From patchwork Fri Dec 13 22:25:03 2013 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: John Stultz X-Patchwork-Id: 22453 Return-Path: X-Original-To: linaro@patches.linaro.org Delivered-To: linaro@patches.linaro.org Received: from mail-ie0-f198.google.com (mail-ie0-f198.google.com [209.85.223.198]) by ip-10-151-82-157.ec2.internal (Postfix) with ESMTPS id A2E3623FBA for ; Fri, 13 Dec 2013 22:28:28 +0000 (UTC) Received: by mail-ie0-f198.google.com with SMTP id tp5sf8954700ieb.5 for ; Fri, 13 Dec 2013 14:28:28 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:delivered-to:from:to:cc:subject :date:message-id:in-reply-to:references:x-original-sender :x-original-authentication-results:precedence:mailing-list:list-id :list-post:list-help:list-archive:list-unsubscribe; bh=4mkk32BrBTzFDcHK0hM6M9PR8hy7jacXCMRsYA3lHvg=; b=KagDMOaleP/k1nNrJG7+0v6eAVILZa22sJQ67Apf9b4bYxsdicv8osVJ1pE15D0YhW KAavaZRI0+53XGjG4Luceb8G5hZBCKw06F7Wrdvb//tvByPL5a5zakphiVt8LoBtR6bU cuyeJc8oM1YIBvorvN7IOc+nk3XvHXnkh7HKyKGBBgrsmOwViaPyhrxHZU82bjLBnTXM ZavbgnwQ/I2zhVRDWArEutMQTMFXdCh3smnztjsAXql2YbIeOn6Jgz6ZsoJjUu/H8X5w /PNS3E+kwBXhBGuKgj4oJiwVqUZCue3KJzG+f7IaYXtR+UDoXixfbnoEgO1Ou4hyRIuf Jphw== X-Gm-Message-State: ALoCoQkAPkpGAaG9hBWfTpNTSZ1IP2QP9q4/HTOOl9gCSd2DZfO5HVGA0awK9Xtopx4lE31fCDeb X-Received: by 10.182.60.37 with SMTP id e5mr1840269obr.30.1386973708303; Fri, 13 Dec 2013 14:28:28 -0800 (PST) MIME-Version: 1.0 X-BeenThere: patchwork-forward@linaro.org Received: by 10.49.128.41 with SMTP id nl9ls1251339qeb.56.gmail; Fri, 13 Dec 2013 14:28:28 -0800 (PST) X-Received: by 10.58.29.109 with SMTP id j13mr1235020veh.66.1386973708193; Fri, 13 Dec 2013 14:28:28 -0800 (PST) Received: from mail-vb0-f52.google.com (mail-vb0-f52.google.com [209.85.212.52]) by mx.google.com with ESMTPS id g10si1205632vcm.10.2013.12.13.14.28.28 for (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Fri, 13 Dec 2013 14:28:28 -0800 (PST) Received-SPF: neutral (google.com: 209.85.212.52 is neither permitted nor denied by best guess record for domain of patch+caf_=patchwork-forward=linaro.org@linaro.org) client-ip=209.85.212.52; Received: by mail-vb0-f52.google.com with SMTP id p5so1741319vbn.11 for ; Fri, 13 Dec 2013 14:28:28 -0800 (PST) X-Received: by 10.52.22.40 with SMTP id a8mr1830873vdf.49.1386973708112; Fri, 13 Dec 2013 14:28:28 -0800 (PST) X-Forwarded-To: patchwork-forward@linaro.org X-Forwarded-For: patch@linaro.org patchwork-forward@linaro.org Delivered-To: patches@linaro.org Received: by 10.220.174.196 with SMTP id u4csp73638vcz; Fri, 13 Dec 2013 14:28:27 -0800 (PST) X-Received: by 10.68.232.132 with SMTP id to4mr5848803pbc.141.1386973707426; Fri, 13 Dec 2013 14:28:27 -0800 (PST) Received: from mail-pa0-f52.google.com (mail-pa0-f52.google.com [209.85.220.52]) by mx.google.com with ESMTPS id fu1si2500423pbc.194.2013.12.13.14.28.27 for (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Fri, 13 Dec 2013 14:28:27 -0800 (PST) Received-SPF: neutral (google.com: 209.85.220.52 is neither permitted nor denied by best guess record for domain of john.stultz@linaro.org) client-ip=209.85.220.52; Received: by mail-pa0-f52.google.com with SMTP id ld10so597991pab.39 for ; Fri, 13 Dec 2013 14:28:27 -0800 (PST) X-Received: by 10.66.162.136 with SMTP id ya8mr5977136pab.110.1386973707069; Fri, 13 Dec 2013 14:28:27 -0800 (PST) Received: from localhost.localdomain (c-67-170-153-23.hsd1.or.comcast.net. [67.170.153.23]) by mx.google.com with ESMTPSA id qz9sm7457908pbc.3.2013.12.13.14.28.25 for (version=TLSv1.1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Fri, 13 Dec 2013 14:28:26 -0800 (PST) From: John Stultz To: LKML Cc: Greg KH , Android Kernel Team , Sumit Semwal , Jesse Barker , Colin Cross , John Stultz Subject: [PATCH 089/115] ion: check invalid values in ion_system_heap Date: Fri, 13 Dec 2013 14:25:03 -0800 Message-Id: <1386973529-4884-90-git-send-email-john.stultz@linaro.org> X-Mailer: git-send-email 1.8.3.2 In-Reply-To: <1386973529-4884-1-git-send-email-john.stultz@linaro.org> References: <1386973529-4884-1-git-send-email-john.stultz@linaro.org> X-Removed-Original-Auth: Dkim didn't pass. X-Original-Sender: john.stultz@linaro.org X-Original-Authentication-Results: mx.google.com; spf=neutral (google.com: 209.85.212.52 is neither permitted nor denied by best guess record for domain of patch+caf_=patchwork-forward=linaro.org@linaro.org) smtp.mail=patch+caf_=patchwork-forward=linaro.org@linaro.org Precedence: list Mailing-list: list patchwork-forward@linaro.org; contact patchwork-forward+owners@linaro.org List-ID: X-Google-Group-Id: 836684582541 List-Post: , List-Help: , List-Archive: List-Unsubscribe: , From: Colin Cross ion_system_heap can only satisfy page alignment, and ion_system_contig_heap can only satisify alignment to the allocation size. Neither can support faulting user mappings because they use slab pages. Signed-off-by: Colin Cross Signed-off-by: John Stultz --- drivers/staging/android/ion/ion_system_heap.c | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/drivers/staging/android/ion/ion_system_heap.c b/drivers/staging/android/ion/ion_system_heap.c index 967eedc..62a07ec 100644 --- a/drivers/staging/android/ion/ion_system_heap.c +++ b/drivers/staging/android/ion/ion_system_heap.c @@ -150,6 +150,12 @@ static int ion_system_heap_allocate(struct ion_heap *heap, long size_remaining = PAGE_ALIGN(size); unsigned int max_order = orders[0]; + if (align > PAGE_SIZE) + return -EINVAL; + + if (ion_buffer_fault_user_mappings(buffer)) + return -EINVAL; + INIT_LIST_HEAD(&pages); while (size_remaining > 0) { info = alloc_largest_available(sys_heap, buffer, size_remaining, max_order); @@ -362,6 +368,14 @@ static int ion_system_contig_heap_allocate(struct ion_heap *heap, unsigned long align, unsigned long flags) { + int order = get_order(len); + + if (align > (PAGE_SIZE << order)) + return -EINVAL; + + if (ion_buffer_fault_user_mappings(buffer)) + return -EINVAL; + buffer->priv_virt = kzalloc(len, GFP_KERNEL); if (!buffer->priv_virt) return -ENOMEM;