Re: [PATCH] drm/mediatek: Check GEM buffer size
From: Michał Krawczyk
Date: Mon Sep 25 2023 - 05:25:46 EST
On Mon, Sep 25, 2023 at 11:23 AM Hubert Mazur <hmazur@xxxxxxxxxxxx> wrote:
>
> The buffer size is derived from parameters supplied by the userspace.
> Having the size equal 0 causes allocation failure leading to kernel
> panic.
>
> Fix this by checking if size equals 0.
>
> Fixes: 119f5173628a ("drm/mediatek: Add DRM Driver for Mediatek SoC MT8173.")
>
> Signed-off-by: Hubert Mazur <hmazur@xxxxxxxxxxxx>
Reviewed-by: Michal Krawczyk <mikrawczyk@xxxxxxxxxx>
> ---
> drivers/gpu/drm/mediatek/mtk_drm_gem.c | 5 +++++
> 1 file changed, 5 insertions(+)
>
> diff --git a/drivers/gpu/drm/mediatek/mtk_drm_gem.c b/drivers/gpu/drm/mediatek/mtk_drm_gem.c
> index 9f364df52478..3b985b99d5c6 100644
> --- a/drivers/gpu/drm/mediatek/mtk_drm_gem.c
> +++ b/drivers/gpu/drm/mediatek/mtk_drm_gem.c
> @@ -62,6 +62,11 @@ struct mtk_drm_gem_obj *mtk_drm_gem_create(struct drm_device *dev,
> struct drm_gem_object *obj;
> int ret;
>
> + if (size == 0) {
> + DRM_ERROR("Invalid allocation size: %zu", size);
> + return ERR_PTR(-EINVAL);
> + }
> +
> mtk_gem = mtk_drm_gem_init(dev, size);
> if (IS_ERR(mtk_gem))
> return ERR_CAST(mtk_gem);
> --
> 2.42.0.515.g380fc7ccd1-goog
>