diff options
author | Tuomas Tynkkynen <ttynkkynen@nvidia.com> | 2012-07-31 17:49:49 +0300 |
---|---|---|
committer | Simone Willett <swillett@nvidia.com> | 2012-08-16 13:42:43 -0700 |
commit | 2f4ab5b6a19c1380b0985f914c173af09b802dcf (patch) | |
tree | a177d4759153cf82ff5edb6c0641e54e6a01c89d | |
parent | a6e2dc5aacc56bdbc771cdf0e9e75924c1ea6650 (diff) |
video: tegra: nvmap: fix input check in mmap ioctl
nvmap_map_into_caller_ptr takes a memory handle from usermode
and adds a memory mapping for the handle. However, the handle
is not checked for being allocated. An unallocated handle
would cause a kernel panic later on from a NULL dereference.
Change-Id: I73987b097a0c843b913660445e8bd1b4755dac61
Signed-off-by: Tuomas Tynkkynen <ttynkkynen@nvidia.com>
Reviewed-on: http://git-master/r/119689
Reviewed-by: Simone Willett <swillett@nvidia.com>
Tested-by: Simone Willett <swillett@nvidia.com>
-rw-r--r-- | drivers/video/tegra/nvmap/nvmap_ioctl.c | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/drivers/video/tegra/nvmap/nvmap_ioctl.c b/drivers/video/tegra/nvmap/nvmap_ioctl.c index bb15699ad855..e3adc0abc174 100644 --- a/drivers/video/tegra/nvmap/nvmap_ioctl.c +++ b/drivers/video/tegra/nvmap/nvmap_ioctl.c @@ -239,6 +239,11 @@ int nvmap_map_into_caller_ptr(struct file *filp, void __user *arg) if (!h) return -EPERM; + if(!h->alloc) { + nvmap_handle_put(h); + return -EFAULT; + } + trace_nvmap_map_into_caller_ptr(client, h, op.offset, op.length, op.flags); down_read(¤t->mm->mmap_sem); |