Commit 0108bc80 authored by Maarten Lankhorst's avatar Maarten Lankhorst Committed by Ben Skeggs

drm/nouveau: do not allow negative sizes for now

The API allows up to 64-bits allocations, but size is handled as int
inside nouveau almost everywhere. Until this is fixed it's better to
prevent negative sizes.

The 256 kB before INT_MAX is paranoia, because of the large page
aligning below that could flip it above INT_MAX.
Signed-off-by: default avatarMaarten Lankhorst <maarten.lankhorst@canonical.com>
Signed-off-by: default avatarBen Skeggs <bskeggs@redhat.com>
parent 9b234db3
...@@ -198,6 +198,12 @@ nouveau_bo_new(struct drm_device *dev, int size, int align, ...@@ -198,6 +198,12 @@ nouveau_bo_new(struct drm_device *dev, int size, int align,
size_t acc_size; size_t acc_size;
int ret; int ret;
int type = ttm_bo_type_device; int type = ttm_bo_type_device;
int max_size = INT_MAX & ~((1 << drm->client.base.vm->vmm->lpg_shift) - 1);
if (size <= 0 || size > max_size) {
nv_warn(drm, "skipped size %x\n", (u32)size);
return -EINVAL;
}
if (sg) if (sg)
type = ttm_bo_type_sg; type = ttm_bo_type_sg;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment