msm: kgsl: Add missing checks for alloc size and sglen In _kgsl_sharedmem_page_alloc(): - Make len of type size_t to be in line with size. - Check for boundary limits of requested alloc size before honoring. - Make sure sglen is greater than zero before marking it as end of sg list. Bug: 27475454 Change-Id: I8b9e225e515a0f31593df6f4cad253236475d0ae Signed-off-by: Rajesh Kemisetti <rajeshk@codeaurora.org>

diff --git a/drivers/gpu/msm/kgsl_sharedmem.c b/drivers/gpu/msm/kgsl_sharedmem.c
index 1a02b30..a08dd7e 100644
--- a/drivers/gpu/msm/kgsl_sharedmem.c
+++ b/drivers/gpu/msm/kgsl_sharedmem.c

@@ -1,4 +1,4 @@
-/* Copyright (c) 2002,2007-2015, The Linux Foundation. All rights reserved.
+/* Copyright (c) 2002,2007-2016, The Linux Foundation. All rights reserved.
  *
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License version 2 and
@@ -625,9 +625,14 @@
 			size_t size)
 {
 	int ret = 0;
-	int len, page_size, sglen_alloc, sglen = 0;
+	int page_size, sglen_alloc, sglen = 0;
+	size_t len;
 	unsigned int align;
 
+	size = PAGE_ALIGN(size);
+	if (size == 0 || size > UINT_MAX)
+		return -EINVAL;
+
 	align = (memdesc->flags & KGSL_MEMALIGN_MASK) >> KGSL_MEMALIGN_SHIFT;
 
 	page_size = get_page_size(size, align);
@@ -735,7 +740,9 @@
 
 	memdesc->sglen = sglen;
 	memdesc->size = size;
-	sg_mark_end(&memdesc->sg[sglen - 1]);
+
+	if (sglen > 0)
+		sg_mark_end(&memdesc->sg[sglen - 1]);
 
 done:
 	KGSL_STATS_ADD(memdesc->size, kgsl_driver.stats.page_alloc,