dma-coherent: catch oversized requests to dma_alloc_from_coherent()
authorJohannes Weiner <hannes@cmpxchg.org>
Tue, 6 Jan 2009 22:43:10 +0000 (14:43 -0800)
committerLinus Torvalds <torvalds@linux-foundation.org>
Tue, 6 Jan 2009 23:59:31 +0000 (15:59 -0800)
Prevent passing an order to bitmap_find_free_region() that is larger than
the actual bitmap can represent.

These requests can come from device drivers that have no idea how big the
dma region is and need to rely on dma_alloc_from_coherent() to sort it out
for them.

Reported-by: Guennadi Liakhovetski <lg@denx.de>
Signed-off-by: Johannes Weiner <hannes@cmpxchg.org>
Cc: Pekka Enberg <penberg@cs.helsinki.fi>
Cc: Dmitry Baryshkov <dbaryshkov@gmail.com>
Cc: Jesse Barnes <jbarnes@virtuousgeek.org>
Cc: Tetsuo Handa <penguin-kernel@i-love.sakura.ne.jp>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
kernel/dma-coherent.c

index 8056d081609caacd13b26e3dceedd6b07cd5550e..038707404b76075866d6bccb5df015d9965762c4 100644 (file)
@@ -118,6 +118,8 @@ int dma_alloc_from_coherent(struct device *dev, ssize_t size,
        mem = dev->dma_mem;
        if (!mem)
                return 0;
        mem = dev->dma_mem;
        if (!mem)
                return 0;
+       if (unlikely(size > mem->size))
+               return 0;
 
        pageno = bitmap_find_free_region(mem->bitmap, mem->size, order);
        if (pageno >= 0) {
 
        pageno = bitmap_find_free_region(mem->bitmap, mem->size, order);
        if (pageno >= 0) {