return PTR_ERR(cmdbuf_dmabuf);
}
- if (hdr.cmdbuf.offset > cmdbuf_dmabuf->size) {
+ if ((hdr.cmdbuf.offset & 3)
+ || (hdr.cmdbuf.offset >= cmdbuf_dmabuf->size)) {
dev_err(&nvavp->nvhost_dev->dev,
"invalid cmdbuf offset %d\n", hdr.cmdbuf.offset);
ret = -EINVAL;
goto err_reloc_info;
}
- if (clientctx->relocs[i].cmdbuf_offset > cmdbuf_dmabuf->size) {
+ if ((clientctx->relocs[i].cmdbuf_offset & 3)
+ || (clientctx->relocs[i].cmdbuf_offset >=
+ cmdbuf_dmabuf->size)
+ || (clientctx->relocs[i].cmdbuf_offset >=
+ (cmdbuf_dmabuf->size - hdr.cmdbuf.offset))) {
dev_err(&nvavp->nvhost_dev->dev,
"invalid reloc offset in cmdbuf %d\n",
clientctx->relocs[i].cmdbuf_offset);
goto target_dmabuf_fail;
}
- if (clientctx->relocs[i].target_offset > target_dmabuf->size) {
+ if ((clientctx->relocs[i].target_offset & 3)
+ || (clientctx->relocs[i].target_offset >=
+ target_dmabuf->size)) {
dev_err(&nvavp->nvhost_dev->dev,
"invalid target offset in reloc %d\n",
clientctx->relocs[i].target_offset);
projects / sojka / nv-tegra / linux-3.10.git / blobdiff