All of lore.kernel.org
 help / color / mirror / Atom feed
* re: drm/nouveau: port all engines to new engine module format
@ 2012-10-11  6:55 Dan Carpenter
  0 siblings, 0 replies; 2+ messages in thread
From: Dan Carpenter @ 2012-10-11  6:55 UTC (permalink / raw)
  To: bskeggs; +Cc: dri-devel

Hello Ben Skeggs,

The patch ebb945a94bba: "drm/nouveau: port all engines to new engine 
module format" from Jul 20, 2012, leads to the following warning:
drivers/gpu/drm/nouveau/nouveau_abi16.c:264 
nouveau_abi16_ioctl_channel_alloc()
	 warn: should '1 << init->channel' be a 64 bit type

   262          INIT_LIST_HEAD(&chan->notifiers);
   263          list_add(&chan->head, &abi16->channels);
   264          abi16->handles |= (1 << init->channel);
                                  ^^^^^^^^^^^^^^^^^^^^
This will only work for the first 30 channels, otherwise it needs to be:
		abi16->handles |= (u64)1 << init->channel;

   265  

But I don't couldn't tell how many channels are actually possible and I
was confused by this.

   132          /* destroy channel object, all children will be killed too */
   133          if (chan->chan) {
   134                  abi16->handles &= ~(1 << (chan->chan->handle & 0xffff));

Is that bitwise AND in the right place?  Oxff would be enough to hold
0-63.

   135                  nouveau_channel_del(&chan->chan);
   136          }

regards,
dan carpenter

^ permalink raw reply	[flat|nested] 2+ messages in thread
* re: drm/nouveau: port all engines to new engine module format
@ 2013-03-11 10:55 Dan Carpenter
  0 siblings, 0 replies; 2+ messages in thread
From: Dan Carpenter @ 2013-03-11 10:55 UTC (permalink / raw)
  To: bskeggs; +Cc: dri-devel

Hello Ben Skeggs,

The patch ebb945a94bba: "drm/nouveau: port all engines to new engine 
module format" from Jul 20, 2012, leads to the following warning:
"drivers/gpu/drm/nouveau/core/engine/graph/nvc0.c:570 
nvc0_graph_ctor()
	 error: buffer overflow 'priv->tpc_nr' 4 <= 30"

drivers/gpu/drm/nouveau/core/engine/graph/nvc0.c
   566  
   567          priv->rop_nr = (nv_rd32(priv, 0x409604) & 0x001f0000) >> 16;
   568          priv->gpc_nr =  nv_rd32(priv, 0x409604) & 0x0000001f;
                ^^^^^^^^^^^^
setting this to something between 0 and 0x1f.

   569          for (i = 0; i < priv->gpc_nr; i++) {
   570                  priv->tpc_nr[i]  = nv_rd32(priv, GPC_UNIT(i, 0x2608));
                        ^^^^^^^^^^^^^^^
If ->gpc_nr is more than 4 we are writing past the end of the array.

   571                  priv->tpc_total += priv->tpc_nr[i];
   572          }
   573  

regards,
dan carpenter

^ permalink raw reply	[flat|nested] 2+ messages in thread
end of thread, other threads:[~2013-03-11 10:57 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2012-10-11  6:55 drm/nouveau: port all engines to new engine module format Dan Carpenter
  -- strict thread matches above, loose matches on Subject: below --
2013-03-11 10:55 Dan Carpenter

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.