gpu: nvgpu: Validate buffer_offset argument
Debarshi Dutta [Fri, 9 Mar 2018 07:11:55 +0000 (12:11 +0530)]
Validate the mapping_size argument in the VM mapping IOCTL before
attempting to use the argument for anything.

Manual Cherry pick - https://git-master.nvidia.com/r/1547046

Bug 1954931
Bug 1965443

Change-Id: I81b22dc566c6c6f89e5e62604ce996376b33a343
Signed-off-by: Alex Waterman <alexw@nvidia.com>
Reviewed-on: https://git-master.nvidia.com/r/1547046
Signed-off-by: Debarshi Dutta <ddutta@nvidia.com>
(cherry picked from commit e68391690cfcc23b77c68aec3f9605badea226ed in
dev-kernel)
Reviewed-on: https://git-master.nvidia.com/r/1671883
GVS: Gerrit_Virtual_Submit
Reviewed-by: Bibek Basu <bbasu@nvidia.com>

drivers/gpu/nvgpu/gk20a/mm_gk20a.c

index 2a5bd76..59dc365 100644 (file)
@@ -1330,6 +1330,12 @@ u64 gk20a_vm_map(struct vm_gk20a *vm,
        bfr.pgsz_idx = -1;
        mapping_size = mapping_size ? mapping_size : bfr.size;
 
+       if ((mapping_size > bfr.size) ||
+               (buffer_offset > (bfr.size - mapping_size))) {
+               err = -EINVAL;
+               goto clean_up;
+       }
+
        /* If FIX_OFFSET is set, pgsz is determined. Otherwise, select
         * page size according to memory alignment */
        if (flags & NVHOST_AS_MAP_BUFFER_FLAGS_FIXED_OFFSET) {