ion: ensure CMO target is valid

author Liam Mark <lmark@codeaurora.org>

Mon, 4 Dec 2017 18:58:55 +0000 (10:58 -0800)

committer Liam Mark <lmark@codeaurora.org>

Mon, 4 Dec 2017 21:22:18 +0000 (13:22 -0800)
author Liam Mark <lmark@codeaurora.org>
Mon, 4 Dec 2017 18:58:55 +0000 (10:58 -0800)
committer Liam Mark <lmark@codeaurora.org>
Mon, 4 Dec 2017 21:22:18 +0000 (13:22 -0800)
diff --git a/drivers/staging/android/ion/ion.c b/drivers/staging/android/ion/ion.c

index 067cd58..f5a81fc 100644 (file)
--- a/drivers/staging/android/ion/ion.c
+++ b/drivers/staging/android/ion/ion.c
@@ -1561,6 +1561,11 @@ static int ion_sync_for_device(struct ion_client *client, int fd)
         }
         buffer = dmabuf->priv;
  
+       if (get_secure_vmid(buffer->flags) > 0) {
+               pr_err("%s: cannot sync a secure dmabuf\n", __func__);
+               dma_buf_put(dmabuf);
+               return -EINVAL;
+       }
         dma_sync_sg_for_device(NULL, buffer->sg_table->sgl,
                                buffer->sg_table->nents, DMA_BIDIRECTIONAL);
         dma_buf_put(dmabuf);
diff --git a/drivers/staging/android/ion/msm/msm_ion.c b/drivers/staging/android/ion/msm/msm_ion.c

index c2ef091..a1dd5cc 100644 (file)
--- a/drivers/staging/android/ion/msm/msm_ion.c
+++ b/drivers/staging/android/ion/msm/msm_ion.c
@@ -1,4 +1,4 @@
-/* Copyright (c) 2011-2016, The Linux Foundation. All rights reserved.
+/* Copyright (c) 2011-2017, The Linux Foundation. All rights reserved.
   *
   * This program is free software; you can redistribute it and/or modify
   * it under the terms of the GNU General Public License version 2 and
@@ -352,7 +352,7 @@ int ion_do_cache_op(struct ion_client *client, struct ion_handle *handle,
         if (!ION_IS_CACHED(flags))
                 return 0;
  
-       if (flags & ION_FLAG_SECURE)
+       if (get_secure_vmid(flags) > 0)
                 return 0;
  
         table = ion_sg_table(client, handle);
@@ -738,11 +738,11 @@ long msm_ion_custom_ioctl(struct ion_client *client,
  
                 down_read(&mm->mmap_sem);
  
-               start = (unsigned long) data.flush_data.vaddr;
-               end = (unsigned long) data.flush_data.vaddr
-                       + data.flush_data.length;
+               start = (unsigned long)data.flush_data.vaddr +
+                       data.flush_data.offset;
+               end = start + data.flush_data.length;
  
-               if (start && check_vaddr_bounds(start, end)) {
+               if (check_vaddr_bounds(start, end)) {
                         pr_err("%s: virtual address %pK is out of bounds\n",
                                __func__, data.flush_data.vaddr);
                         ret = -EINVAL;
author	Liam Mark <lmark@codeaurora.org>
	Mon, 4 Dec 2017 18:58:55 +0000 (10:58 -0800)
committer	Liam Mark <lmark@codeaurora.org>
	Mon, 4 Dec 2017 21:22:18 +0000 (13:22 -0800)
drivers/staging/android/ion/ion.c		patch \| blob \| history
drivers/staging/android/ion/msm/msm_ion.c		patch \| blob \| history