Message ID | 20220120100036.99867-1-guangming.cao@mediatek.com |
---|---|
State | Superseded |
Headers | show |
Series | [v6,RESEND] dma-buf: system_heap: Add a size check for allocation | expand |
Am 20.01.22 um 11:00 schrieb guangming.cao@mediatek.com: > From: Guangming <Guangming.Cao@mediatek.com> > > Add a size check for allocation since the allocation size should be > always less than the total DRAM size on system heap. > Adding this check can prevent comsuming too much time for invalid allocations. > > Signed-off-by: Guangming <Guangming.Cao@mediatek.com> > Acked-by: John Stultz <john.stultz@linaro.org> Acked-by: Christian König <christian.koenig@amd.com> > --- > drivers/dma-buf/heaps/system_heap.c | 8 ++++++++ > 1 file changed, 8 insertions(+) > > diff --git a/drivers/dma-buf/heaps/system_heap.c b/drivers/dma-buf/heaps/system_heap.c > index 23a7e74ef966..b65e597a742f 100644 > --- a/drivers/dma-buf/heaps/system_heap.c > +++ b/drivers/dma-buf/heaps/system_heap.c > @@ -347,6 +347,14 @@ static struct dma_buf *system_heap_allocate(struct dma_heap *heap, > struct page *page, *tmp_page; > int i, ret = -ENOMEM; > > + /* > + * Size check. The "len" should be less than totalram since system_heap > + * memory is comes from system. Adding check here can prevent comsuming > + * too much time for invalid allocations. > + */ > + if (PFN_DOWN(len) > totalram_pages()) > + return ERR_PTR(-EINVAL); > + > buffer = kzalloc(sizeof(*buffer), GFP_KERNEL); > if (!buffer) > return ERR_PTR(-ENOMEM);
diff --git a/drivers/dma-buf/heaps/system_heap.c b/drivers/dma-buf/heaps/system_heap.c index 23a7e74ef966..b65e597a742f 100644 --- a/drivers/dma-buf/heaps/system_heap.c +++ b/drivers/dma-buf/heaps/system_heap.c @@ -347,6 +347,14 @@ static struct dma_buf *system_heap_allocate(struct dma_heap *heap, struct page *page, *tmp_page; int i, ret = -ENOMEM; + /* + * Size check. The "len" should be less than totalram since system_heap + * memory is comes from system. Adding check here can prevent comsuming + * too much time for invalid allocations. + */ + if (PFN_DOWN(len) > totalram_pages()) + return ERR_PTR(-EINVAL); + buffer = kzalloc(sizeof(*buffer), GFP_KERNEL); if (!buffer) return ERR_PTR(-ENOMEM);