msm: kgsl: Verify the user doesn't accidentally submit a zero length IB
Indirect buffers to be executed will not be (and cannot be) zero length.
Check and reject.
Change-Id: Ic0dedbadea429c4f7bd386c5e64603b51ea8af61
Signed-off-by: Jordan Crouse <jcrouse@codeaurora.org>
diff --git a/drivers/gpu/msm/adreno_ringbuffer.c b/drivers/gpu/msm/adreno_ringbuffer.c
index 6cb8c00..164e21e 100644
--- a/drivers/gpu/msm/adreno_ringbuffer.c
+++ b/drivers/gpu/msm/adreno_ringbuffer.c
@@ -990,6 +990,7 @@
unsigned int i;
struct adreno_context *drawctxt;
unsigned int start_index = 0;
+ int ret = 0;
if (device->state & KGSL_STATE_HUNG)
return -EBUSY;
@@ -1046,9 +1047,15 @@
if (unlikely(adreno_dev->ib_check_level >= 1 &&
!_parse_ibs(dev_priv, ibdesc[i].gpuaddr,
ibdesc[i].sizedwords))) {
- kfree(link);
- return -EINVAL;
+ ret = -EINVAL;
+ goto done;
}
+
+ if (ibdesc[i].sizedwords == 0) {
+ ret = -EINVAL;
+ goto done;
+ }
+
*cmds++ = CP_HDR_INDIRECT_BUFFER_PFD;
*cmds++ = ibdesc[i].gpuaddr;
*cmds++ = ibdesc[i].sizedwords;
@@ -1071,7 +1078,6 @@
KGSL_CMD_INFO(device, "ctxt %d g %08x numibs %d ts %d\n",
context->id, (unsigned int)ibdesc, numibs, *timestamp);
- kfree(link);
#ifdef CONFIG_MSM_KGSL_CFF_DUMP
/*
@@ -1088,9 +1094,12 @@
*/
if (drawctxt->flags & CTXT_FLAGS_GPU_HANG_FT) {
drawctxt->flags &= ~CTXT_FLAGS_GPU_HANG_FT;
- return -EPROTO;
- } else
- return 0;
+ ret = -EPROTO;
+ }
+
+done:
+ kfree(link);
+ return ret;
}
static void _turn_preamble_on_for_ib_seq(struct adreno_ringbuffer *rb,