video: tegra: nvmap: Check if handle holds a buffer before map
authorSri Krishna chowdary <schowdary@nvidia.com>
Tue, 15 Nov 2016 05:53:30 +0000 (10:53 +0530)
committermobile promotions <svcmobile_promotions@nvidia.com>
Thu, 24 Nov 2016 15:47:28 +0000 (07:47 -0800)
commitc5da78cf3d0c19f1e04501a4b3f64a5acacd0ff3
tree215d5a20a6f0b1d9467d4bebe43c1461280be217
parent3072e6010022be58d6b244323781a2d280c1fd99
video: tegra: nvmap: Check if handle holds a buffer before map

Consider the following case:
1. NVMAP_IOC_CREATE gives a valid fd to user space
2. user space calls NVMAP_IOC_ALLOC and it fails. So, all
of the handle's allocation fields are zero.
3. Subsequent dma_buf_vmap, mmap on fd leads to __nvmap_mmap
call.
4. handle is valid but h->alloc, h->carveout, h->heap_pgalloc,
h->vaddr all are 0.
5. We check for h->heap_pgalloc which is false, so proceed and
dereference h->carveout leading to NULL pointer exception.

A valid __nvmap_mmap should occur only when h->alloc is true.
So, add check for it.

bug 1837468

Change-Id: I9be9d94f9b74c25b9b588fb1a16a74e96161ceda
Signed-off-by: Sri Krishna chowdary <schowdary@nvidia.com>
Reviewed-on: http://git-master/r/1253236
GVS: Gerrit_Virtual_Submit
Reviewed-by: Gagan Grover <ggrover@nvidia.com>
Tested-by: Gagan Grover <ggrover@nvidia.com>
Reviewed-by: Pritesh Raithatha <praithatha@nvidia.com>
Reviewed-by: Dhiren Parmar <dparmar@nvidia.com>
drivers/video/tegra/nvmap/nvmap.c