aboutsummaryrefslogtreecommitdiffstats
path: root/arch/arm/mm/dma-mapping.c
diff options
context:
space:
mode:
authorMarek Szyprowski <m.szyprowski@samsung.com>2012-07-30 03:35:26 -0400
committerMarek Szyprowski <m.szyprowski@samsung.com>2012-07-30 06:25:45 -0400
commit50262a4bf38dd70486e9fce2b8235d5ae3e0f627 (patch)
treef20c140547bd6d33079143fcc77d81844796609c /arch/arm/mm/dma-mapping.c
parente9da6e9905e639b0f842a244bc770b48ad0523e9 (diff)
ARM: dma-mapping: add more sanity checks in arm_dma_mmap()
Add some sanity checks and forbid mmaping of buffers into vma areas larger than allocated dma buffer. Signed-off-by: Marek Szyprowski <m.szyprowski@samsung.com>
Diffstat (limited to 'arch/arm/mm/dma-mapping.c')
-rw-r--r--arch/arm/mm/dma-mapping.c14
1 files changed, 10 insertions, 4 deletions
diff --git a/arch/arm/mm/dma-mapping.c b/arch/arm/mm/dma-mapping.c
index f906d5f4cbd8..a2881c98fb03 100644
--- a/arch/arm/mm/dma-mapping.c
+++ b/arch/arm/mm/dma-mapping.c
@@ -611,16 +611,22 @@ int arm_dma_mmap(struct device *dev, struct vm_area_struct *vma,
611{ 611{
612 int ret = -ENXIO; 612 int ret = -ENXIO;
613#ifdef CONFIG_MMU 613#ifdef CONFIG_MMU
614 unsigned long nr_vma_pages = (vma->vm_end - vma->vm_start) >> PAGE_SHIFT;
615 unsigned long nr_pages = PAGE_ALIGN(size) >> PAGE_SHIFT;
614 unsigned long pfn = dma_to_pfn(dev, dma_addr); 616 unsigned long pfn = dma_to_pfn(dev, dma_addr);
617 unsigned long off = vma->vm_pgoff;
618
615 vma->vm_page_prot = __get_dma_pgprot(attrs, vma->vm_page_prot); 619 vma->vm_page_prot = __get_dma_pgprot(attrs, vma->vm_page_prot);
616 620
617 if (dma_mmap_from_coherent(dev, vma, cpu_addr, size, &ret)) 621 if (dma_mmap_from_coherent(dev, vma, cpu_addr, size, &ret))
618 return ret; 622 return ret;
619 623
620 ret = remap_pfn_range(vma, vma->vm_start, 624 if (off < nr_pages && nr_vma_pages <= (nr_pages - off)) {
621 pfn + vma->vm_pgoff, 625 ret = remap_pfn_range(vma, vma->vm_start,
622 vma->vm_end - vma->vm_start, 626 pfn + off,
623 vma->vm_page_prot); 627 vma->vm_end - vma->vm_start,
628 vma->vm_page_prot);
629 }
624#endif /* CONFIG_MMU */ 630#endif /* CONFIG_MMU */
625 631
626 return ret; 632 return ret;