nv-tegra-mirror/linux-nvgpu
1
0
Fork 0
mirror of git://nv-tegra.nvidia.com/linux-nvgpu.git synced 2025-12-24 10:34:43 +03:00
Code Issues Packages Projects Releases Wiki Activity

gpu: nvgpu: Remove BUG_ON from _IOC_SIZE checks

Browse Source 
When the user-supplied ioctl argument size is too large, just return
-EINVAL from the ioctl instead of crashing on a BUG_ON (for as, ctrl,
ctxsw, dbg and tsg nodes - channel and sched nodes are already okay).

Bug 1849661

Change-Id: I5b0d1d0c4ee47ce0136c424dda5975353f110c7e
Signed-off-by: Konsta Holtta <kholtta@nvidia.com>
Reviewed-on: http://git-master/r/1266606
Reviewed-by: mobile promotions <svcmobile_promotions@nvidia.com>
Tested-by: mobile promotions <svcmobile_promotions@nvidia.com>
This commit is contained in:
Konsta Holtta
2016-12-07 13:48:59 +02:00
committed by mobile promotions
parent 9da40c79fc
commit b018428c16
5 changed files with 12 additions and 16 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
drivers/gpu/nvgpu/gk20a/ctrl_gk20a.c
View File

@@ -1316,11 +1316,10 @@ long gk20a_ctrl_dev_ioctl(struct file *filp, unsigned int cmd, unsigned long arg
if ((_IOC_TYPE(cmd) != NVGPU_GPU_IOCTL_MAGIC) ||
(_IOC_NR(cmd) == 0) ||
(_IOC_NR(cmd) > NVGPU_GPU_IOCTL_LAST))
(_IOC_NR(cmd) > NVGPU_GPU_IOCTL_LAST) ||
(_IOC_SIZE(cmd) > NVGPU_GPU_IOCTL_MAX_ARG_SIZE))
return -EINVAL;
BUG_ON(_IOC_SIZE(cmd) > NVGPU_GPU_IOCTL_MAX_ARG_SIZE);
memset(buf, 0, sizeof(buf));
if (_IOC_DIR(cmd) & _IOC_WRITE) {
if (copy_from_user(buf, (void __user *)arg, _IOC_SIZE(cmd)))