linux-mediatek.lists.infradead.org archive mirror
 help / color / mirror / Atom feed
* [PATCH] drm/mediatek: Check GEM buffer size
@ 2023-09-25  9:22 Hubert Mazur
  2023-09-25  9:25 ` Michał Krawczyk
  2023-09-25  9:40 ` CK Hu (胡俊光)
  0 siblings, 2 replies; 3+ messages in thread
From: Hubert Mazur @ 2023-09-25  9:22 UTC (permalink / raw)
  To: dri-devel, linux-mediatek, linux-kernel, linux-arm-kernel
  Cc: Chun-Kuang Hu, Philipp Zabel, David Airlie, Daniel Vetter,
	Matthias Brugger, AngeloGioacchino Del Regno, CK Hu, Bibby Hsieh,
	YT Shen, Daniel Kurtz, Michal Krawczyk, upstream, Hubert Mazur

The buffer size is derived from parameters supplied by the userspace.
Having the size equal 0 causes allocation failure leading to kernel
panic.

Fix this by checking if size equals 0.

Fixes: 119f5173628a ("drm/mediatek: Add DRM Driver for Mediatek SoC MT8173.")

Signed-off-by: Hubert Mazur <hmazur@chromium.org>
---
 drivers/gpu/drm/mediatek/mtk_drm_gem.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/drivers/gpu/drm/mediatek/mtk_drm_gem.c b/drivers/gpu/drm/mediatek/mtk_drm_gem.c
index 9f364df52478..3b985b99d5c6 100644
--- a/drivers/gpu/drm/mediatek/mtk_drm_gem.c
+++ b/drivers/gpu/drm/mediatek/mtk_drm_gem.c
@@ -62,6 +62,11 @@ struct mtk_drm_gem_obj *mtk_drm_gem_create(struct drm_device *dev,
 	struct drm_gem_object *obj;
 	int ret;
 
+	if (size == 0) {
+		DRM_ERROR("Invalid allocation size: %zu", size);
+		return ERR_PTR(-EINVAL);
+	}
+
 	mtk_gem = mtk_drm_gem_init(dev, size);
 	if (IS_ERR(mtk_gem))
 		return ERR_CAST(mtk_gem);
-- 
2.42.0.515.g380fc7ccd1-goog



^ permalink raw reply related	[flat|nested] 3+ messages in thread
* Re: [PATCH] drm/mediatek: Check GEM buffer size
  2023-09-25  9:22 [PATCH] drm/mediatek: Check GEM buffer size Hubert Mazur
@ 2023-09-25  9:25 ` Michał Krawczyk
  2023-09-25  9:40 ` CK Hu (胡俊光)
  1 sibling, 0 replies; 3+ messages in thread
From: Michał Krawczyk @ 2023-09-25  9:25 UTC (permalink / raw)
  To: Hubert Mazur
  Cc: dri-devel, linux-mediatek, linux-kernel, linux-arm-kernel,
	Chun-Kuang Hu, Philipp Zabel, David Airlie, Daniel Vetter,
	Matthias Brugger, AngeloGioacchino Del Regno, CK Hu, Bibby Hsieh,
	YT Shen, Daniel Kurtz, upstream

On Mon, Sep 25, 2023 at 11:23 AM Hubert Mazur <hmazur@chromium.org> wrote:
>
> The buffer size is derived from parameters supplied by the userspace.
> Having the size equal 0 causes allocation failure leading to kernel
> panic.
>
> Fix this by checking if size equals 0.
>
> Fixes: 119f5173628a ("drm/mediatek: Add DRM Driver for Mediatek SoC MT8173.")
>
> Signed-off-by: Hubert Mazur <hmazur@chromium.org>
Reviewed-by: Michal Krawczyk <mikrawczyk@google.com>
> ---
>  drivers/gpu/drm/mediatek/mtk_drm_gem.c | 5 +++++
>  1 file changed, 5 insertions(+)
>
> diff --git a/drivers/gpu/drm/mediatek/mtk_drm_gem.c b/drivers/gpu/drm/mediatek/mtk_drm_gem.c
> index 9f364df52478..3b985b99d5c6 100644
> --- a/drivers/gpu/drm/mediatek/mtk_drm_gem.c
> +++ b/drivers/gpu/drm/mediatek/mtk_drm_gem.c
> @@ -62,6 +62,11 @@ struct mtk_drm_gem_obj *mtk_drm_gem_create(struct drm_device *dev,
>         struct drm_gem_object *obj;
>         int ret;
>
> +       if (size == 0) {
> +               DRM_ERROR("Invalid allocation size: %zu", size);
> +               return ERR_PTR(-EINVAL);
> +       }
> +
>         mtk_gem = mtk_drm_gem_init(dev, size);
>         if (IS_ERR(mtk_gem))
>                 return ERR_CAST(mtk_gem);
> --
> 2.42.0.515.g380fc7ccd1-goog
>


^ permalink raw reply	[flat|nested] 3+ messages in thread
* Re: [PATCH] drm/mediatek: Check GEM buffer size
  2023-09-25  9:22 [PATCH] drm/mediatek: Check GEM buffer size Hubert Mazur
  2023-09-25  9:25 ` Michał Krawczyk
@ 2023-09-25  9:40 ` CK Hu (胡俊光)
  1 sibling, 0 replies; 3+ messages in thread
From: CK Hu (胡俊光) @ 2023-09-25  9:40 UTC (permalink / raw)
  To: dri-devel, linux-kernel, linux-mediatek, linux-arm-kernel, hmazur
  Cc: mikrawczyk, Bibby Hsieh (謝濟遠),
	chunkuang.hu, djkurtz, upstream, daniel, p.zabel, airlied,
	YT Shen (沈岳霆),
	matthias.bgg, angelogioacchino.delregno

Hi, Hubert:

On Mon, 2023-09-25 at 09:22 +0000, Hubert Mazur wrote:
>  	 
> External email : Please do not click links or open attachments until
> you have verified the sender or the content.
>  The buffer size is derived from parameters supplied by the
> userspace.
> Having the size equal 0 causes allocation failure leading to kernel
> panic.

The size is calculated by width and height, and drm_mode_create_dumb()
has checked the width and height, so the size would not be 0. So this
patch is redundant.

Regards,
CK

> 
> Fix this by checking if size equals 0.
> 
> Fixes: 119f5173628a ("drm/mediatek: Add DRM Driver for Mediatek SoC
> MT8173.")
> 
> Signed-off-by: Hubert Mazur <hmazur@chromium.org>
> ---
>  drivers/gpu/drm/mediatek/mtk_drm_gem.c | 5 +++++
>  1 file changed, 5 insertions(+)
> 
> diff --git a/drivers/gpu/drm/mediatek/mtk_drm_gem.c
> b/drivers/gpu/drm/mediatek/mtk_drm_gem.c
> index 9f364df52478..3b985b99d5c6 100644
> --- a/drivers/gpu/drm/mediatek/mtk_drm_gem.c
> +++ b/drivers/gpu/drm/mediatek/mtk_drm_gem.c
> @@ -62,6 +62,11 @@ struct mtk_drm_gem_obj *mtk_drm_gem_create(struct
> drm_device *dev,
>  	struct drm_gem_object *obj;
>  	int ret;
>  
> +	if (size == 0) {
> +		DRM_ERROR("Invalid allocation size: %zu", size);
> +		return ERR_PTR(-EINVAL);
> +	}
> +
>  	mtk_gem = mtk_drm_gem_init(dev, size);
>  	if (IS_ERR(mtk_gem))
>  		return ERR_CAST(mtk_gem);
> -- 
> 2.42.0.515.g380fc7ccd1-goog

^ permalink raw reply	[flat|nested] 3+ messages in thread
end of thread, other threads:[~2023-09-25  9:40 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2023-09-25  9:22 [PATCH] drm/mediatek: Check GEM buffer size Hubert Mazur
2023-09-25  9:25 ` Michał Krawczyk
2023-09-25  9:40 ` CK Hu (胡俊光)

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).