diff options
Diffstat (limited to 'drivers/gpu/nvgpu/gk20a')
-rw-r--r-- | drivers/gpu/nvgpu/gk20a/mm_gk20a.c | 10 |
1 files changed, 9 insertions, 1 deletions
diff --git a/drivers/gpu/nvgpu/gk20a/mm_gk20a.c b/drivers/gpu/nvgpu/gk20a/mm_gk20a.c index c4dfb1b3..f4395116 100644 --- a/drivers/gpu/nvgpu/gk20a/mm_gk20a.c +++ b/drivers/gpu/nvgpu/gk20a/mm_gk20a.c | |||
@@ -1997,7 +1997,15 @@ int nvgpu_vm_map_buffer(struct vm_gk20a *vm, | |||
1997 | return PTR_ERR(dmabuf); | 1997 | return PTR_ERR(dmabuf); |
1998 | } | 1998 | } |
1999 | 1999 | ||
2000 | if (dmabuf->size < (buffer_offset + mapping_size)) { | 2000 | /* verify that we're not overflowing the buffer, i.e. |
2001 | * (buffer_offset + mapping_size)> dmabuf->size. | ||
2002 | * | ||
2003 | * Since buffer_offset + mapping_size could overflow, first check | ||
2004 | * that mapping size < dmabuf_size, at which point we can subtract | ||
2005 | * mapping_size from both sides for the final comparison. | ||
2006 | */ | ||
2007 | if ((mapping_size > dmabuf->size) || | ||
2008 | (buffer_offset > (dmabuf->size - mapping_size))) { | ||
2001 | nvgpu_err(gk20a_from_vm(vm), | 2009 | nvgpu_err(gk20a_from_vm(vm), |
2002 | "buf size %llx < (offset(%llx) + map_size(%llx))\n", | 2010 | "buf size %llx < (offset(%llx) + map_size(%llx))\n", |
2003 | (u64)dmabuf->size, buffer_offset, mapping_size); | 2011 | (u64)dmabuf->size, buffer_offset, mapping_size); |