Received: by 2002:a05:6a10:af89:0:0:0:0 with SMTP id iu9csp1245761pxb;
        Fri, 21 Jan 2022 13:14:55 -0800 (PST)
X-Google-Smtp-Source: ABdhPJxqUHomUvRlEVqRD5UJDWHyVPm3IrStjIigrK+aZBwFNVujurlOD8NQdQwg3Tes0apUOmyG
X-Received: by 2002:a63:79c3:: with SMTP id u186mr4232642pgc.488.1642799695240;
        Fri, 21 Jan 2022 13:14:55 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1642799695; cv=none;
        d=google.com; s=arc-20160816;
        b=ktmWszIG8eI0hf1jOvFxxFCMIXYy5RjSBs/Jijl7+OXKeet1lelNJDeRVi3fh+yQL8
         +XjTJum/ukC2ghOR8nmSPm3PsWcayIkamJDShinxk+YFwnd+Xff+BPSYjJ6hn6NV4FTO
         ZqDKgAcRgDq4dc0lrXR0bk1LKDLgtwyoUNcGWBBKAepyaCQiWmDGKQvI3bneAP8tS+Sa
         5VowJO7ReMSpbYiM8PUwE3u2vOC9AysIWdLL+YtsM2DtNd9Z2rq1TgdVZ2JmvphCAOUl
         zwuFS9Khr94Tw0PcwUQsdfu9RgVsSymMO3m/VQPJjUpjuqOaQuuyKY2HakBNXP1Y13Wb
         pJUA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:mime-version:references:in-reply-to:message-id
         :date:subject:cc:to:from;
        bh=OhA/Odc6oAAQ+Gf01bPlZrvnY0bwL+pV/t4LC0kMMbA=;
        b=l6ovNhKHKhBjnJ5hBJCv69AB5E0Z7lqoTLdcWmk/dmeYKTNSMe4crQfGQK7syjEvpP
         GYpUL+XKcW8WQls9Y31evpL7Nhyiwq2MSCS+FYs4uFVeKG5dT9kSWCOLs10iyVEp0dO1
         icjU2PW54TFed3+U+CXhTb62ic4pZVLvffY7UIiDXp9JhK0zKn6Fdx/CAftN5ichymDW
         8f8BSRRalTbEY93OfDn0bOnM0AHyqC7uLahjw/qDQ2M3COtzWyPAhowogQiePqgwMqj9
         XvM9HJezz/ylc9rm4FPesE7g221YQFsZR1zsbOWFuH6JiNzbuDPkXsvcPw0+0MgwlgSm
         rOag==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=mediatek.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18])
        by mx.google.com with ESMTP id g6si6518109plt.615.2022.01.21.13.14.43;
        Fri, 21 Jan 2022 13:14:55 -0800 (PST)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18;
Authentication-Results: mx.google.com;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=mediatek.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1359706AbiATJ7n (ORCPT <rfc822;stevenley.huang@gmail.com>
        + 99 others); Thu, 20 Jan 2022 04:59:43 -0500
Received: from mailgw02.mediatek.com ([210.61.82.184]:54940 "EHLO
        mailgw02.mediatek.com" rhost-flags-OK-FAIL-OK-FAIL) by vger.kernel.org
        with ESMTP id S241779AbiATJ7m (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Thu, 20 Jan 2022 04:59:42 -0500
X-UUID: fd05882b4df84d1e9a1d3b7ebbe5731f-20220120
X-UUID: fd05882b4df84d1e9a1d3b7ebbe5731f-20220120
Received: from mtkcas11.mediatek.inc [(172.21.101.40)] by mailgw02.mediatek.com
        (envelope-from <guangming.cao@mediatek.com>)
        (Generic MTA with TLSv1.2 ECDHE-RSA-AES256-SHA384 256/256)
        with ESMTP id 1198683157; Thu, 20 Jan 2022 17:59:40 +0800
Received: from mtkcas11.mediatek.inc (172.21.101.40) by
 mtkmbs10n2.mediatek.inc (172.21.101.183) with Microsoft SMTP Server
 (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.2.792.3;
 Thu, 20 Jan 2022 17:59:38 +0800
Received: from mszswglt01.gcn.mediatek.inc (10.16.20.20) by
 mtkcas11.mediatek.inc (172.21.101.73) with Microsoft SMTP Server id
 15.0.1497.2 via Frontend Transport; Thu, 20 Jan 2022 17:59:37 +0800
From:   <guangming.cao@mediatek.com>
To:     <christian.koenig@amd.com>
CC:     <benjamin.gaignard@linaro.org>, <bo.song@mediatek.com>,
        <caoguangming34@gmail.com>, <dri-devel@lists.freedesktop.org>,
        <guangming.cao@mediatek.com>, <jianjiao.zeng@mediatek.com>,
        <john.stultz@linaro.org>, <labbott@redhat.com>,
        <libo.kang@mediatek.com>, <linaro-mm-sig@lists.linaro.org>,
        <linux-arm-kernel@lists.infradead.org>,
        <linux-kernel@vger.kernel.org>, <linux-media@vger.kernel.org>,
        <linux-mediatek@lists.infradead.org>, <lmark@codeaurora.org>,
        <matthias.bgg@gmail.com>, <michael.j.ruhl@intel.com>,
        <mingyuan.ma@mediatek.com>, <sumit.semwal@linaro.org>,
        <wsd_upstream@mediatek.com>, <yf.wang@mediatek.com>,
        Guangming <Guangming.Cao@mediatek.com>
Subject: [PATCH v6 RESEND] dma-buf: system_heap: Add a size check for allocation
Date:   Thu, 20 Jan 2022 18:00:36 +0800
Message-ID: <20220120100036.99867-1-guangming.cao@mediatek.com>
X-Mailer: git-send-email 2.17.1
In-Reply-To: <20220120085259.98147-1-guangming.cao@mediatek.com>
References: <20220120085259.98147-1-guangming.cao@mediatek.com>
MIME-Version: 1.0
Content-Type: text/plain
X-MTK:  N
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

From: Guangming <Guangming.Cao@mediatek.com>

Add a size check for allocation since the allocation size should be
always less than the total DRAM size on system heap.
Adding this check can prevent comsuming too much time for invalid allocations.

Signed-off-by: Guangming <Guangming.Cao@mediatek.com>
Acked-by: John Stultz <john.stultz@linaro.org>
---
 drivers/dma-buf/heaps/system_heap.c | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/drivers/dma-buf/heaps/system_heap.c b/drivers/dma-buf/heaps/system_heap.c
index 23a7e74ef966..b65e597a742f 100644
--- a/drivers/dma-buf/heaps/system_heap.c
+++ b/drivers/dma-buf/heaps/system_heap.c
@@ -347,6 +347,14 @@ static struct dma_buf *system_heap_allocate(struct dma_heap *heap,
 	struct page *page, *tmp_page;
 	int i, ret = -ENOMEM;
 
+	/*
+	 * Size check. The "len" should be less than totalram since system_heap
+	 * memory is comes from system. Adding check here can prevent comsuming
+	 * too much time for invalid allocations.
+	 */
+	if (PFN_DOWN(len) > totalram_pages())
+		return ERR_PTR(-EINVAL);
+
 	buffer = kzalloc(sizeof(*buffer), GFP_KERNEL);
 	if (!buffer)
 		return ERR_PTR(-ENOMEM);
-- 
2.17.1