From 73aff24078b05e8c51ec3e4230857ca11679440c Mon Sep 17 00:00:00 2001 From: securecrt Date: Wed, 20 Jun 2012 12:39:35 +0800 Subject: [PATCH] msm: kgsl: fix size checking in adreno_find_region This function is supposed to return the memdesc that contains the range gpuaddr to gpuaddr + size. One of the lookups was using sizeof(unsigned int) instead of size, which could cause false positive results from this function and possibly kernel panics in the snapshot or postmortem code, which rely on it to do bounds checking for them. --- drivers/gpu/msm/adreno.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/drivers/gpu/msm/adreno.c b/drivers/gpu/msm/adreno.c index 58fee45f..0fddc996 100755 --- a/drivers/gpu/msm/adreno.c +++ b/drivers/gpu/msm/adreno.c @@ -945,8 +945,7 @@ const struct kgsl_memdesc *adreno_find_region(struct kgsl_device *device, if (!kgsl_mmu_pt_equal(priv->pagetable, pt_base)) continue; spin_lock(&priv->mem_lock); - entry = kgsl_sharedmem_find_region(priv, gpuaddr, - sizeof(unsigned int)); + entry = kgsl_sharedmem_find_region(priv, gpuaddr, size); if (entry) { result = &entry->memdesc; spin_unlock(&priv->mem_lock);