From: Andi Shyti <andi.shyti@linux.intel.com>
To: Krzysztof Karas <krzysztof.karas@intel.com>
Cc: intel-gfx@lists.freedesktop.org,
Chris Wilson <chris.p.wilson@linux.intel.com>,
Andi Shyti <andi.shyti@linux.intel.com>,
Sebastian Brzezinka <sebastian.brzezinka@intel.com>
Subject: Re: [PATCH] drm/i915/gt: Protect against overflow in active_engine()
Date: Mon, 4 Aug 2025 11:33:32 -0100 [thread overview]
Message-ID: <aJConLDlhGTP9VnU@ashyti-mobl2.lan> (raw)
In-Reply-To: <xb3spla5mxe3y74hbn3pbhjdb7b6peopcwctfokf43qs54uu64@a5pgr7dctcrt>
Hi,
On Mon, Aug 04, 2025 at 07:57:08AM +0000, Krzysztof Karas wrote:
> It is unlikely, but possible for the first call to
> intel_context_create() to fail with -ENOMEM, which would result
> in entering the following code block and decrementing "count",
> when it is set to 0 (initial condition in the for loop).
>
> Protect from overflowing the variable with additional count > 0
> check.
>
> Signed-off-by: Krzysztof Karas <krzysztof.karas@intel.com>
> ---
> drivers/gpu/drm/i915/gt/selftest_hangcheck.c | 6 ++++--
> 1 file changed, 4 insertions(+), 2 deletions(-)
>
> diff --git a/drivers/gpu/drm/i915/gt/selftest_hangcheck.c b/drivers/gpu/drm/i915/gt/selftest_hangcheck.c
> index f057c16410e7..cc0798dd30d5 100644
> --- a/drivers/gpu/drm/i915/gt/selftest_hangcheck.c
> +++ b/drivers/gpu/drm/i915/gt/selftest_hangcheck.c
> @@ -904,8 +904,10 @@ static void active_engine(struct kthread_work *work)
> arg->result = PTR_ERR(ce[count]);
> pr_err("[%s] Create context #%ld failed: %d!\n",
> engine->name, count, arg->result);
> - while (--count)
Off topic:
This is one of the reasons why counters should always be signed,
I've been always fighting with people saying that "this is
impossible to be negative". It's called robust programming.
if (count == 0) is one case out of all possible values of count.
if (count >= 0) is covering half of the possible values rendering
the check more robust, even if we swear that
count will never be negative (we can also have
cases of memory corruption).
Anyway...
> - intel_context_put(ce[count]);
> + if (likely(count > 0)) {
... no need for likely, if we are here, we are already in an
unlikely situation.
> + while (--count)
> + intel_context_put(ce[count]);
> + }
How about using a do ... while()?
Andi
> return;
> }
> }
> --
> 2.34.1
>
> --
> Best Regards,
> Krzysztof
next prev parent reply other threads:[~2025-08-04 12:33 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-08-04 7:57 [PATCH] drm/i915/gt: Protect against overflow in active_engine() Krzysztof Karas
2025-08-04 8:11 ` Jani Nikula
2025-08-04 10:42 ` Sebastian Brzezinka
2025-08-04 10:48 ` ✗ Fi.CI.BUILD: warning for " Patchwork
2025-08-04 11:15 ` ✓ i915.CI.BAT: success " Patchwork
2025-08-04 12:33 ` Andi Shyti [this message]
2025-08-04 14:39 ` [PATCH] " Cavitt, Jonathan
2025-08-04 23:12 ` ✓ i915.CI.Full: success for " Patchwork
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=aJConLDlhGTP9VnU@ashyti-mobl2.lan \
--to=andi.shyti@linux.intel.com \
--cc=chris.p.wilson@linux.intel.com \
--cc=intel-gfx@lists.freedesktop.org \
--cc=krzysztof.karas@intel.com \
--cc=sebastian.brzezinka@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.