sprat: gpu : Add security patch (CVE-2016-2468)android-wear-6.0.1_r0.47

An elevation of privilege vulnerability in the Qualcomm video driver & GPU driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical severity due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Change-Id: I76e7e1522b50ac8f5d4f1bce72103ea7fe22d347 Signed-off-by: hyeonsu9.lee <hyeonsu9.lee@samsung.com>
author: hyeonsu9.lee <hyeonsu9.lee@samsung.com> 2016-06-02 11:09:22 +0900
committer: Hyeonsu Lee <hyeonsu9.lee@samsung.com> 2016-06-03 02:16:44 +0000
commit: 645f0d977047a12f40d0753e4c2d5fc51e9b2a0f (patch)
tree: b5dfd607570729bb2cf12e75d709bddd0c54aeca
parent: 32f905b378310f87063bed191f983919f8adbf35 (diff)
1 files changed, 4 insertions, 0 deletions
diff --git a/drivers/gpu/msm/kgsl_sharedmem.c b/drivers/gpu/msm/kgsl_sharedmem.c
index b62c3a39b6a1..73f9ed29ad5d 100644
--- a/drivers/gpu/msm/kgsl_sharedmem.c
+++ b/drivers/gpu/msm/kgsl_sharedmem.c
@@ -576,6 +576,10 @@ _kgsl_sharedmem_page_alloc(struct kgsl_memdesc *memdesc,
 	unsigned int align;
 	int step = ((VMALLOC_END - VMALLOC_START)/8) >> PAGE_SHIFT;
 
+	size = PAGE_ALIGN(size);
+	if (size == 0 || size > UINT_MAX)
+		return -EINVAL;
+
 	align = (memdesc->flags & KGSL_MEMALIGN_MASK) >> KGSL_MEMALIGN_SHIFT;
 
 	page_size = get_page_size(size, align);
author	hyeonsu9.lee <hyeonsu9.lee@samsung.com>	2016-06-02 11:09:22 +0900
committer	Hyeonsu Lee <hyeonsu9.lee@samsung.com>	2016-06-03 02:16:44 +0000
commit	645f0d977047a12f40d0753e4c2d5fc51e9b2a0f (patch)
tree	b5dfd607570729bb2cf12e75d709bddd0c54aeca
parent	32f905b378310f87063bed191f983919f8adbf35 (diff)