From: Johannes Weiner Date: Tue, 6 Jan 2009 22:43:10 +0000 (-0800) Subject: dma-coherent: catch oversized requests to dma_alloc_from_coherent() X-Git-Tag: firefly_0821_release~16135 X-Git-Url: http://demsky.eecs.uci.edu/git/?a=commitdiff_plain;h=58c6d3dfe436eb8cfb451981d8fdc9044eaf42da;p=firefly-linux-kernel-4.4.55.git dma-coherent: catch oversized requests to dma_alloc_from_coherent() Prevent passing an order to bitmap_find_free_region() that is larger than the actual bitmap can represent. These requests can come from device drivers that have no idea how big the dma region is and need to rely on dma_alloc_from_coherent() to sort it out for them. Reported-by: Guennadi Liakhovetski Signed-off-by: Johannes Weiner Cc: Pekka Enberg Cc: Dmitry Baryshkov Cc: Jesse Barnes Cc: Tetsuo Handa Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds --- diff --git a/kernel/dma-coherent.c b/kernel/dma-coherent.c index 8056d081609c..038707404b76 100644 --- a/kernel/dma-coherent.c +++ b/kernel/dma-coherent.c @@ -118,6 +118,8 @@ int dma_alloc_from_coherent(struct device *dev, ssize_t size, mem = dev->dma_mem; if (!mem) return 0; + if (unlikely(size > mem->size)) + return 0; pageno = bitmap_find_free_region(mem->bitmap, mem->size, order); if (pageno >= 0) {