Commit e8f9ae9b authored by Chris Wilson's avatar Chris Wilson

drm/i915: Use range_overflows()

Replace a few more open-coded overflow checks with the macro.
Signed-off-by: default avatarChris Wilson <chris@chris-wilson.co.uk>
Reviewed-by: default avatarTvrtko Ursulin <tvrtko.ursulin@intel.com>
Link: http://patchwork.freedesktop.org/patch/msgid/20170106152013.24684-4-chris@chris-wilson.co.uk
parent edd1f2fe
......@@ -505,7 +505,7 @@ i915_pages_create_for_stolen(struct drm_device *dev,
struct sg_table *st;
struct scatterlist *sg;
GEM_BUG_ON(offset > dev_priv->ggtt.stolen_size - size);
GEM_BUG_ON(range_overflows(offset, size, dev_priv->ggtt.stolen_size));
/* We hide that we have no struct page backing our stolen object
* by wrapping the contiguous physical allocation with a fake
......
......@@ -403,7 +403,8 @@ i915_vma_insert(struct i915_vma *vma, u64 size, u64 alignment, u64 flags)
if (flags & PIN_OFFSET_FIXED) {
u64 offset = flags & PIN_OFFSET_MASK;
if (offset & (alignment - 1) || offset > end - size) {
if (offset & (alignment - 1) ||
range_overflows(offset, size, end)) {
ret = -EINVAL;
goto err_unpin;
}
......
......@@ -1416,13 +1416,16 @@ bool intel_bios_is_valid_vbt(const void *buf, size_t size)
return false;
}
if (vbt->bdb_offset + sizeof(struct bdb_header) > size) {
if (range_overflows_t(size_t,
vbt->bdb_offset,
sizeof(struct bdb_header),
size)) {
DRM_DEBUG_DRIVER("BDB header incomplete\n");
return false;
}
bdb = get_bdb_header(vbt);
if (vbt->bdb_offset + bdb->bdb_size > size) {
if (range_overflows_t(size_t, vbt->bdb_offset, bdb->bdb_size, size)) {
DRM_DEBUG_DRIVER("BDB incomplete\n");
return false;
}
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment