From: Gwan-gyeong Mun <gwan-gyeong.mun@intel.com>
To: Mauro Carvalho Chehab <mauro.chehab@linux.intel.com>
Cc: thomas.hellstrom@linux.intel.com, jani.nikula@intel.com,
intel-gfx@lists.freedesktop.org, dri-devel@lists.freedesktop.org,
chris@chris-wilson.co.uk, airlied@linux.ie,
matthew.auld@intel.com, nirmoy.das@intel.com
Subject: Re: [Intel-gfx] [PATCH v2 2/7] drm/i915/gem: Typecheck page lookups
Date: Tue, 12 Jul 2022 13:29:55 +0300 [thread overview]
Message-ID: <107f35de-1b72-b3ae-3939-b53df5cd95c6@intel.com> (raw)
In-Reply-To: <20220706191016.5108f063@maurocar-mobl2>
On 7/6/22 8:10 PM, Mauro Carvalho Chehab wrote:
> On Wed, 6 Jul 2022 19:33:22 +0300
> Gwan-gyeong Mun <gwan-gyeong.mun@intel.com> wrote:
>
>> On 7/5/22 5:35 PM, Mauro Carvalho Chehab wrote:
>>> On Tue, 5 Jul 2022 15:24:50 +0300
>>> Gwan-gyeong Mun <gwan-gyeong.mun@intel.com> wrote:
>>>
>>>> From: Chris Wilson <chris@chris-wilson.co.uk>
>>>>
>>>> We need to check that we avoid integer overflows when looking up a page,
>>>> and so fix all the instances where we have mistakenly used a plain
>>>> integer instead of a more suitable long. Be pedantic and add integer
>>>> typechecking to the lookup so that we can be sure that we are safe.
>>>> And it also uses pgoff_t as our page lookups must remain compatible with
>>>> the page cache, pgoff_t is currently exactly unsigned long.
>>>>
>>>> v2: Move added i915_utils's macro into drm_util header (Jani N)
>>>>
>>>> Signed-off-by: Chris Wilson <chris@chris-wilson.co.uk>
>>>> Signed-off-by: Gwan-gyeong Mun <gwan-gyeong.mun@intel.com>
>>>> Cc: Tvrtko Ursulin <tvrtko.ursulin@linux.intel.com>
>>>> Cc: Matthew Auld <matthew.auld@intel.com>
>>>> Cc: Thomas Hellström <thomas.hellstrom@linux.intel.com>
>>>> Reviewed-by: Nirmoy Das <nirmoy.das@intel.com>
>>>> ---
>>>> drivers/gpu/drm/i915/gem/i915_gem_object.c | 7 +-
>>>> drivers/gpu/drm/i915/gem/i915_gem_object.h | 67 ++++++++++++++-----
>>>> drivers/gpu/drm/i915/gem/i915_gem_pages.c | 25 ++++---
>>>> drivers/gpu/drm/i915/gem/i915_gem_ttm.c | 2 +-
>>>> .../drm/i915/gem/selftests/i915_gem_context.c | 12 ++--
>>>> .../drm/i915/gem/selftests/i915_gem_mman.c | 8 +--
>>>> .../drm/i915/gem/selftests/i915_gem_object.c | 8 +--
>>>> drivers/gpu/drm/i915/i915_gem.c | 18 +++--
>>>> drivers/gpu/drm/i915/i915_vma.c | 8 +--
>>>> 9 files changed, 100 insertions(+), 55 deletions(-)
>>>>
>>>> diff --git a/drivers/gpu/drm/i915/gem/i915_gem_object.c b/drivers/gpu/drm/i915/gem/i915_gem_object.c
>>>> index ccec4055fde3..90996fe8ad45 100644
>>>> --- a/drivers/gpu/drm/i915/gem/i915_gem_object.c
>>>> +++ b/drivers/gpu/drm/i915/gem/i915_gem_object.c
>>>> @@ -421,10 +421,11 @@ void __i915_gem_object_invalidate_frontbuffer(struct drm_i915_gem_object *obj,
>>>> static void
>>>> i915_gem_object_read_from_page_kmap(struct drm_i915_gem_object *obj, u64 offset, void *dst, int size)
>>>> {
>>>> + pgoff_t idx = offset >> PAGE_SHIFT;
>>>> void *src_map;
>>>> void *src_ptr;
>>>>
>>>> - src_map = kmap_atomic(i915_gem_object_get_page(obj, offset >> PAGE_SHIFT));
>>>> + src_map = kmap_atomic(i915_gem_object_get_page(obj, idx));
>>>>
>>>> src_ptr = src_map + offset_in_page(offset);
>>>> if (!(obj->cache_coherent & I915_BO_CACHE_COHERENT_FOR_READ))
>>>> @@ -437,9 +438,10 @@ i915_gem_object_read_from_page_kmap(struct drm_i915_gem_object *obj, u64 offset,
>>>> static void
>>>> i915_gem_object_read_from_page_iomap(struct drm_i915_gem_object *obj, u64 offset, void *dst, int size)
>>>> {
>>>> + pgoff_t idx = offset >> PAGE_SHIFT;
>>>> + dma_addr_t dma = i915_gem_object_get_dma_address(obj, idx);
>>>> void __iomem *src_map;
>>>> void __iomem *src_ptr;
>>>> - dma_addr_t dma = i915_gem_object_get_dma_address(obj, offset >> PAGE_SHIFT);
>>>>
>>>> src_map = io_mapping_map_wc(&obj->mm.region->iomap,
>>>> dma - obj->mm.region->region.start,
>>>> @@ -468,6 +470,7 @@ i915_gem_object_read_from_page_iomap(struct drm_i915_gem_object *obj, u64 offset
>>>> */
>>>> int i915_gem_object_read_from_page(struct drm_i915_gem_object *obj, u64 offset, void *dst, int size)
>>>> {
>>>> + GEM_BUG_ON(overflows_type(offset >> PAGE_SHIFT, pgoff_t));
>>>> GEM_BUG_ON(offset >= obj->base.size);
>>>> GEM_BUG_ON(offset_in_page(offset) > PAGE_SIZE - size);
>>>> GEM_BUG_ON(!i915_gem_object_has_pinned_pages(obj));
>>>> diff --git a/drivers/gpu/drm/i915/gem/i915_gem_object.h b/drivers/gpu/drm/i915/gem/i915_gem_object.h
>>>> index 6f0a3ce35567..a60c6f4517d5 100644
>>>> --- a/drivers/gpu/drm/i915/gem/i915_gem_object.h
>>>> +++ b/drivers/gpu/drm/i915/gem/i915_gem_object.h
>>>> @@ -27,8 +27,10 @@ enum intel_region_id;
>>>> * spot such a local variable, please consider fixing!
>>>> *
>>>> * Aside from our own locals (for which we have no excuse!):
>>>> - * - sg_table embeds unsigned int for num_pages
>>>> - * - get_user_pages*() mixed ints with longs
>>>> + * - sg_table embeds unsigned int for nents
>>>> + *
>>>> + * We can check for invalidly typed locals with typecheck(), see for example
>>>> + * i915_gem_object_get_sg().
>>>> */
>>>> #define GEM_CHECK_SIZE_OVERFLOW(sz) \
>>>> GEM_WARN_ON((sz) >> PAGE_SHIFT > INT_MAX)
>>>> @@ -366,41 +368,70 @@ int i915_gem_object_set_tiling(struct drm_i915_gem_object *obj,
>>>> struct scatterlist *
>>>> __i915_gem_object_get_sg(struct drm_i915_gem_object *obj,
>>>> struct i915_gem_object_page_iter *iter,
>>>> - unsigned int n,
>>>> - unsigned int *offset, bool dma);
>>>> + pgoff_t n,
>>>> + unsigned int *offset);
>>>> +
>>>> +#define __i915_gem_object_get_sg(obj, it, n, offset) ({ \
>>>> + exactly_pgoff_t(n); \
>>>> + (__i915_gem_object_get_sg)(obj, it, n, offset); \
>>>> +})
>>>>
>>>> static inline struct scatterlist *
>>>> -i915_gem_object_get_sg(struct drm_i915_gem_object *obj,
>>>> - unsigned int n,
>>>> +i915_gem_object_get_sg(struct drm_i915_gem_object *obj, pgoff_t n,
>>>> unsigned int *offset)
>>>> {
>>>> - return __i915_gem_object_get_sg(obj, &obj->mm.get_page, n, offset, false);
>>>> + return __i915_gem_object_get_sg(obj, &obj->mm.get_page, n, offset);
>>>> }
>>>>
>>>> +#define i915_gem_object_get_sg(obj, n, offset) ({ \
>>>> + exactly_pgoff_t(n); \
>>>> + (i915_gem_object_get_sg)(obj, n, offset); \
>>>> +})
>>>> +
>>>> static inline struct scatterlist *
>>>> -i915_gem_object_get_sg_dma(struct drm_i915_gem_object *obj,
>>>> - unsigned int n,
>>>> +i915_gem_object_get_sg_dma(struct drm_i915_gem_object *obj, pgoff_t n,
>>>> unsigned int *offset)
>>>> {
>>>> - return __i915_gem_object_get_sg(obj, &obj->mm.get_dma_page, n, offset, true);
>>>> + return __i915_gem_object_get_sg(obj, &obj->mm.get_dma_page, n, offset);
>>>> }
>>>>
>>>> +#define i915_gem_object_get_sg_dma(obj, n, offset) ({ \
>>>> + exactly_pgoff_t(n); \
>>>> + (i915_gem_object_get_sg_dma)(obj, n, offset); \
>>>> +})
>>>> +
>>>> struct page *
>>>> -i915_gem_object_get_page(struct drm_i915_gem_object *obj,
>>>> - unsigned int n);
>>>> +i915_gem_object_get_page(struct drm_i915_gem_object *obj, pgoff_t n);
>>>> +
>>>> +#define i915_gem_object_get_page(obj, n) ({ \
>>>> + exactly_pgoff_t(n); \
>>>> + (i915_gem_object_get_page)(obj, n); \
>>>> +})
>>>>
>>>> struct page *
>>>> -i915_gem_object_get_dirty_page(struct drm_i915_gem_object *obj,
>>>> - unsigned int n);
>>>> +i915_gem_object_get_dirty_page(struct drm_i915_gem_object *obj, pgoff_t n);
>>>> +
>>>> +#define i915_gem_object_get_dirty_page(obj, n) ({ \
>>>> + exactly_pgoff_t(n); \
>>>> + (i915_gem_object_get_dirty_page)(obj, n); \
>>>> +})
>>>>
>>>> dma_addr_t
>>>> -i915_gem_object_get_dma_address_len(struct drm_i915_gem_object *obj,
>>>> - unsigned long n,
>>>> +i915_gem_object_get_dma_address_len(struct drm_i915_gem_object *obj, pgoff_t n,
>>>> unsigned int *len);
>>>>
>>>> +#define i915_gem_object_get_dma_address_len(obj, n, len) ({ \
>>>> + exactly_pgoff_t(n); \
>>>> + (i915_gem_object_get_dma_address_len)(obj, n, len); \
>>>> +})
>>>> +
>>>> dma_addr_t
>>>> -i915_gem_object_get_dma_address(struct drm_i915_gem_object *obj,
>>>> - unsigned long n);
>>>> +i915_gem_object_get_dma_address(struct drm_i915_gem_object *obj, pgoff_t n);
>>>> +
>>>> +#define i915_gem_object_get_dma_address(obj, n) ({ \
>>>> + exactly_pgoff_t(n); \
>>>> + (i915_gem_object_get_dma_address)(obj, n); \
>>>> +})
>>>>
>>>> void __i915_gem_object_set_pages(struct drm_i915_gem_object *obj,
>>>> struct sg_table *pages,
>>>> diff --git a/drivers/gpu/drm/i915/gem/i915_gem_pages.c b/drivers/gpu/drm/i915/gem/i915_gem_pages.c
>>>> index 97c820eee115..1d1edcb3514b 100644
>>>> --- a/drivers/gpu/drm/i915/gem/i915_gem_pages.c
>>>> +++ b/drivers/gpu/drm/i915/gem/i915_gem_pages.c
>>>> @@ -503,14 +503,16 @@ void __i915_gem_object_release_map(struct drm_i915_gem_object *obj)
>>>> }
>>>>
>>>> struct scatterlist *
>>>> -__i915_gem_object_get_sg(struct drm_i915_gem_object *obj,
>>>> +(__i915_gem_object_get_sg)(struct drm_i915_gem_object *obj,
>>>> struct i915_gem_object_page_iter *iter,
>>>> - unsigned int n,
>>>> - unsigned int *offset,
>>>> - bool dma)
>>>> + pgoff_t n,
>>>> + unsigned int *offset)
>>>> +
>>>
>>> Nitpick: no need to place the function name in parenthesis.
>>>
>>>> {
>>>> - struct scatterlist *sg;
>>>> + const bool dma = iter == &obj->mm.get_dma_page ||
>>>> + iter == &obj->ttm.get_io_page;
>>>> unsigned int idx, count;
>>>> + struct scatterlist *sg;
>>>>
>>>> might_sleep();
>>>> GEM_BUG_ON(n >= obj->base.size >> PAGE_SHIFT);
>>>> @@ -618,7 +620,7 @@ __i915_gem_object_get_sg(struct drm_i915_gem_object *obj,
>>>> }
>>>>
>>>> struct page *
>>>> -i915_gem_object_get_page(struct drm_i915_gem_object *obj, unsigned int n)
>>>> +(i915_gem_object_get_page)(struct drm_i915_gem_object *obj, pgoff_t n)
>>>
>>> Same as above: why are you placing parenthesis at the function name here?
>>> Just use:
>>>
>>> struct page *
>>> i915_gem_object_get_page(struct drm_i915_gem_object *obj, pgoff_t n)
>>>
>> In this case, the macro and function have the same name. If parenthesis
>> is not used, the following compile error occurs as the macro is applied
>> to the c code.
>>
>> ./drivers/gpu/drm/i915/gem/i915_gem_object.h:356:55: error: expected
>> identifier or ‘(’ before ‘{’ token
>> 356 | #define __i915_gem_object_get_sg(obj, it, n, offset) ({ \
>> | ^
>> drivers/gpu/drm/i915/gem/i915_gem_pages.c:506:1: note: in expansion of
>> macro ‘__i915_gem_object_get_sg’
>> 506 | __i915_gem_object_get_sg(struct drm_i915_gem_object *obj,
>> | ^~~~~~~~~~~~~~~~~~~~~~~~
>>
>> And all of the parts you leave comments below are cases where the names
>> of macros and functions are the same.
>
> Don't use the same macro name on a function. This is very confusing
> and will prevent ever adding documentation for it, as, for kernel-doc,
> macros and functions are handled at the same namespace. So, no
> duplication is allowed.
>
> Probably the best here would be to replace the macros by inlined
> functions.
>
When using an inline function, the function can check the types after
typecasting its arguments.
It is more efficient to use the above macro style to check input
argument's type in the compilation stage.
This way is also used in the macro below among the existing i915 codes.
#define sg_alloc_table(sgt, nents, gfp) \
overflows_type(nents, __sg_size_t) ? -E2BIG : (sg_alloc_table)(sgt,
(__sg_size_t)(nents), gfp)
#define sg_alloc_table_from_pages_segment(sgt, pages, npages, offset,
size, max_segment, gfp) \
overflows_type(npages, __sg_size_t) ? -E2BIG :
(sg_alloc_table_from_pages_segment)(sgt, pages, (__sg_size_t)(npages),
offset, size, max_segment, gfp)
This method has the advantage of being able to check the type of a
variable passed as a function argument before it is typecast.
However, the kernel-doc's issues is something I didn't think consider
before. To fix the naming problem in the documentation, I will change
the macro name and the function name differently and send it as a new
version.
Br,
G.G.
> Regards,
> Mauro
>
next prev parent reply other threads:[~2022-07-12 10:30 UTC|newest]
Thread overview: 24+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-07-05 12:24 [Intel-gfx] [PATCH v2 0/7] Fixes integer overflow or integer truncation issues in page lookups, ttm place configuration and scatterlist creation Gwan-gyeong Mun
2022-07-05 12:24 ` [Intel-gfx] [PATCH v2 1/7] drm: Move and add a few utility macros into drm util header Gwan-gyeong Mun
2022-07-05 14:23 ` Mauro Carvalho Chehab
2022-07-06 15:04 ` Gwan-gyeong Mun
2022-07-06 17:05 ` Mauro Carvalho Chehab
2022-07-12 10:50 ` Gwan-gyeong Mun
2022-07-05 12:24 ` [Intel-gfx] [PATCH v2 2/7] drm/i915/gem: Typecheck page lookups Gwan-gyeong Mun
2022-07-05 14:35 ` Mauro Carvalho Chehab
2022-07-06 16:33 ` Gwan-gyeong Mun
2022-07-06 17:10 ` Mauro Carvalho Chehab
2022-07-12 10:29 ` Gwan-gyeong Mun [this message]
2022-07-05 12:24 ` [Intel-gfx] [PATCH v2 3/7] drm/i915: Check for integer truncation on scatterlist creation Gwan-gyeong Mun
2022-07-05 14:48 ` Mauro Carvalho Chehab
2022-07-05 12:24 ` [Intel-gfx] [PATCH v2 4/7] drm/i915: Check for integer truncation on the configuration of ttm place Gwan-gyeong Mun
2022-07-05 14:44 ` Mauro Carvalho Chehab
2022-07-05 12:24 ` [Intel-gfx] [PATCH v2 5/7] drm/i915: Check if the size is too big while creating shmem file Gwan-gyeong Mun
2022-07-05 14:50 ` Mauro Carvalho Chehab
2022-07-05 12:24 ` [Intel-gfx] [PATCH v2 6/7] drm/i915: Use error code as -E2BIG when the size of gem ttm object is too large Gwan-gyeong Mun
2022-07-05 14:50 ` Mauro Carvalho Chehab
2022-07-05 12:24 ` [Intel-gfx] [PATCH v2 7/7] drm/i915: Remove truncation warning for large objects Gwan-gyeong Mun
2022-07-05 14:51 ` Mauro Carvalho Chehab
2022-07-05 14:54 ` [Intel-gfx] ✗ Fi.CI.CHECKPATCH: warning for Fixes integer overflow or integer truncation issues in page lookups, ttm place configuration and scatterlist creation (rev3) Patchwork
2022-07-05 15:13 ` [Intel-gfx] ✓ Fi.CI.BAT: success " Patchwork
2022-07-05 18:44 ` [Intel-gfx] ✓ Fi.CI.IGT: " Patchwork
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=107f35de-1b72-b3ae-3939-b53df5cd95c6@intel.com \
--to=gwan-gyeong.mun@intel.com \
--cc=airlied@linux.ie \
--cc=chris@chris-wilson.co.uk \
--cc=dri-devel@lists.freedesktop.org \
--cc=intel-gfx@lists.freedesktop.org \
--cc=jani.nikula@intel.com \
--cc=matthew.auld@intel.com \
--cc=mauro.chehab@linux.intel.com \
--cc=nirmoy.das@intel.com \
--cc=thomas.hellstrom@linux.intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox