From: "Modem, Bhanuprakash" <bhanuprakash.modem@intel.com>
To: Vignesh Raman <vignesh.raman@collabora.com>,
<daniels@collabora.com>, <igt-dev@lists.freedesktop.org>
Cc: helen.koike@collabora.com
Subject: Re: [igt-dev] [PATCH i-g-t v3] lib/igt_kms: Fix memory corruption
Date: Thu, 9 Nov 2023 17:19:21 +0530 [thread overview]
Message-ID: <d55de7e5-a23e-5a5d-794f-cc38e159e440@intel.com> (raw)
In-Reply-To: <20231108062902.390248-1-vignesh.raman@collabora.com>
Hi Vignesh,
As we introduced the IGT documentation[1] to generate the testlist, we
need a fix in few kms tests to compile the IGT.
Also, needs few changes in intel-ci/ to avoid noise in the CI.
[1]:
https://cgit.freedesktop.org/drm/igt-gpu-tools/tree/docs/test_documentation.md
- Bhanu
On Wed-08-11-2023 11:59 am, Vignesh Raman wrote:
> In crosvm, the kernel reports 16 for count_crtcs, which exceeds
> IGT_MAX_PIPES set to 8. The function igt_display_require allocates
> memory for IGT_MAX_PIPES members of igt_pipe_t structures, but then
> writes into it based on the count_crtcs reported by the kernel,
> resulting in memory corruption.
>
> # malloc(): corrupted top size
> # Received signal SIGABRT.
> # Stack trace:
> # #0 [fatal_sig_handler+0x17b]
> # #1 [__sigaction+0x40]
> # #2 [pthread_key_delete+0x14c]
> # #3 [gsignal+0x12]
> # #4 [abort+0xd3]
> # #5 [__fsetlocking+0x290]
> # #6 [timer_settime+0x37a]
> # #7 [__default_morecore+0x1f1b]
> # #8 [__libc_calloc+0x161]
> # #9 [drmModeGetPlaneResources+0x44]
> # #10 [igt_display_require+0x194]
> # #11 [__igt_unique____real_main1356+0x93c]
> # #12 [main+0x3f]
> # #13 [__libc_init_first+0x8a]
> # #14 [__libc_start_main+0x85]
> # #15 [_start+0x21]
>
> Increase IGT_MAX_PIPES to 16 to fix this memory corruption issue.
> igt_display_require initializes display and allocate resources as
> a prerequisite for the tests. Fail the test if count_crtcs exceeds
> IGT_MAX_PIPES with debug information.
>
> This fix is required for drm-ci to run igt tests on virtio-gpu.
>
> Suggested-by: Daniel Stone <daniels@collabora.com>
> Suggested-by: Bhanuprakash Modem <bhanuprakash.modem@intel.com>
> Signed-off-by: Vignesh Raman <vignesh.raman@collabora.com>
> ---
>
> v2:
> - Rework the fix to increase IGT_MAX_PIPES to 16
>
> v3:
> - Fail the test if count_crtcs exceeds IGT_MAX_PIPES with debug information
>
> ---
> lib/igt_kms.c | 6 +++++-
> lib/igt_kms.h | 20 +++++++++++++++++++-
> 2 files changed, 24 insertions(+), 2 deletions(-)
>
> diff --git a/lib/igt_kms.c b/lib/igt_kms.c
> index 453103f90..6ad7cc127 100644
> --- a/lib/igt_kms.c
> +++ b/lib/igt_kms.c
> @@ -906,7 +906,7 @@ static igt_plane_t *igt_get_assigned_primary(igt_output_t *output, igt_pipe_t *p
> */
> const char *kmstest_pipe_name(enum pipe pipe)
> {
> - static const char str[] = "A\0B\0C\0D\0E\0F\0G\0H";
> + static const char str[] = "A\0B\0C\0D\0E\0F\0G\0H\0I\0J\0K\0L\0M\0N\0O\0P";
>
> _Static_assert(sizeof(str) == IGT_MAX_PIPES * 2,
> "Missing pipe name");
> @@ -2770,6 +2770,10 @@ void igt_display_require(igt_display_t *display, int drm_fd)
> }
> #endif
>
> + igt_assert_f(resources->count_crtcs <= IGT_MAX_PIPES,
> + "count_crtcs exceeds IGT_MAX_PIPES, resources->count_crtcs=%d, IGT_MAX_PIPES=%d\n",
> + resources->count_crtcs, IGT_MAX_PIPES);
> +
> display->n_pipes = IGT_MAX_PIPES;
> display->pipes = calloc(sizeof(igt_pipe_t), display->n_pipes);
> igt_assert_f(display->pipes, "Failed to allocate memory for %d pipes\n", display->n_pipes);
> diff --git a/lib/igt_kms.h b/lib/igt_kms.h
> index 9028ab9be..5c705b585 100644
> --- a/lib/igt_kms.h
> +++ b/lib/igt_kms.h
> @@ -57,6 +57,16 @@
> * @PIPE_D: Fourth crtc.
> * @PIPE_E: Fifth crtc.
> * @PIPE_F: Sixth crtc.
> + * @PIPE_G: Seventh crtc.
> + * @PIPE_H: Eighth crtc.
> + * @PIPE_I: Ninth crtc.
> + * @PIPE_J: Tenth crtc.
> + * @PIPE_K: Eleventh crtc.
> + * @PIPE_L: Twelfth crtc.
> + * @PIPE_M: Thirteenth crtc.
> + * @PIPE_N: Fourteenth crtc.
> + * @PIPE_O: Fifteenth crtc.
> + * @PIPE_P: Sixteenth crtc.
> * @IGT_MAX_PIPES: Max number of pipes allowed.
> */
> enum pipe {
> @@ -70,7 +80,15 @@ enum pipe {
> PIPE_F,
> PIPE_G,
> PIPE_H,
> - IGT_MAX_PIPES
> + PIPE_I,
> + PIPE_J,
> + PIPE_K,
> + PIPE_L,
> + PIPE_M,
> + PIPE_N,
> + PIPE_O,
> + PIPE_P,
> + IGT_MAX_PIPES
> };
> const char *kmstest_pipe_name(enum pipe pipe);
> int kmstest_pipe_to_index(char pipe);
next prev parent reply other threads:[~2023-11-09 11:49 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-11-08 6:29 [igt-dev] [PATCH i-g-t v3] lib/igt_kms: Fix memory corruption Vignesh Raman
2023-11-08 6:42 ` [igt-dev] ✗ Fi.CI.BUILD: failure for lib/igt_kms: Fix memory corruption (rev3) Patchwork
2023-11-08 6:48 ` [igt-dev] ✗ GitLab.Pipeline: warning " Patchwork
2023-11-08 15:18 ` [igt-dev] [PATCH i-g-t v3] lib/igt_kms: Fix memory corruption Helen Koike
2023-11-08 18:58 ` Daniel Stone
2023-11-09 11:49 ` Modem, Bhanuprakash [this message]
2023-11-09 13:41 ` Vignesh Raman
2023-11-09 13:52 ` Vignesh Raman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=d55de7e5-a23e-5a5d-794f-cc38e159e440@intel.com \
--to=bhanuprakash.modem@intel.com \
--cc=daniels@collabora.com \
--cc=helen.koike@collabora.com \
--cc=igt-dev@lists.freedesktop.org \
--cc=vignesh.raman@collabora.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox