diff options
author | shunmin_wang <shunmin_wang@asus.com> | 2016-06-22 10:22:31 +0800 |
---|---|---|
committer | Eric1 Lin <Eric1_Lin@asus.com> | 2016-06-22 18:17:25 +0800 |
commit | 00f21f748f01888888909f9f58280f5a363cd5f9 (patch) | |
tree | 0fd5160743bba309a2f341c77b17983d97ad209e | |
parent | 54458d84050c703894be6d1f018618d751c41e1a (diff) |
msm: kgsl: Add missing check for alloc size(CVE-2016-2468)android-wear-6.0.1_r0.42
In _kgsl_sharedmem_page_alloc(), check for boundary limits
of requested alloc size before honoring.
Change-Id: Ib76926a6c5994065d5c8f4a9e36b34dff5d4596b
Reviewed-on: http://mcrd1-22-pc.corpnet.asus/code-review/master/238963
Reviewed-by: shunmin_wang <shunmin_wang@asus.com>
Tested-by: shunmin_wang <shunmin_wang@asus.com>
Reviewed-by: Carol_Jiang <carol_jiang@asus.com>
Reviewed-on: http://mcrd1-22-pc.corpnet.asus/code-review/master/238993
Reviewed-by: frank2_hsieh <frank2_hsieh@asus.com>
Tested-by: frank2_hsieh <frank2_hsieh@asus.com>
Reviewed-by: Eric1 Lin <Eric1_Lin@asus.com>
-rw-r--r-- | drivers/gpu/msm/kgsl_sharedmem.c | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/drivers/gpu/msm/kgsl_sharedmem.c b/drivers/gpu/msm/kgsl_sharedmem.c index b62c3a39b6a1..73f9ed29ad5d 100644 --- a/drivers/gpu/msm/kgsl_sharedmem.c +++ b/drivers/gpu/msm/kgsl_sharedmem.c @@ -576,6 +576,10 @@ _kgsl_sharedmem_page_alloc(struct kgsl_memdesc *memdesc, unsigned int align; int step = ((VMALLOC_END - VMALLOC_START)/8) >> PAGE_SHIFT; + size = PAGE_ALIGN(size); + if (size == 0 || size > UINT_MAX) + return -EINVAL; + align = (memdesc->flags & KGSL_MEMALIGN_MASK) >> KGSL_MEMALIGN_SHIFT; page_size = get_page_size(size, align); |