gpu: nvgpu: Validate buffer_offset argument
skadamati [Thu, 28 Sep 2017 06:51:28 +0000 (11:51 +0530)]
Validate the mapping_size argument in the VM mapping IOCTL before
attempting to use the argument for anything.

Manual Cherry pick - https://git-master.nvidia.com/r/1547046

Bug 1954931
Bug 1993254
Bug 200288656

Change-Id: I81b22dc566c6c6f89e5e62604ce996376b33a343
Signed-off-by: Alex Waterman <alexw@nvidia.com>
Reviewed-on: https://git-master.nvidia.com/r/1547046
Signed-off-by: skadamati <skadamati@nvidia.com>
Reviewed-on: https://git-master.nvidia.com/r/1569976
(cherry picked from commit 84c14d463b613b6f29455295f27683821a78dce9)
Reviewed-on: https://git-master.nvidia.com/r/1584264
(cherry picked from commit 25e2877d988453dc29bd1573e6d8f8b566bce170)
Signed-off-by: Gagan Grover <ggrover@nvidia.com>
Reviewed-on: https://git-master.nvidia.com/r/1606956
Reviewed-on: https://git-master.nvidia.com/r/1632961
(cherry picked from commit aa3a7d24153973653f9a278baa67fea3475fa9c3)
Reviewed-on: https://git-master.nvidia.com/r/1606103
GVS: Gerrit_Virtual_Submit
Tested-by: Debarshi Dutta <ddutta@nvidia.com>
Reviewed-by: Bibek Basu <bbasu@nvidia.com>

drivers/gpu/nvgpu/gk20a/mm_gk20a.c

index 155af4e..cf8b5a4 100644 (file)
@@ -1557,6 +1557,12 @@ u64 gk20a_vm_map(struct vm_gk20a *vm,
        }
        gmmu_page_size = vm->gmmu_page_sizes[bfr.pgsz_idx];
 
+       if ((mapping_size > bfr.size) ||
+               (buffer_offset > (bfr.size - mapping_size))) {
+               err = -EINVAL;
+               dump_stack();
+               goto clean_up;
+       }
        /* Check if we should use a fixed offset for mapping this buffer */
 
        if (flags & NVGPU_AS_MAP_BUFFER_FLAGS_FIXED_OFFSET)  {