26 lines
753 B
Diff
26 lines
753 B
Diff
diff --git a/drivers/gpu/drm/nouveau/nouveau_usif.c b/drivers/gpu/drm/nouveau/nouveau_usif.c
|
|
index cb1182d..8d4fcc1 100644
|
|
--- a/drivers/gpu/drm/nouveau/nouveau_usif.c
|
|
+++ b/drivers/gpu/drm/nouveau/nouveau_usif.c
|
|
@@ -316,6 +316,12 @@
|
|
} else
|
|
goto done;
|
|
|
|
+ object = (void *)(unsigned long)argv->v0.token;
|
|
+ if (!access_ok(VERIFY_READ, object, sizeof(struct usif_object))) {
|
|
+ ret = -EINVAL;
|
|
+ goto done;
|
|
+ }
|
|
+
|
|
mutex_lock(&cli->mutex);
|
|
switch (argv->v0.type) {
|
|
case NVIF_IOCTL_V0_NEW:
|
|
@@ -340,7 +346,6 @@
|
|
break;
|
|
}
|
|
if (argv->v0.route == NVDRM_OBJECT_USIF) {
|
|
- object = (void *)(unsigned long)argv->v0.token;
|
|
argv->v0.route = object->route;
|
|
argv->v0.token = object->token;
|
|
if (ret == 0 && argv->v0.type == NVIF_IOCTL_V0_DEL) {
|