > + return ERR_PTR(-EINVAL); > + } > + > mtk_gem = mtk_drm_gem_init(dev, size); > if (IS_ERR(mtk_gem)) > return ERR_CAST(mtk_gem); > -- > 2.42.0.515.g380fc7ccd1-goog
On Mon, Sep 25, 2023 at 11:23 AM Hubert Mazur <hmazur@chromium.org> wrote: > > The buffer size is derived from parameters supplied by the userspace. > Having the size equal 0 causes allocation failure leading to kernel > panic. > > Fix this by checking if size equals 0. > > Fixes: 119f5173628a ("drm/mediatek: Add DRM Driver for Mediatek SoC MT8173.") > > Signed-off-by: Hubert Mazur <hmazur@chromium.org> Reviewed-by: Michal Krawczyk <mikrawczyk@google.com> > --- > drivers/gpu/drm/mediatek/mtk_drm_gem.c | 5 +++++ > 1 file changed, 5 insertions(+) > > diff --git a/drivers/gpu/drm/mediatek/mtk_drm_gem.c b/drivers/gpu/drm/mediatek/mtk_drm_gem.c > index 9f364df52478..3b985b99d5c6 100644 > --- a/drivers/gpu/drm/mediatek/mtk_drm_gem.c > +++ b/drivers/gpu/drm/mediatek/mtk_drm_gem.c > @@ -62,6 +62,11 @@ struct mtk_drm_gem_obj *mtk_drm_gem_create(struct drm_device *dev, > struct drm_gem_object *obj; > int ret; > > + if (size == 0) { > + DRM_ERROR("Invalid allocation size: %zu", size); > + return ERR_PTR(-EINVAL); > + } > + > mtk_gem = mtk_drm_gem_init(dev, size); > if (IS_ERR(mtk_gem)) > return ERR_CAST(mtk_gem); > -- > 2.42.0.515.g380fc7ccd1-goog >
© 2016 - 2024 Red Hat, Inc.