gpu: nvgpu: Validate buffer_offset argument

Validate the mapping_size argument in the VM mapping IOCTL before attempting to use the argument for anything. Manual Cherry pick - https://git-master.nvidia.com/r/1547046 Bug 1954931 Bug 1965443 Change-Id: I81b22dc566c6c6f89e5e62604ce996376b33a343 Signed-off-by: Alex Waterman <alexw@nvidia.com> Reviewed-on: https://git-master.nvidia.com/r/1547046 Signed-off-by: Debarshi Dutta <ddutta@nvidia.com> (cherry picked from commit e68391690cfcc23b77c68aec3f9605badea226ed in dev-kernel) Reviewed-on: https://git-master.nvidia.com/r/1671883 GVS: Gerrit_Virtual_Submit Reviewed-by: Bibek Basu <bbasu@nvidia.com>
author: Debarshi Dutta <ddutta@nvidia.com> 2018-03-09 12:41:55 +0530
committer: Winnie Hsu <whsu@nvidia.com> 2018-03-09 10:19:13 -0800
commit: 9d09b31470a2714817375f86d9e56ffb1b617739 (patch)
tree: e108891e100d554333299acf52432ea28de66c28 /drivers/gpu
parent: 370b9f7a1dad9ccb7198bb0ffd30a8e7df112ab2 (diff)
1 files changed, 6 insertions, 0 deletions
diff --git a/drivers/gpu/nvgpu/gk20a/mm_gk20a.c b/drivers/gpu/nvgpu/gk20a/mm_gk20a.c
index 2a5bd760f82d..59dc3656f486 100644
--- a/drivers/gpu/nvgpu/gk20a/mm_gk20a.c
+++ b/drivers/gpu/nvgpu/gk20a/mm_gk20a.c
@@ -1330,6 +1330,12 @@ u64 gk20a_vm_map(struct vm_gk20a *vm,
 	bfr.pgsz_idx = -1;
 	mapping_size = mapping_size ? mapping_size : bfr.size;
 
+	if ((mapping_size > bfr.size) ||
+		(buffer_offset > (bfr.size - mapping_size))) {
+		err = -EINVAL;
+		goto clean_up;
+	}
+
 	/* If FIX_OFFSET is set, pgsz is determined. Otherwise, select
 	 * page size according to memory alignment */
 	if (flags & NVHOST_AS_MAP_BUFFER_FLAGS_FIXED_OFFSET) {
author	Debarshi Dutta <ddutta@nvidia.com>	2018-03-09 12:41:55 +0530
committer	Winnie Hsu <whsu@nvidia.com>	2018-03-09 10:19:13 -0800
commit	9d09b31470a2714817375f86d9e56ffb1b617739 (patch)
tree	e108891e100d554333299acf52432ea28de66c28 /drivers/gpu
parent	370b9f7a1dad9ccb7198bb0ffd30a8e7df112ab2 (diff)