From b018428c166959c99f045a70db87a42a4e061fed Mon Sep 17 00:00:00 2001 From: Konsta Holtta Date: Wed, 7 Dec 2016 13:48:59 +0200 Subject: gpu: nvgpu: Remove BUG_ON from _IOC_SIZE checks When the user-supplied ioctl argument size is too large, just return -EINVAL from the ioctl instead of crashing on a BUG_ON (for as, ctrl, ctxsw, dbg and tsg nodes - channel and sched nodes are already okay). Bug 1849661 Change-Id: I5b0d1d0c4ee47ce0136c424dda5975353f110c7e Signed-off-by: Konsta Holtta Reviewed-on: http://git-master/r/1266606 Reviewed-by: mobile promotions Tested-by: mobile promotions --- drivers/gpu/nvgpu/gk20a/ctxsw_trace_gk20a.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) (limited to 'drivers/gpu/nvgpu/gk20a/ctxsw_trace_gk20a.c') diff --git a/drivers/gpu/nvgpu/gk20a/ctxsw_trace_gk20a.c b/drivers/gpu/nvgpu/gk20a/ctxsw_trace_gk20a.c index 1f18d9cf..a443512c 100644 --- a/drivers/gpu/nvgpu/gk20a/ctxsw_trace_gk20a.c +++ b/drivers/gpu/nvgpu/gk20a/ctxsw_trace_gk20a.c @@ -360,12 +360,12 @@ long gk20a_ctxsw_dev_ioctl(struct file *filp, unsigned int cmd, gk20a_dbg(gpu_dbg_fn|gpu_dbg_ctxsw, "nr=%d", _IOC_NR(cmd)); - if ((_IOC_TYPE(cmd) != NVGPU_CTXSW_IOCTL_MAGIC) || (_IOC_NR(cmd) == 0) - || (_IOC_NR(cmd) > NVGPU_CTXSW_IOCTL_LAST)) + if ((_IOC_TYPE(cmd) != NVGPU_CTXSW_IOCTL_MAGIC) || + (_IOC_NR(cmd) == 0) || + (_IOC_NR(cmd) > NVGPU_CTXSW_IOCTL_LAST) || + (_IOC_SIZE(cmd) > NVGPU_CTXSW_IOCTL_MAX_ARG_SIZE)) return -EINVAL; - BUG_ON(_IOC_SIZE(cmd) > NVGPU_CTXSW_IOCTL_MAX_ARG_SIZE); - memset(buf, 0, sizeof(buf)); if (_IOC_DIR(cmd) & _IOC_WRITE) { if (copy_from_user(buf, (void __user *) arg, _IOC_SIZE(cmd))) -- cgit v1.2.2