msm: kgsl: Add missing checks for alloc size and sglenandroid-6.0.1_r0.85

In _kgsl_sharedmem_page_alloc():

- Make len of type size_t to be in line with size.
- Check for boundary limits of requested alloc size before honoring.
- Make sure sglen is greater than zero before marking it as end
of sg list.

Bug: 27475454
Change-Id: I5b2e6f657f532fc256627cb6b2ab3ca01938a11b
Signed-off-by: Yuan Lin <yualin@google.com>

1 files changed, 6 insertions, 1 deletions

diff --git a/drivers/gpu/msm/kgsl_sharedmem.c b/drivers/gpu/msm/kgsl_sharedmem.c
index 29f6162c34ec..a138719bd094 100644
--- a/drivers/gpu/msm/kgsl_sharedmem.c
+++ b/drivers/gpu/msm/kgsl_sharedmem.c
@@ -592,13 +592,18 @@ _kgsl_sharedmem_page_alloc(struct kgsl_memdesc *memdesc,
 			size_t size)
 {
 	int pcount = 0, order, ret = 0;
-	int j, len, page_size, sglen_alloc, sglen = 0;
+	int j, page_size, sglen_alloc, sglen = 0;
 	struct page **pages = NULL;
 	pgprot_t page_prot = pgprot_writecombine(PAGE_KERNEL);
 	void *ptr;
+	size_t len;
 	unsigned int align;
 	int step = SZ_2M >> PAGE_SHIFT;
 
+	size = PAGE_ALIGN(size);
+	if (size == 0 || size > UINT_MAX)
+		return -EINVAL;
+
 	align = (memdesc->flags & KGSL_MEMALIGN_MASK) >> KGSL_MEMALIGN_SHIFT;
 
 	page_size = (align >= ilog2(SZ_64K) && size >= SZ_64K)