@@ -297,6 +297,9 @@ static int etnaviv_ioctl_gem_cpu_prep(struct drm_device *dev, void *data,
if (args->op & ~(ETNA_PREP_READ | ETNA_PREP_WRITE | ETNA_PREP_NOSYNC))
return -EINVAL;
+ if (args->timeout.tv_nsec > NSEC_PER_SEC)
+ return -EINVAL;
+
obj = drm_gem_object_lookup(file, args->handle);
if (!obj)
return -ENOENT;
@@ -360,6 +363,9 @@ static int etnaviv_ioctl_wait_fence(struct drm_device *dev, void *data,
if (args->flags & ~(ETNA_WAIT_NONBLOCK))
return -EINVAL;
+ if (args->timeout.tv_nsec > NSEC_PER_SEC)
+ return -EINVAL;
+
if (args->pipe >= ETNA_MAX_PIPES)
return -EINVAL;
@@ -411,6 +417,9 @@ static int etnaviv_ioctl_gem_wait(struct drm_device *dev, void *data,
if (args->flags & ~(ETNA_WAIT_NONBLOCK))
return -EINVAL;
+ if (args->timeout.tv_nsec > NSEC_PER_SEC)
+ return -EINVAL;
+
if (args->pipe >= ETNA_MAX_PIPES)
return -EINVAL;
Most kernel interfaces that take a timespec require normalized representation with tv_nsec between 0 and NSEC_PER_SEC. Passing values larger than 0x100000000ull further behaves differently on 32-bit and 64-bit kernels, and can cause the latter to spend a long time counting seconds in timespec64_sub()/set_normalized_timespec64(). Reject those large values at the user interface to enforce sane and portable behavior. Signed-off-by: Arnd Bergmann <arnd@arndb.de> --- drivers/gpu/drm/etnaviv/etnaviv_drv.c | 9 +++++++++ 1 file changed, 9 insertions(+)