[PATCH] drm/i915: add sanity check for partial view creation

[PATCH] drm/i915: add sanity check for partial view creation

[Matthew Auld]

When binding pages for a partial view we should check that the offset +
size is valid relative to the size of the gem object.

Cc: Joonas Lahtinen <joonas.lahtinen@linux.intel.com>
Signed-off-by: Matthew Auld <matthew.auld@intel.com>
---
 drivers/gpu/drm/i915/i915_gem_gtt.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/drivers/gpu/drm/i915/i915_gem_gtt.c b/drivers/gpu/drm/i915/i915_gem_gtt.c
index 49e4f26..a477bb2 100644
--- a/drivers/gpu/drm/i915/i915_gem_gtt.c
+++ b/drivers/gpu/drm/i915/i915_gem_gtt.c
@@ -3500,6 +3500,10 @@ intel_partial_pages(const struct i915_ggtt_view *view,
 	struct sg_page_iter obj_sg_iter;
 	int ret = -ENOMEM;
 
+	if (view->params.partial.offset + view->params.partial.size >
+	    obj->pages->nents)
+		return ERR_PTR(-EINVAL);
+
 	st = kmalloc(sizeof(*st), GFP_KERNEL);
 	if (!st)
 		goto err_st_alloc;
-- 
2.4.3

_______________________________________________
Intel-gfx mailing list
Intel-gfx@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/intel-gfx

Re: [PATCH] drm/i915: add sanity check for partial view creation

[Ville Syrjälä]

On Mon, Feb 29, 2016 at 05:11:02PM +0000, Matthew Auld wrote:
> When binding pages for a partial view we should check that the offset +
> size is valid relative to the size of the gem object.
> 
> Cc: Joonas Lahtinen <joonas.lahtinen@linux.intel.com>
> Signed-off-by: Matthew Auld <matthew.auld@intel.com>
> ---
>  drivers/gpu/drm/i915/i915_gem_gtt.c | 4 ++++
>  1 file changed, 4 insertions(+)
> 
> diff --git a/drivers/gpu/drm/i915/i915_gem_gtt.c b/drivers/gpu/drm/i915/i915_gem_gtt.c
> index 49e4f26..a477bb2 100644
> --- a/drivers/gpu/drm/i915/i915_gem_gtt.c
> +++ b/drivers/gpu/drm/i915/i915_gem_gtt.c
> @@ -3500,6 +3500,10 @@ intel_partial_pages(const struct i915_ggtt_view *view,
>  	struct sg_page_iter obj_sg_iter;
>  	int ret = -ENOMEM;
>  
> +	if (view->params.partial.offset + view->params.partial.size >
> +	    obj->pages->nents)
> +		return ERR_PTR(-EINVAL);

It seems to me that if we hit this, there must a bug somewhere higher
up.

> +
>  	st = kmalloc(sizeof(*st), GFP_KERNEL);
>  	if (!st)
>  		goto err_st_alloc;
> -- 
> 2.4.3
> 
> _______________________________________________
> Intel-gfx mailing list
> Intel-gfx@lists.freedesktop.org
> https://lists.freedesktop.org/mailman/listinfo/intel-gfx

-- 
Ville Syrjälä
Intel OTC
_______________________________________________
Intel-gfx mailing list
Intel-gfx@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/intel-gfx

Re: [PATCH] drm/i915: add sanity check for partial view creation

[Joonas Lahtinen]

On ma, 2016-02-29 at 17:11 +0000, Matthew Auld wrote:
> When binding pages for a partial view we should check that the offset +
> size is valid relative to the size of the gem object.
> 
> Cc: Joonas Lahtinen <joonas.lahtinen@linux.intel.com>

Reviewed-by: Joonas Lahtinen <joonas.lahtinen@linux.intel.com>

> Signed-off-by: Matthew Auld <matthew.auld@intel.com>
> ---
>  drivers/gpu/drm/i915/i915_gem_gtt.c | 4 ++++
>  1 file changed, 4 insertions(+)
> 
> diff --git a/drivers/gpu/drm/i915/i915_gem_gtt.c b/drivers/gpu/drm/i915/i915_gem_gtt.c
> index 49e4f26..a477bb2 100644
> --- a/drivers/gpu/drm/i915/i915_gem_gtt.c
> +++ b/drivers/gpu/drm/i915/i915_gem_gtt.c
> @@ -3500,6 +3500,10 @@ intel_partial_pages(const struct i915_ggtt_view *view,
>  	struct sg_page_iter obj_sg_iter;
>  	int ret = -ENOMEM;
>  
> +	if (view->params.partial.offset + view->params.partial.size >
> +	    obj->pages->nents)
> +		return ERR_PTR(-EINVAL);
> +
>  	st = kmalloc(sizeof(*st), GFP_KERNEL);
>  	if (!st)
>  		goto err_st_alloc;
-- 
Joonas Lahtinen
Open Source Technology Center
Intel Corporation
_______________________________________________
Intel-gfx mailing list
Intel-gfx@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/intel-gfx

Re: [PATCH] drm/i915: add sanity check for partial view creation

[Tvrtko Ursulin]

On 29/02/16 17:11, Matthew Auld wrote:
> When binding pages for a partial view we should check that the offset +
> size is valid relative to the size of the gem object.
>
> Cc: Joonas Lahtinen <joonas.lahtinen@linux.intel.com>
> Signed-off-by: Matthew Auld <matthew.auld@intel.com>
> ---
>   drivers/gpu/drm/i915/i915_gem_gtt.c | 4 ++++
>   1 file changed, 4 insertions(+)
>
> diff --git a/drivers/gpu/drm/i915/i915_gem_gtt.c b/drivers/gpu/drm/i915/i915_gem_gtt.c
> index 49e4f26..a477bb2 100644
> --- a/drivers/gpu/drm/i915/i915_gem_gtt.c
> +++ b/drivers/gpu/drm/i915/i915_gem_gtt.c
> @@ -3500,6 +3500,10 @@ intel_partial_pages(const struct i915_ggtt_view *view,
>   	struct sg_page_iter obj_sg_iter;
>   	int ret = -ENOMEM;
>
> +	if (view->params.partial.offset + view->params.partial.size >
> +	    obj->pages->nents)
> +		return ERR_PTR(-EINVAL);
> +

obj->pages->nents is not guaranteed to be equal to number of pages but 
can be less than due sg entry coalescing.

I suggest replacing with a check against "obj->base.size >> PAGE_SHIFT".

>   	st = kmalloc(sizeof(*st), GFP_KERNEL);
>   	if (!st)
>   		goto err_st_alloc;
>

Regards,

Tvrtko
_______________________________________________
Intel-gfx mailing list
Intel-gfx@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/intel-gfx

Re: [PATCH] drm/i915: add sanity check for partial view creation

[Chris Wilson]

On Wed, Mar 02, 2016 at 03:29:12PM +0200, Joonas Lahtinen wrote:
> On ma, 2016-02-29 at 17:11 +0000, Matthew Auld wrote:
> > When binding pages for a partial view we should check that the offset +
> > size is valid relative to the size of the gem object.
> > 
> > Cc: Joonas Lahtinen <joonas.lahtinen@linux.intel.com>
> 
> Reviewed-by: Joonas Lahtinen <joonas.lahtinen@linux.intel.com>
> 
> > Signed-off-by: Matthew Auld <matthew.auld@intel.com>
> > ---
> >  drivers/gpu/drm/i915/i915_gem_gtt.c | 4 ++++
> >  1 file changed, 4 insertions(+)
> > 
> > diff --git a/drivers/gpu/drm/i915/i915_gem_gtt.c b/drivers/gpu/drm/i915/i915_gem_gtt.c
> > index 49e4f26..a477bb2 100644
> > --- a/drivers/gpu/drm/i915/i915_gem_gtt.c
> > +++ b/drivers/gpu/drm/i915/i915_gem_gtt.c
> > @@ -3500,6 +3500,10 @@ intel_partial_pages(const struct i915_ggtt_view *view,
> >  	struct sg_page_iter obj_sg_iter;
> >  	int ret = -ENOMEM;
> >  
> > +	if (view->params.partial.offset + view->params.partial.size >
> > +	    obj->pages->nents)
> > +		return ERR_PTR(-EINVAL);

Wrong. Tell me again what nents has to do with the object size?
-Chris

-- 
Chris Wilson, Intel Open Source Technology Centre
_______________________________________________
Intel-gfx mailing list
Intel-gfx@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/intel-gfx

Re: [PATCH] drm/i915: add sanity check for partial view creation

[Joonas Lahtinen]

On ma, 2016-02-29 at 19:57 +0200, Ville Syrjälä wrote:
> On Mon, Feb 29, 2016 at 05:11:02PM +0000, Matthew Auld wrote:
> > 
> > When binding pages for a partial view we should check that the offset +
> > size is valid relative to the size of the gem object.
> > 
> > Cc: Joonas Lahtinen <joonas.lahtinen@linux.intel.com>
> > Signed-off-by: Matthew Auld <matthew.auld@intel.com>
> > ---
> >  drivers/gpu/drm/i915/i915_gem_gtt.c | 4 ++++
> >  1 file changed, 4 insertions(+)
> > 
> > diff --git a/drivers/gpu/drm/i915/i915_gem_gtt.c b/drivers/gpu/drm/i915/i915_gem_gtt.c
> > index 49e4f26..a477bb2 100644
> > --- a/drivers/gpu/drm/i915/i915_gem_gtt.c
> > +++ b/drivers/gpu/drm/i915/i915_gem_gtt.c
> > @@ -3500,6 +3500,10 @@ intel_partial_pages(const struct i915_ggtt_view *view,
> >  	struct sg_page_iter obj_sg_iter;
> >  	int ret = -ENOMEM;
> >  
> > +	if (view->params.partial.offset + view->params.partial.size >
> > +	    obj->pages->nents)
> > +		return ERR_PTR(-EINVAL);
> It seems to me that if we hit this, there must a bug somewhere higher
> up.
> 

Currently yes. This is in preparation of the more widespread support
for partial views and was chosen as a good get-to-know-GEM-code
candidate.

Regards, Joonas

> > 
> > +
> >  	st = kmalloc(sizeof(*st), GFP_KERNEL);
> >  	if (!st)
> >  		goto err_st_alloc;
> > -- 
> > 2.4.3
> > 
> > _______________________________________________
> > Intel-gfx mailing list
> > Intel-gfx@lists.freedesktop.org
> > https://lists.freedesktop.org/mailman/listinfo/intel-gfx
-- 
Joonas Lahtinen
Open Source Technology Center
Intel Corporation
_______________________________________________
Intel-gfx mailing list
Intel-gfx@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/intel-gfx

[PATCH] drm/i915: add sanity check for partial view creation

[Matthew Auld]

When binding pages for a partial view we should check that the offset +
size is valid relative to the size of the gem object.

v2: Don't use pages->nents to determine the page count (Tvrtko Ursulin)

Cc: Joonas Lahtinen <joonas.lahtinen@linux.intel.com>
Signed-off-by: Matthew Auld <matthew.auld@intel.com>
---
 drivers/gpu/drm/i915/i915_gem_gtt.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/drivers/gpu/drm/i915/i915_gem_gtt.c b/drivers/gpu/drm/i915/i915_gem_gtt.c
index 7b8de85..2c49d043 100644
--- a/drivers/gpu/drm/i915/i915_gem_gtt.c
+++ b/drivers/gpu/drm/i915/i915_gem_gtt.c
@@ -3493,6 +3493,10 @@ intel_partial_pages(const struct i915_ggtt_view *view,
 	struct sg_page_iter obj_sg_iter;
 	int ret = -ENOMEM;
 
+	if (view->params.partial.offset + view->params.partial.size >
+	    obj->base.size >> PAGE_SHIFT)
+		return ERR_PTR(-EINVAL);
+
 	st = kmalloc(sizeof(*st), GFP_KERNEL);
 	if (!st)
 		goto err_st_alloc;
-- 
2.4.3

_______________________________________________
Intel-gfx mailing list
Intel-gfx@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/intel-gfx

Re: [PATCH] drm/i915: add sanity check for partial view creation

[Chris Wilson]

On Wed, Mar 02, 2016 at 02:33:29PM +0000, Matthew Auld wrote:
> When binding pages for a partial view we should check that the offset +
> size is valid relative to the size of the gem object.
> 
> v2: Don't use pages->nents to determine the page count (Tvrtko Ursulin)
> 
> Cc: Joonas Lahtinen <joonas.lahtinen@linux.intel.com>
> Signed-off-by: Matthew Auld <matthew.auld@intel.com>
> ---
>  drivers/gpu/drm/i915/i915_gem_gtt.c | 4 ++++
>  1 file changed, 4 insertions(+)
> 
> diff --git a/drivers/gpu/drm/i915/i915_gem_gtt.c b/drivers/gpu/drm/i915/i915_gem_gtt.c
> index 7b8de85..2c49d043 100644
> --- a/drivers/gpu/drm/i915/i915_gem_gtt.c
> +++ b/drivers/gpu/drm/i915/i915_gem_gtt.c
> @@ -3493,6 +3493,10 @@ intel_partial_pages(const struct i915_ggtt_view *view,
>  	struct sg_page_iter obj_sg_iter;
>  	int ret = -ENOMEM;
>  
> +	if (view->params.partial.offset + view->params.partial.size >

Handle overflow?

Why do it here and not at creation?

What bug are you fixing?


> +	    obj->base.size >> PAGE_SHIFT)
> +		return ERR_PTR(-EINVAL);

Is this a user error? Or just an internal programming bug.
-Chris

-- 
Chris Wilson, Intel Open Source Technology Centre
_______________________________________________
Intel-gfx mailing list
Intel-gfx@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/intel-gfx

Re: [PATCH] drm/i915: add sanity check for partial view creation

[Auld, Matthew]

> Handle overflow?

Okay, good idea.

> Why do it here and not at creation?

We could, given that we currently only exercise partial views in the gem fault handler code, but as Joonas mentioned we are expecting further use of partial views, so it makes sense to have the check in only one place.

> What bug are you fixing?

afaik this doesn't fix a bug, but it does seem like a reasonable sanity check to add, given more widespread use of partial views.

> Is this a user error? Or just an internal programming bug.

I think if we were to ever hit this it would be indicative of an internal programming bug.
________________________________________
From: Chris Wilson [chris@chris-wilson.co.uk]
Sent: 02 March 2016 14:42
To: Auld, Matthew
Cc: intel-gfx@lists.freedesktop.org
Subject: Re: [Intel-gfx] [PATCH] drm/i915: add sanity check for partial view creation

On Wed, Mar 02, 2016 at 02:33:29PM +0000, Matthew Auld wrote:
> When binding pages for a partial view we should check that the offset +
> size is valid relative to the size of the gem object.
>
> v2: Don't use pages->nents to determine the page count (Tvrtko Ursulin)
>
> Cc: Joonas Lahtinen <joonas.lahtinen@linux.intel.com>
> Signed-off-by: Matthew Auld <matthew.auld@intel.com>
> ---
>  drivers/gpu/drm/i915/i915_gem_gtt.c | 4 ++++
>  1 file changed, 4 insertions(+)
>
> diff --git a/drivers/gpu/drm/i915/i915_gem_gtt.c b/drivers/gpu/drm/i915/i915_gem_gtt.c
> index 7b8de85..2c49d043 100644
> --- a/drivers/gpu/drm/i915/i915_gem_gtt.c
> +++ b/drivers/gpu/drm/i915/i915_gem_gtt.c
> @@ -3493,6 +3493,10 @@ intel_partial_pages(const struct i915_ggtt_view *view,
>       struct sg_page_iter obj_sg_iter;
>       int ret = -ENOMEM;
>
> +     if (view->params.partial.offset + view->params.partial.size >

Handle overflow?

Why do it here and not at creation?

What bug are you fixing?


> +         obj->base.size >> PAGE_SHIFT)
> +             return ERR_PTR(-EINVAL);

Is this a user error? Or just an internal programming bug.
-Chris

--
Chris Wilson, Intel Open Source Technology Centre
_______________________________________________
Intel-gfx mailing list
Intel-gfx@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/intel-gfx

Re: [PATCH] drm/i915: add sanity check for partial view creation

[Chris Wilson]

On Thu, Mar 03, 2016 at 11:27:47AM +0000, Auld, Matthew wrote:
> > Handle overflow?
> 
> Okay, good idea.
> 
> > Why do it here and not at creation?
> 
> We could, given that we currently only exercise partial views in the gem fault handler code, but as Joonas mentioned we are expecting further use of partial views, so it makes sense to have the check in only one place.

More use of broken code? Please review the patches to fix the current
implementation first!
-Chris

-- 
Chris Wilson, Intel Open Source Technology Centre
_______________________________________________
Intel-gfx mailing list
Intel-gfx@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/intel-gfx

[PATCH] drm/i915: add sanity check for partial view creation

[Matthew Auld]

When binding pages for a partial view we should check that the offset +
size is valid relative to the size of the gem object.

v2: Don't use pages->nents to determine the page count (Tvrtko Ursulin)
v3: Handle potential overflow (Chris Wilson)

Cc: Joonas Lahtinen <joonas.lahtinen@linux.intel.com>
Signed-off-by: Matthew Auld <matthew.auld@intel.com>
---
 drivers/gpu/drm/i915/i915_gem_gtt.c | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/drivers/gpu/drm/i915/i915_gem_gtt.c b/drivers/gpu/drm/i915/i915_gem_gtt.c
index 7b8de85..596692b 100644
--- a/drivers/gpu/drm/i915/i915_gem_gtt.c
+++ b/drivers/gpu/drm/i915/i915_gem_gtt.c
@@ -3493,6 +3493,13 @@ intel_partial_pages(const struct i915_ggtt_view *view,
 	struct sg_page_iter obj_sg_iter;
 	int ret = -ENOMEM;
 
+	if (U64_MAX - view->params.partial.offset < view->params.partial.size)
+		return ERR_PTR(-ERANGE);
+
+	if (view->params.partial.offset + view->params.partial.size >
+	    obj->base.size >> PAGE_SHIFT)
+		return ERR_PTR(-EINVAL);
+
 	st = kmalloc(sizeof(*st), GFP_KERNEL);
 	if (!st)
 		goto err_st_alloc;
-- 
2.4.3

_______________________________________________
Intel-gfx mailing list
Intel-gfx@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/intel-gfx

Re: [PATCH] drm/i915: add sanity check for partial view creation

[Chris Wilson]

On Fri, Mar 04, 2016 at 10:11:24AM +0000, Matthew Auld wrote:
> When binding pages for a partial view we should check that the offset +
> size is valid relative to the size of the gem object.
> 
> v2: Don't use pages->nents to determine the page count (Tvrtko Ursulin)
> v3: Handle potential overflow (Chris Wilson)
> 
> Cc: Joonas Lahtinen <joonas.lahtinen@linux.intel.com>
> Signed-off-by: Matthew Auld <matthew.auld@intel.com>
> ---
>  drivers/gpu/drm/i915/i915_gem_gtt.c | 7 +++++++
>  1 file changed, 7 insertions(+)
> 
> diff --git a/drivers/gpu/drm/i915/i915_gem_gtt.c b/drivers/gpu/drm/i915/i915_gem_gtt.c
> index 7b8de85..596692b 100644
> --- a/drivers/gpu/drm/i915/i915_gem_gtt.c
> +++ b/drivers/gpu/drm/i915/i915_gem_gtt.c
> @@ -3493,6 +3493,13 @@ intel_partial_pages(const struct i915_ggtt_view *view,
>  	struct sg_page_iter obj_sg_iter;
>  	int ret = -ENOMEM;
>  
> +	if (U64_MAX - view->params.partial.offset < view->params.partial.size)
> +		return ERR_PTR(-ERANGE);

Idiomatically is this how we test for offset+size overflows?

> +	if (view->params.partial.offset + view->params.partial.size >
> +	    obj->base.size >> PAGE_SHIFT)
> +		return ERR_PTR(-EINVAL);

This is still idiotic (placement, choice of runtime errors for a
programmer error). If this concerns you that, please look at the API,
and please review the outstanding patches.
-Chris

-- 
Chris Wilson, Intel Open Source Technology Centre
_______________________________________________
Intel-gfx mailing list
Intel-gfx@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/intel-gfx

✗ Fi.CI.BAT: failure for drm/i915: add sanity check for partial view creation (rev3)

[Patchwork]

== Series Details ==

Series: drm/i915: add sanity check for partial view creation (rev3)
URL   : https://patchwork.freedesktop.org/series/3926/
State : failure

== Summary ==

Series 3926v3 drm/i915: add sanity check for partial view creation
http://patchwork.freedesktop.org/api/1.0/series/3926/revisions/3/mbox/

Test gem_sync:
        Subgroup basic-render:
                pass       -> INCOMPLETE (bdw-nuci7) UNSTABLE
Test kms_flip:
        Subgroup basic-flip-vs-dpms:
                dmesg-warn -> PASS       (ilk-hp8440p) UNSTABLE
        Subgroup basic-flip-vs-modeset:
                dmesg-warn -> PASS       (ilk-hp8440p) UNSTABLE
        Subgroup basic-flip-vs-wf_vblank:
                dmesg-warn -> PASS       (hsw-brixbox)
Test kms_frontbuffer_tracking:
        Subgroup basic:
                fail       -> PASS       (bsw-nuc-2)
Test kms_pipe_crc_basic:
        Subgroup read-crc-pipe-c:
                dmesg-warn -> PASS       (hsw-brixbox)
        Subgroup read-crc-pipe-c-frame-sequence:
                pass       -> DMESG-WARN (hsw-brixbox)
        Subgroup suspend-read-crc-pipe-b:
                pass       -> INCOMPLETE (hsw-gt2)
Test pm_rpm:
        Subgroup basic-pci-d3-state:
                fail       -> DMESG-FAIL (snb-x220t)

bdw-nuci7        total:95   pass:86   dwarn:0   dfail:0   fail:0   skip:8  
bdw-ultra        total:183  pass:165  dwarn:0   dfail:0   fail:0   skip:18 
bsw-nuc-2        total:183  pass:149  dwarn:0   dfail:0   fail:0   skip:34 
byt-nuc          total:183  pass:152  dwarn:0   dfail:0   fail:0   skip:31 
hsw-brixbox      total:183  pass:163  dwarn:1   dfail:0   fail:0   skip:19 
hsw-gt2          total:122  pass:109  dwarn:0   dfail:0   fail:0   skip:12 
ilk-hp8440p      total:183  pass:125  dwarn:0   dfail:0   fail:0   skip:58 
ivb-t430s        total:183  pass:162  dwarn:0   dfail:0   fail:0   skip:21 
skl-i5k-2        total:183  pass:163  dwarn:0   dfail:0   fail:0   skip:20 
skl-i7k-2        total:183  pass:163  dwarn:0   dfail:0   fail:0   skip:20 
snb-dellxps      total:183  pass:153  dwarn:1   dfail:0   fail:0   skip:29 
snb-x220t        total:183  pass:154  dwarn:0   dfail:1   fail:0   skip:28 

Results at /archive/results/CI_IGT_test/Patchwork_1528/

91a38d589cb775a4486cec599413f581b2e8f437 drm-intel-nightly: 2016y-03m-03d-17h-31m-44s UTC integration manifest
c8149964b8e93364a1cf6ff2baa5339e8b891b0c drm/i915: add sanity check for partial view creation

_______________________________________________
Intel-gfx mailing list
Intel-gfx@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/intel-gfx

Re: [PATCH] drm/i915: add sanity check for partial view creation

[Matthew Auld]

> If this concerns you that, please look at the API,
and please review the outstanding patches.

Could you elaborate on this please?
What patches are you referring to?
_______________________________________________
Intel-gfx mailing list
Intel-gfx@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/intel-gfx

[PATCH] drm/i915: add sanity check for partial view creation

[Matthew Auld]

Upon creating a partial view we should check that the offset + size is
valid relative to the size of the gem object.

v2:
(Tvrtko Ursulin)
    - Don't use pages->nents to determine the page count
v3:
(Chris Wilson)
    - Handle potential overflow
v4:
(Chris Wilson)
    - Idiomatically handle overflow
    - Less idiotic placement
    - Treat as programmer error

Cc: Joonas Lahtinen <joonas.lahtinen@linux.intel.com>
Signed-off-by: Matthew Auld <matthew.auld@intel.com>
---
 drivers/gpu/drm/i915/i915_gem_gtt.c | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/drivers/gpu/drm/i915/i915_gem_gtt.c b/drivers/gpu/drm/i915/i915_gem_gtt.c
index fb0f963..593eb15 100644
--- a/drivers/gpu/drm/i915/i915_gem_gtt.c
+++ b/drivers/gpu/drm/i915/i915_gem_gtt.c
@@ -3356,6 +3356,14 @@ i915_gem_obj_lookup_or_create_ggtt_vma(struct drm_i915_gem_object *obj,
 	if (WARN_ON(!view))
 		return ERR_PTR(-EINVAL);
 
+	if (view->type == I915_GGTT_VIEW_PARTIAL) {
+		unsigned int page_count = obj->base.size >> PAGE_SHIFT;
+		if (WARN_ON(view->params.partial.offset > page_count ||
+			    view->params.partial.size > page_count  -
+			    view->params.partial.offset))
+			return ERR_PTR(-EINVAL);
+	}
+
 	vma = i915_gem_obj_to_ggtt_view(obj, view);
 
 	if (IS_ERR(vma))
-- 
2.4.3

_______________________________________________
Intel-gfx mailing list
Intel-gfx@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/intel-gfx