Skip to content

L
linux
Commit da761a6e authored by Chris Wilson's avatar Chris Wilson
Browse files
Options

drm/i915: Bail early if we try to mmap an object too large to be mapped. 

Signed-off-by: default avatarChris Wilson <chris@chris-wilson.co.uk>
parent fb7d516a
Hide whitespace changes
Inline Side-by-side
Showing with 12 additions and 0 deletions
drivers/gpu/drm/i915/i915_gem.c
View file @ da761a6e
......@@ -1258,6 +1258,7 @@ int
i915_gem_mmap_ioctl(struct drm_device *dev, void *data,
struct drm_file *file_priv)
{
struct drm_i915_private *dev_priv = dev->dev_private;
struct drm_i915_gem_mmap *args = data;
struct drm_gem_object *obj;
loff_t offset;
......@@ -1270,6 +1271,11 @@ i915_gem_mmap_ioctl(struct drm_device *dev, void *data,
if (obj == NULL)
return -ENOENT;
if (obj->size > dev_priv->mm.gtt_mappable_end) {
drm_gem_object_unreference_unlocked(obj);
return -E2BIG;
}
offset = args->offset;
down_write(&current->mm->mmap_sem);
......@@ -1547,6 +1553,7 @@ int
i915_gem_mmap_gtt_ioctl(struct drm_device *dev, void *data,
struct drm_file *file_priv)
{
struct drm_i915_private *dev_priv = dev->dev_private;
struct drm_i915_gem_mmap_gtt *args = data;
struct drm_gem_object *obj;
struct drm_i915_gem_object *obj_priv;
......@@ -1566,6 +1573,11 @@ i915_gem_mmap_gtt_ioctl(struct drm_device *dev, void *data,
}
obj_priv = to_intel_bo(obj);
if (obj->size > dev_priv->mm.gtt_mappable_end) {
ret = -E2BIG;
goto unlock;
}
if (obj_priv->madv != I915_MADV_WILLNEED) {
DRM_ERROR("Attempting to mmap a purgeable buffer\n");
ret = -EINVAL;
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment
GitLab Nexedi Edition | About GitLab | About Nexedi | 沪ICP备2021021310号-2 | 沪ICP备2021021310号-7