[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20220120100036.99867-1-guangming.cao@mediatek.com>
Date: Thu, 20 Jan 2022 18:00:36 +0800
From: <guangming.cao@...iatek.com>
To: <christian.koenig@....com>
CC: <benjamin.gaignard@...aro.org>, <bo.song@...iatek.com>,
<caoguangming34@...il.com>, <dri-devel@...ts.freedesktop.org>,
<guangming.cao@...iatek.com>, <jianjiao.zeng@...iatek.com>,
<john.stultz@...aro.org>, <labbott@...hat.com>,
<libo.kang@...iatek.com>, <linaro-mm-sig@...ts.linaro.org>,
<linux-arm-kernel@...ts.infradead.org>,
<linux-kernel@...r.kernel.org>, <linux-media@...r.kernel.org>,
<linux-mediatek@...ts.infradead.org>, <lmark@...eaurora.org>,
<matthias.bgg@...il.com>, <michael.j.ruhl@...el.com>,
<mingyuan.ma@...iatek.com>, <sumit.semwal@...aro.org>,
<wsd_upstream@...iatek.com>, <yf.wang@...iatek.com>,
Guangming <Guangming.Cao@...iatek.com>
Subject: [PATCH v6 RESEND] dma-buf: system_heap: Add a size check for allocation
From: Guangming <Guangming.Cao@...iatek.com>
Add a size check for allocation since the allocation size should be
always less than the total DRAM size on system heap.
Adding this check can prevent comsuming too much time for invalid allocations.
Signed-off-by: Guangming <Guangming.Cao@...iatek.com>
Acked-by: John Stultz <john.stultz@...aro.org>
---
drivers/dma-buf/heaps/system_heap.c | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/drivers/dma-buf/heaps/system_heap.c b/drivers/dma-buf/heaps/system_heap.c
index 23a7e74ef966..b65e597a742f 100644
--- a/drivers/dma-buf/heaps/system_heap.c
+++ b/drivers/dma-buf/heaps/system_heap.c
@@ -347,6 +347,14 @@ static struct dma_buf *system_heap_allocate(struct dma_heap *heap,
struct page *page, *tmp_page;
int i, ret = -ENOMEM;
+ /*
+ * Size check. The "len" should be less than totalram since system_heap
+ * memory is comes from system. Adding check here can prevent comsuming
+ * too much time for invalid allocations.
+ */
+ if (PFN_DOWN(len) > totalram_pages())
+ return ERR_PTR(-EINVAL);
+
buffer = kzalloc(sizeof(*buffer), GFP_KERNEL);
if (!buffer)
return ERR_PTR(-ENOMEM);
--
2.17.1
Powered by blists - more mailing lists