From: Jani Nikula <jani.nikula@linux.intel.com>
To: Lucas De Marchi <lucas.demarchi@intel.com>,
Nirmoy Das <nirmoy.das@intel.com>
Cc: intel-xe@lists.freedesktop.org
Subject: Re: [PATCH] drm/xe: Fix global-out-of-bounds in rule_matches
Date: Tue, 02 Jul 2024 15:05:43 +0300 [thread overview]
Message-ID: <87v81o80dk.fsf@intel.com> (raw)
In-Reply-To: <87y16k80eb.fsf@intel.com>
On Tue, 02 Jul 2024, Jani Nikula <jani.nikula@linux.intel.com> wrote:
> On Mon, 01 Jul 2024, Lucas De Marchi <lucas.demarchi@intel.com> wrote:
>> On Mon, Jul 01, 2024 at 05:37:02PM GMT, Nirmoy Das wrote:
>>>Do post-increment instead of pre-increment to fix:
>>>[ 9344.404516] BUG: KASAN: global-out-of-bounds in rule_matches+0xb72/0x11c0 [xe]
>>>[ 9344.411887] Read of size 1 at addr ffffffffa330b210 by task xe_module_load/248463
>>>
>>>Fixes: dc72c52a42e0 ("drm/xe/rtp: Allow to OR rules")
>>>Cc: Lucas De Marchi <lucas.demarchi@intel.com>
>>>Signed-off-by: Nirmoy Das <nirmoy.das@intel.com>
>>>---
>>> drivers/gpu/drm/xe/xe_rtp.c | 2 +-
>>> 1 file changed, 1 insertion(+), 1 deletion(-)
>>>
>>>diff --git a/drivers/gpu/drm/xe/xe_rtp.c b/drivers/gpu/drm/xe/xe_rtp.c
>>>index 5b27f7c45ea3..f6ec8df5fc94 100644
>>>--- a/drivers/gpu/drm/xe/xe_rtp.c
>>>+++ b/drivers/gpu/drm/xe/xe_rtp.c
>>>@@ -121,7 +121,7 @@ static bool rule_matches(const struct xe_device *xe,
>>> * Advance rules until we find XE_RTP_MATCH_OR to check
>>> * if there's another set of conditions to check
>>> */
>>>- while (i < n_rules && rules[++i].match_type != XE_RTP_MATCH_OR)
>>>+ while (i < n_rules && rules[i++].match_type != XE_RTP_MATCH_OR)
>>
>> this will double check the current iteration. A better fix was posted last
>> week and I will merge it soon:
>
> Meh, any messing with loop variables inside a for loop is a footgun. You
> need a better abstraction. :p
>
> Even the for loop is just too clever for its own good:
>
> for (r = rules, i = 0; i < n_rules; r = &rules[++i]) {
>
> This should just be:
>
> for (i = 0; i < n_rules; i++) {
> r = rules[i];
r = &rules[i];
obvs
>
> Don't make it so hard for your future self. ;)
>
> BR,
> Jani.
>
>>
>> https://patchwork.freedesktop.org/series/135527/
>>
>> Lucas De Marchi
>>
>>> ;
>>>
>>> if (i >= n_rules)
>>>--
>>>2.42.0
>>>
--
Jani Nikula, Intel
next prev parent reply other threads:[~2024-07-02 12:05 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-07-01 15:37 [PATCH] drm/xe: Fix global-out-of-bounds in rule_matches Nirmoy Das
2024-07-01 15:56 ` Lucas De Marchi
2024-07-01 16:01 ` Nirmoy Das
2024-07-02 12:05 ` Jani Nikula
2024-07-02 12:05 ` Jani Nikula [this message]
2024-07-01 19:38 ` ✓ CI.Patch_applied: success for " Patchwork
2024-07-01 19:38 ` ✓ CI.checkpatch: " Patchwork
2024-07-01 19:39 ` ✗ CI.KUnit: failure " Patchwork
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87v81o80dk.fsf@intel.com \
--to=jani.nikula@linux.intel.com \
--cc=intel-xe@lists.freedesktop.org \
--cc=lucas.demarchi@intel.com \
--cc=nirmoy.das@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.