[PATCH 4.4 06/47] drm/i915/userptr: reject zero user_size

From: Greg Kroah-Hartman
Date: Fri Sep 07 2018 - 17:53:37 EST


4.4-stable review patch. If anyone has any objections, please let me know.

------------------

From: Matthew Auld <matthew.auld@xxxxxxxxx>

commit c11c7bfd213495784b22ef82a69b6489f8d0092f upstream.

Operating on a zero sized GEM userptr object will lead to explosions.

Fixes: 5cc9ed4b9a7a ("drm/i915: Introduce mapping of user pages into video memory (userptr) ioctl")
Testcase: igt/gem_userptr_blits/input-checking
Signed-off-by: Matthew Auld <matthew.auld@xxxxxxxxx>
Cc: Chris Wilson <chris@xxxxxxxxxxxxxxxxxx>
Reviewed-by: Chris Wilson <chris@xxxxxxxxxxxxxxxxxx>
Signed-off-by: Chris Wilson <chris@xxxxxxxxxxxxxxxxxx>
Link: https://patchwork.freedesktop.org/patch/msgid/20180502195021.30900-1-matthew.auld@xxxxxxxxx
Cc: Loic <hackurx@xxxxxxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>

---
drivers/gpu/drm/i915/i915_gem_userptr.c | 3 +++
1 file changed, 3 insertions(+)

--- a/drivers/gpu/drm/i915/i915_gem_userptr.c
+++ b/drivers/gpu/drm/i915/i915_gem_userptr.c
@@ -842,6 +842,9 @@ i915_gem_userptr_ioctl(struct drm_device
I915_USERPTR_UNSYNCHRONIZED))
return -EINVAL;

+ if (!args->user_size)
+ return -EINVAL;
+
if (offset_in_page(args->user_ptr | args->user_size))
return -EINVAL;