This patch limits the size of total memory that can be requested in a single allocation from the system heap. This would prevent a buggy/malicious client from depleting system memory by requesting for an extremely large allocation which might destabilize the system.
The limit is set to half the size of the device's total RAM which is the same as what was set by the deprecated ION system heap.
Signed-off-by: Hridya Valsaraju hridya@google.com --- drivers/dma-buf/heaps/system_heap.c | 6 ++++++ 1 file changed, 6 insertions(+)
diff --git a/drivers/dma-buf/heaps/system_heap.c b/drivers/dma-buf/heaps/system_heap.c index b7fbce66bcc0..099f5a8304b4 100644 --- a/drivers/dma-buf/heaps/system_heap.c +++ b/drivers/dma-buf/heaps/system_heap.c @@ -371,6 +371,12 @@ static struct dma_buf *system_heap_do_allocate(struct dma_heap *heap, struct page *page, *tmp_page; int i, ret = -ENOMEM;
+ if (len / PAGE_SIZE > totalram_pages() / 2) { + pr_err("pid %d requested too large an allocation(size %lu) from system heap\n", + current->pid, len); + return ERR_PTR(ret); + } + buffer = kzalloc(sizeof(*buffer), GFP_KERNEL); if (!buffer) return ERR_PTR(-ENOMEM);