summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJohannes Weiner <hannes@cmpxchg.org>2009-01-06 14:43:10 -0800
committerLinus Torvalds <torvalds@linux-foundation.org>2009-01-06 15:59:31 -0800
commit58c6d3dfe436eb8cfb451981d8fdc9044eaf42da (patch)
treec4f7fd8f6a24c5d242dd7bd0a876413f15e26fcd
parenteccd83e116e7f414a1da3aae3745384b7b171883 (diff)
downloadlinux-58c6d3dfe436eb8cfb451981d8fdc9044eaf42da.tar.bz2
dma-coherent: catch oversized requests to dma_alloc_from_coherent()
Prevent passing an order to bitmap_find_free_region() that is larger than the actual bitmap can represent. These requests can come from device drivers that have no idea how big the dma region is and need to rely on dma_alloc_from_coherent() to sort it out for them. Reported-by: Guennadi Liakhovetski <lg@denx.de> Signed-off-by: Johannes Weiner <hannes@cmpxchg.org> Cc: Pekka Enberg <penberg@cs.helsinki.fi> Cc: Dmitry Baryshkov <dbaryshkov@gmail.com> Cc: Jesse Barnes <jbarnes@virtuousgeek.org> Cc: Tetsuo Handa <penguin-kernel@i-love.sakura.ne.jp> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
-rw-r--r--kernel/dma-coherent.c2
1 files changed, 2 insertions, 0 deletions
diff --git a/kernel/dma-coherent.c b/kernel/dma-coherent.c
index 8056d081609c..038707404b76 100644
--- a/kernel/dma-coherent.c
+++ b/kernel/dma-coherent.c
@@ -118,6 +118,8 @@ int dma_alloc_from_coherent(struct device *dev, ssize_t size,
mem = dev->dma_mem;
if (!mem)
return 0;
+ if (unlikely(size > mem->size))
+ return 0;
pageno = bitmap_find_free_region(mem->bitmap, mem->size, order);
if (pageno >= 0) {