drm: Detect overflow in drm_mm_reserve_node()

Protect ourselves from a caller passing in node.start + node.size that will overflow and trick us into reserving that node. Signed-off-by: Chris Wilson <chris@chris-wilson.co.uk> Reviewed-by: Joonas Lahtinen <joonas.lahtinen@linux.intel.com> Signed-off-by: Daniel Vetter <daniel.vetter@ffwll.ch> Link: http://patchwork.freedesktop.org/patch/msgid/20161222083641.2691-24-chris@chris-wilson.co.uk

drm: Detect overflow in drm_mm_reserve_node()
Protect ourselves from a caller passing in node.start + node.size that will overflow and trick us into reserving that node. Signed-off-by: Chris Wilson <chris@chris-wilson.co.uk> Reviewed-by: Joonas Lahtinen <joonas.lahtinen@linux.intel.com> Signed-off-by: Daniel Vetter <daniel.vetter@ffwll.ch> Link: http://patchwork.freedesktop.org/patch/msgid/20161222083641.2691-24-chris@chris-wilson.co.uk
c820186d · Chris Wilson · Daniel Vetter · ba004e39 · c820186d
Commit c820186d authored Dec 22, 2016 by Chris Wilson Committed by Daniel Vetter Dec 27, 2016
Hide whitespace changes
Inline Side-by-side

Showing with 2 additions and 3 deletions

drivers/gpu/drm/drm_mm.c drivers/gpu/drm/drm_mm.c +2 -3

No files found.
--- a/drivers/gpu/drm/drm_mm.c
+++ b/drivers/gpu/drm/drm_mm.c
@@ -308,10 +308,9 @@ int drm_mm_reserve_node(struct drm_mm *mm, struct drm_mm_node *node)
 	u64 hole_start, hole_end;
 	u64 adj_start, adj_end;

-	if (WARN_ON(node->size == 0))
-		return -EINVAL;
-
 	end = node->start + node->size;
+	if (unlikely(end <= node->start))
+		return -ENOSPC;

 	/* Find the relevant hole to add our node to */
 	hole = drm_mm_interval_tree_iter_first(&mm->interval_tree,