msm: kgsl: Add missing check for snapshot IB dump
During ringbuffer parsing, same IB can exist multiple times but size validation happens only for the first time. This leads to out of bound access if the subsequent sizes are greater than the allocated size. Add a check to make sure that requested size is within the allocated range. Change-Id: Ie5d3c02c1669de2e6188821399e985f0991aa57c Signed-off-by: Rajesh Kemisetti <rajeshk@codeaurora.org>
This commit is contained in:
parent
719a4467ee
commit
97d050c99b
|
@ -67,6 +67,19 @@ void kgsl_snapshot_push_object(struct kgsl_process_private *process,
|
|||
for (index = 0; index < objbufptr; index++) {
|
||||
if (objbuf[index].gpuaddr == gpuaddr &&
|
||||
objbuf[index].entry->priv == process) {
|
||||
/*
|
||||
* Check if newly requested size is within the
|
||||
* allocated range or not, otherwise continue
|
||||
* with previous size.
|
||||
*/
|
||||
if (!kgsl_gpuaddr_in_memdesc(
|
||||
&objbuf[index].entry->memdesc,
|
||||
gpuaddr, dwords << 2)) {
|
||||
KGSL_CORE_ERR(
|
||||
"snapshot: IB 0x%016llx size is not within the memdesc range\n",
|
||||
gpuaddr);
|
||||
return;
|
||||
}
|
||||
|
||||
objbuf[index].size = max_t(uint64_t,
|
||||
objbuf[index].size,
|
||||
|
|
Loading…
Reference in New Issue