mali_kbase: MIDCET-4220 Patch for GPUSWERRATA-1347

This patch is a fix for: - SW Errata: 2618270 - CVE: CVE-2022-28348 This fix adds an overflow check to kbase_mem_alias. Bug: 251397485 Provenance: https://code.ipdelivery.arm.com/c/GPU/mali-ddk/+/4606/1 Change-Id: I548539e8dcf776e13e1b9be2033b64f4c271b5ef Signed-off-by: Jesse Hall <jessehall@google.com> (cherry picked from commit 55f1819bd982ca824ee16d19c6d2aa1bbc0ea706)
author: Suzanne Candanedo <suzanne.candanedo@arm.com> 2022-10-06 11:46:20 +0100
committer: Guus Sliepen <gsliepen@google.com> 2022-11-08 12:11:01 +0000
commit: 43f83f1134c75141d277a07590250218a978d72f (patch)
tree: 92beb1f607c2c584d49f200f2f71e704da99fef4
parent: 93c36e538db59cda4e92129d655fc18ec1904583 (diff)
download: gpu-43f83f1134c75141d277a07590250218a978d72f.tar.gz
1 files changed, 4 insertions, 1 deletions
diff --git a/mali_kbase/mali_kbase_mem_linux.c b/mali_kbase/mali_kbase_mem_linux.c
index 22b94e4..8559638 100644
--- a/mali_kbase/mali_kbase_mem_linux.c
+++ b/mali_kbase/mali_kbase_mem_linux.c
@@ -1818,7 +1818,10 @@ u64 kbase_mem_alias(struct kbase_context *kctx, u64 *flags, u64 stride,
 	if (!nents)
 		goto bad_nents;
 
-	if (nents > (U64_MAX / PAGE_SIZE) / stride)
+	if (stride > U64_MAX / nents)
+		goto bad_size;
+
+	if ((nents * stride) > (U64_MAX / PAGE_SIZE))
 		/* 64-bit address range is the max */
 		goto bad_size;
author	Suzanne Candanedo <suzanne.candanedo@arm.com>	2022-10-06 11:46:20 +0100
committer	Guus Sliepen <gsliepen@google.com>	2022-11-08 12:11:01 +0000
commit	43f83f1134c75141d277a07590250218a978d72f (patch)
tree	92beb1f607c2c584d49f200f2f71e704da99fef4
parent	93c36e538db59cda4e92129d655fc18ec1904583 (diff)
download	gpu-43f83f1134c75141d277a07590250218a978d72f.tar.gz