msm: kgsl: Add missing check for alloc size(CVE-2016-2468)android-wear-6.0.1_r0.42

In _kgsl_sharedmem_page_alloc(), check for boundary limits of requested alloc size before honoring. Change-Id: Ib76926a6c5994065d5c8f4a9e36b34dff5d4596b Reviewed-on: http://mcrd1-22-pc.corpnet.asus/code-review/master/238963 Reviewed-by: shunmin_wang <shunmin_wang@asus.com> Tested-by: shunmin_wang <shunmin_wang@asus.com> Reviewed-by: Carol_Jiang <carol_jiang@asus.com> Reviewed-on: http://mcrd1-22-pc.corpnet.asus/code-review/master/238993 Reviewed-by: frank2_hsieh <frank2_hsieh@asus.com> Tested-by: frank2_hsieh <frank2_hsieh@asus.com> Reviewed-by: Eric1 Lin <Eric1_Lin@asus.com>
author: shunmin_wang <shunmin_wang@asus.com> 2016-06-22 10:22:31 +0800
committer: Eric1 Lin <Eric1_Lin@asus.com> 2016-06-22 18:17:25 +0800
commit: 00f21f748f01888888909f9f58280f5a363cd5f9 (patch)
tree: 0fd5160743bba309a2f341c77b17983d97ad209e
parent: 54458d84050c703894be6d1f018618d751c41e1a (diff)
1 files changed, 4 insertions, 0 deletions
diff --git a/drivers/gpu/msm/kgsl_sharedmem.c b/drivers/gpu/msm/kgsl_sharedmem.c
index b62c3a39b6a1..73f9ed29ad5d 100644
--- a/drivers/gpu/msm/kgsl_sharedmem.c
+++ b/drivers/gpu/msm/kgsl_sharedmem.c
@@ -576,6 +576,10 @@ _kgsl_sharedmem_page_alloc(struct kgsl_memdesc *memdesc,
 	unsigned int align;
 	int step = ((VMALLOC_END - VMALLOC_START)/8) >> PAGE_SHIFT;
 
+	size = PAGE_ALIGN(size);
+	if (size == 0 || size > UINT_MAX)
+		return -EINVAL;
+
 	align = (memdesc->flags & KGSL_MEMALIGN_MASK) >> KGSL_MEMALIGN_SHIFT;
 
 	page_size = get_page_size(size, align);
author	shunmin_wang <shunmin_wang@asus.com>	2016-06-22 10:22:31 +0800
committer	Eric1 Lin <Eric1_Lin@asus.com>	2016-06-22 18:17:25 +0800
commit	00f21f748f01888888909f9f58280f5a363cd5f9 (patch)
tree	0fd5160743bba309a2f341c77b17983d97ad209e
parent	54458d84050c703894be6d1f018618d751c41e1a (diff)