drm/rockchip: fix wrong pitch/size using on gem

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

args->pitch and args->size may not be set by userspace, sometimes
userspace only malloc args and not memset args to zero, then
args->pitch and args->size is random, it is very danger to use
pitch/size on gem.

pitch's type is u32, and min_pitch's type is int, example,
pitch is 0xffffffff, then pitch < min_pitch return true, then gem will
alloc very very big bufffer, it would eat all the memory and cause kernel
crash.

Stop using pitch/size from args, calc them from other args.

Signed-off-by: Mark Yao <mark.yao@rock-chips.com>

Mark Yao 10 years ago e3c4abdb c9ad1d99

+2 -7

1 changed file

expand all

drivers

gpu

drm

rockchip

rockchip_drm_gem.c

+2 -7

drivers/gpu/drm/rockchip/rockchip_drm_gem.c

··· 234 234 /* 235 235 * align to 64 bytes since Mali requires it. 236 236 */ 237 - min_pitch = ALIGN(min_pitch, 64); 238 - 239 - if (args->pitch < min_pitch) 240 - args->pitch = min_pitch; 241 - 242 - if (args->size < args->pitch * args->height) 243 - args->size = args->pitch * args->height; 237 + args->pitch = ALIGN(min_pitch, 64); 238 + args->size = args->pitch * args->height; 244 239 245 240 rk_obj = rockchip_gem_create_with_handle(file_priv, dev, args->size, 246 241 &args->handle);