video: tegra: nvmap: fix pinning unalloc'd handles
Tuomas Tynkkynen [Mon, 13 Aug 2012 14:10:42 +0000 (17:10 +0300)]
nvmap_pin_ids takes a list of handles to pin from userspace.
Unfortunately, it does not check that the handles are actually
allocated, which will trigger a BUG_ON later in pin_locked().

Bug 1023954

Change-Id: Iba4c53bc0a6c47b7f4f740a93e59b613dc3b95f6
Signed-off-by: Tuomas Tynkkynen <ttynkkynen@nvidia.com>
Reviewed-on: http://git-master/r/131888
Reviewed-by: Mrutyunjay Sawant <msawant@nvidia.com>
Tested-by: Mrutyunjay Sawant <msawant@nvidia.com>

drivers/video/tegra/nvmap/nvmap.c

index f41d20f..5209c41 100644 (file)
@@ -287,11 +287,17 @@ int nvmap_pin_ids(struct nvmap_client *client,
                                           "handle %p\n",
                                           current->group_leader->comm, h[i]);
                        } else {
-                               h[i] = NULL;
                                ret = -EPERM;
+                               nr = i;
+                               break;
                        }
                        nvmap_ref_lock(client);
                }
+               if (!h[i]->alloc) {
+                       ret = -EFAULT;
+                       nr = i + 1;
+                       break;
+               }
        }
        nvmap_ref_unlock(client);