From 527a68d60f0c805daf92ad9074373393c0d46f40 Mon Sep 17 00:00:00 2001
From: Rajesh Kemisetti <rajeshk@codeaurora.org>
Date: Tue, 19 Apr 2016 15:42:12 -0700
Subject: [PATCH] msm: kgsl: Add missing checks for alloc size and sglen

In _kgsl_sharedmem_page_alloc():

- Make len of type size_t to be in line with size.
- Check for boundary limits of requested alloc size before honoring.
- Make sure sglen is greater than zero before marking it as end
of sg list.

Bug: 27475454
Change-Id: I5b2e6f657f532fc256627cb6b2ab3ca01938a11b
Signed-off-by: Yuan Lin <yualin@google.com>
---
 drivers/gpu/msm/kgsl_sharedmem.c | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/drivers/gpu/msm/kgsl_sharedmem.c b/drivers/gpu/msm/kgsl_sharedmem.c
index 29f6162c34ec..a138719bd094 100644
--- a/drivers/gpu/msm/kgsl_sharedmem.c
+++ b/drivers/gpu/msm/kgsl_sharedmem.c
@@ -592,13 +592,18 @@ _kgsl_sharedmem_page_alloc(struct kgsl_memdesc *memdesc,
 			size_t size)
 {
 	int pcount = 0, order, ret = 0;
-	int j, len, page_size, sglen_alloc, sglen = 0;
+	int j, page_size, sglen_alloc, sglen = 0;
 	struct page **pages = NULL;
 	pgprot_t page_prot = pgprot_writecombine(PAGE_KERNEL);
 	void *ptr;
+	size_t len;
 	unsigned int align;
 	int step = SZ_2M >> PAGE_SHIFT;
 
+	size = PAGE_ALIGN(size);
+	if (size == 0 || size > UINT_MAX)
+		return -EINVAL;
+
 	align = (memdesc->flags & KGSL_MEMALIGN_MASK) >> KGSL_MEMALIGN_SHIFT;
 
 	page_size = (align >= ilog2(SZ_64K) && size >= SZ_64K)
-- 
GitLab