diff options
| -rw-r--r-- | drivers/gpu/msm/kgsl_drawobj.c | 24 |
1 files changed, 20 insertions, 4 deletions
diff --git a/drivers/gpu/msm/kgsl_drawobj.c b/drivers/gpu/msm/kgsl_drawobj.c index 4e3788b4fed6..9ba15b61af00 100644 --- a/drivers/gpu/msm/kgsl_drawobj.c +++ b/drivers/gpu/msm/kgsl_drawobj.c @@ -614,13 +614,29 @@ static void add_profiling_buffer(struct kgsl_device *device, return; } - cmdobj->profiling_buf_entry = entry; - if (id != 0) + if (!id) { + cmdobj->profiling_buffer_gpuaddr = gpuaddr; + } else { + u64 off = offset + sizeof(struct kgsl_drawobj_profiling_buffer); + + /* + * Make sure there is enough room in the object to store the + * entire profiling buffer object + */ + if (off < offset || off >= entry->memdesc.size) { + dev_err(device->dev, + "ignore invalid profile offset ctxt %d id %d offset %lld gpuaddr %llx size %lld\n", + drawobj->context->id, id, offset, gpuaddr, size); + kgsl_mem_entry_put(entry); + return; + } + cmdobj->profiling_buffer_gpuaddr = entry->memdesc.gpuaddr + offset; - else - cmdobj->profiling_buffer_gpuaddr = gpuaddr; + } + + cmdobj->profiling_buf_entry = entry; } /** |