diff options
author | Suzanne Candanedo <suzanne.candanedo@arm.com> | 2022-10-06 11:46:20 +0100 |
---|---|---|
committer | Guus Sliepen <gsliepen@google.com> | 2022-11-08 12:11:01 +0000 |
commit | 43f83f1134c75141d277a07590250218a978d72f (patch) | |
tree | 92beb1f607c2c584d49f200f2f71e704da99fef4 | |
parent | 93c36e538db59cda4e92129d655fc18ec1904583 (diff) | |
download | gpu-43f83f1134c75141d277a07590250218a978d72f.tar.gz |
mali_kbase: MIDCET-4220 Patch for GPUSWERRATA-1347
This patch is a fix for:
- SW Errata: 2618270
- CVE: CVE-2022-28348
This fix adds an overflow check to
kbase_mem_alias.
Bug: 251397485
Provenance: https://code.ipdelivery.arm.com/c/GPU/mali-ddk/+/4606/1
Change-Id: I548539e8dcf776e13e1b9be2033b64f4c271b5ef
Signed-off-by: Jesse Hall <jessehall@google.com>
(cherry picked from commit 55f1819bd982ca824ee16d19c6d2aa1bbc0ea706)
-rw-r--r-- | mali_kbase/mali_kbase_mem_linux.c | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/mali_kbase/mali_kbase_mem_linux.c b/mali_kbase/mali_kbase_mem_linux.c index 22b94e4..8559638 100644 --- a/mali_kbase/mali_kbase_mem_linux.c +++ b/mali_kbase/mali_kbase_mem_linux.c @@ -1818,7 +1818,10 @@ u64 kbase_mem_alias(struct kbase_context *kctx, u64 *flags, u64 stride, if (!nents) goto bad_nents; - if (nents > (U64_MAX / PAGE_SIZE) / stride) + if (stride > U64_MAX / nents) + goto bad_size; + + if ((nents * stride) > (U64_MAX / PAGE_SIZE)) /* 64-bit address range is the max */ goto bad_size; |