[v2.6.34-stable 133/165] drm/i915: Rephrase pwrite bounds checking to avoid any potential overflow

From: Paul Gortmaker
Date: Wed Aug 15 2012 - 16:07:04 EST

Next message: Bjorn Helgaas: "Re: [PATCH v1] PCI,IA64: free associated resources when removing host bridges"
Previous message: Paul Gortmaker: "[v2.6.34-stable 127/165] kbuild: Add extra gcc checks"
In reply to: Paul Gortmaker: "[v2.6.34-stable 127/165] kbuild: Add extra gcc checks"
Next in thread: Paul Gortmaker: "[v2.6.34-stable 129/165] kbuild: Disable -Wunused-but-set-variable for gcc 4.6.0"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Chris Wilson <chris@xxxxxxxxxxxxxxxxxx>

-------------------
This is a commit scheduled for the next v2.6.34 longterm release.
http://git.kernel.org/?p=linux/kernel/git/paulg/longterm-queue-2.6.34.git
If you see a problem with using this for longterm, please comment.
-------------------

commit 7dcd2499deab8f10011713c40bc2f309c9b65077 upstream.

... and do the same for pread.

Signed-off-by: Chris Wilson <chris@xxxxxxxxxxxxxxxxxx>
Signed-off-by: Paul Gortmaker <paul.gortmaker@xxxxxxxxxxxxx>
---
drivers/gpu/drm/i915/i915_gem.c | 16 ++++------------
1 file changed, 4 insertions(+), 12 deletions(-)

diff --git a/drivers/gpu/drm/i915/i915_gem.c b/drivers/gpu/drm/i915/i915_gem.c
index fd51c36..82d798b 100644
--- a/drivers/gpu/drm/i915/i915_gem.c
+++ b/drivers/gpu/drm/i915/i915_gem.c
@@ -481,12 +481,8 @@ i915_gem_pread_ioctl(struct drm_device *dev, void *data,
return -EBADF;
obj_priv = to_intel_bo(obj);

- /* Bounds check source.
- *
- * XXX: This could use review for overflow issues...
- */
- if (args->offset > obj->size || args->size > obj->size ||
- args->offset + args->size > obj->size) {
+ /* Bounds check source. */
+ if (args->offset > obj->size || args->size > obj->size - args->offset) {
ret = -EINVAL;
goto err;
}
@@ -959,12 +955,8 @@ i915_gem_pwrite_ioctl(struct drm_device *dev, void *data,
return -EBADF;
obj_priv = to_intel_bo(obj);

- /* Bounds check destination.
- *
- * XXX: This could use review for overflow issues...
- */
- if (args->offset > obj->size || args->size > obj->size ||
- args->offset + args->size > obj->size) {
+ /* Bounds check destination. */
+ if (args->offset > obj->size || args->size > obj->size - args->offset) {
ret = -EINVAL;
goto err;
}
--
1.7.12.rc2

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Bjorn Helgaas: "Re: [PATCH v1] PCI,IA64: free associated resources when removing host bridges"
Previous message: Paul Gortmaker: "[v2.6.34-stable 127/165] kbuild: Add extra gcc checks"
In reply to: Paul Gortmaker: "[v2.6.34-stable 127/165] kbuild: Add extra gcc checks"
Next in thread: Paul Gortmaker: "[v2.6.34-stable 129/165] kbuild: Disable -Wunused-but-set-variable for gcc 4.6.0"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]