imx-drm: imx-drm-core: improve safety of imx_drm_add_crtc()

We must not add more CRTCs than we have declared to the vblank
helpers, otherwise we overflow their arrays.  Force failure if we
exceed the number of CRTCs.

Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
Acked-by: Sascha Hauer <s.hauer@pengutronix.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
This commit is contained in:
Russell King 2013-12-16 12:39:31 +00:00 committed by Greg Kroah-Hartman
parent 9fe73d46ed
commit fd6040ed57

View file

@ -501,6 +501,15 @@ int imx_drm_add_crtc(struct drm_crtc *crtc,
mutex_lock(&imxdrm->mutex);
/*
* The vblank arrays are dimensioned by MAX_CRTC - we can't
* pass IDs greater than this to those functions.
*/
if (imxdrm->pipes >= MAX_CRTC) {
ret = -EINVAL;
goto err_busy;
}
if (imxdrm->drm->open_count) {
ret = -EBUSY;
goto err_busy;