From: "Bernatowicz, Marcin" <marcin.bernatowicz@linux.intel.com>
To: Kamil Konieczny <kamil.konieczny@linux.intel.com>,
igt-dev@lists.freedesktop.org, zbigniew.kempczynski@intel.com,
karolina.stolarek@intel.com
Subject: Re: [igt-dev] [PATCH i-g-t] lib/intel_blt.c: ensure uint64_t result of multiplication
Date: Thu, 19 Oct 2023 17:23:22 +0200 [thread overview]
Message-ID: <b856ba18-711e-4bf9-8003-c776bb82c68a@linux.intel.com> (raw)
In-Reply-To: <20231018152807.46mc4l2ubrb5ttuv@kamilkon-desk.igk.intel.com>
On 10/18/2023 5:28 PM, Kamil Konieczny wrote:
> Hi Marcin,
> On 2023-10-17 at 14:36:54 +0000, Marcin Bernatowicz wrote:
>> Additionally check for overflow.
> - ^^^^^^^^^^^^
> This type was from the start uint64, so imho change subject from:
>
> lib/intel_blt.c: ensure uint64_t result of multiplication
> ------------ ^^
> sidenote: remove ".c"
>
> into:
> lib/intel_blt: check for overflow in multiplication
>
> and adjust description.
ensure 64-bit arithmetic multiplication ?
>
>>
>> This should allow to exercise large buffers
>> ex. xe_exercise_blt -W 16384 -H 16384
>
> Please explain - this should fit in 32bit? 16K*16K*32 = 0x40000000
Given function blt_create_object(..., uint32_t width, uint32_t height,
uint32_t bpp,..) I'm expecting correct uint64_t size calculation.
uint64_t size = width * height * bpp / 8;
> Or do you mean much higher values for W and H?
whatever user provides ;)
>
>>
>> Signed-off-by: Marcin Bernatowicz <marcin.bernatowicz@linux.intel.com>
>> ---
>> lib/intel_blt.c | 8 +++++++-
>> 1 file changed, 7 insertions(+), 1 deletion(-)
>>
>> diff --git a/lib/intel_blt.c b/lib/intel_blt.c
>> index a76c7a404..f46c85e91 100644
>> --- a/lib/intel_blt.c
>> +++ b/lib/intel_blt.c
>> @@ -1607,12 +1607,18 @@ blt_create_object(const struct blt_copy_data *blt, uint32_t region,
>> bool create_mapping)
>> {
>> struct blt_copy_object *obj;
>> - uint64_t size = width * height * bpp / 8;
>> uint32_t stride = tiling == T_LINEAR ? width * 4 : width;
>> uint32_t handle;
>> + uint64_t size;
>>
>> igt_assert_f(blt->driver, "Driver isn't set, have you called blt_copy_init()?\n");
>>
>> + igt_assert_f((UINT64_MAX / 8) >= width &&
> ----------------- ^^^^^^^^^^^^^^
> This is not needed, it checks for MAX >= w * 8, while you want
> size > 0, imho add a second assert after calculating size.
There is no possibility of uint64_t overflow given uint32_t * uint32_t *
uint32_t / 8 multiplication ?
Should I remove this paranoid check?
The most important is (uint64_t) cast in this patch to ensure 64-bit
arithmetic.
size > 0 may be an additional check, but do it twice ? (second one after
broken ALIGN ;)
--
marcin
>
> Regards,
> Kamil
>
>> + (UINT64_MAX / width) >= height &&
>> + (UINT64_MAX / (width * height)) >= bpp, "Overflow detected!\n");
>> +
>> + size = (uint64_t)width * height * bpp / 8;
>> +
>> obj = calloc(1, sizeof(*obj));
>>
>> obj->size = size;
>> --
>> 2.42.0
>>
next prev parent reply other threads:[~2023-10-19 15:23 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-10-17 14:36 [igt-dev] [PATCH i-g-t] lib/intel_blt.c: ensure uint64_t result of multiplication Marcin Bernatowicz
2023-10-17 15:59 ` [igt-dev] ✗ CI.xeBAT: failure for " Patchwork
2023-10-17 16:00 ` [igt-dev] ✗ Fi.CI.BAT: " Patchwork
2023-10-18 9:08 ` [igt-dev] [PATCH i-g-t] " Karolina Stolarek
2023-10-19 14:41 ` Bernatowicz, Marcin
2023-10-20 6:58 ` Karolina Stolarek
2023-10-18 15:28 ` Kamil Konieczny
2023-10-19 15:23 ` Bernatowicz, Marcin [this message]
2023-10-19 15:27 ` Kamil Konieczny
2023-10-19 15:36 ` Bernatowicz, Marcin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=b856ba18-711e-4bf9-8003-c776bb82c68a@linux.intel.com \
--to=marcin.bernatowicz@linux.intel.com \
--cc=igt-dev@lists.freedesktop.org \
--cc=kamil.konieczny@linux.intel.com \
--cc=karolina.stolarek@intel.com \
--cc=zbigniew.kempczynski@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox