re: drm/i915: Decouple execbuf uAPI from internal implementation

re: drm/i915: Decouple execbuf uAPI from internal implementation

[Dan Carpenter]

Hello Tvrtko Ursulin,

The patch de1add360522: "drm/i915: Decouple execbuf uAPI from
internal implementation" from Jan 15, 2016, leads to the following
static checker warning:

	drivers/gpu/drm/i915/i915_gem_execbuffer.c:1411 eb_select_ring()
	warn: buffer overflow 'dev_priv->ring' 5 <= 16385

drivers/gpu/drm/i915/i915_gem_execbuffer.c
  1397          if (user_ring_id == I915_EXEC_BSD && HAS_BSD2(dev_priv)) {
  1398                  unsigned int bsd_idx = args->flags & I915_EXEC_BSD_MASK;
  1399  
  1400                  if (bsd_idx == I915_EXEC_BSD_DEFAULT) {
  1401                          bsd_idx = gen8_dispatch_bsd_ring(dev_priv, file);
  1402                  } else if (bsd_idx >= I915_EXEC_BSD_RING1 &&
  1403                             bsd_idx <= I915_EXEC_BSD_RING2) {
  1404                          bsd_idx--;
                                ^^^^^^^^^
This should probablye be "bsd_idx = (bsd_idx >> 13) - 1;" or something.

  1405                  } else {
  1406                          DRM_DEBUG("execbuf with unknown bsd ring: %u\n",
  1407                                    bsd_idx);
  1408                          return -EINVAL;
  1409                  }
  1410  
  1411                  *ring = &dev_priv->ring[_VCS(bsd_idx)];

Otherwise we're way past the end of this array.

  1412          } else {
  1413                  *ring = &dev_priv->ring[user_ring_map[user_ring_id]];
  1414          }
  1415  
  1416          if (!intel_ring_initialized(*ring)) {
  1417                  DRM_DEBUG("execbuf with invalid ring: %u\n", user_ring_id);
  1418                  return -EINVAL;
  1419          }

regards,
dan carpenter
_______________________________________________
dri-devel mailing list
dri-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/dri-devel

Re: [Intel-gfx] drm/i915: Decouple execbuf uAPI from internal implementation

[Tvrtko Ursulin]

Hi Dan,

On 28/01/16 22:30, Dan Carpenter wrote:
> Hello Tvrtko Ursulin,
>
> The patch de1add360522: "drm/i915: Decouple execbuf uAPI from
> internal implementation" from Jan 15, 2016, leads to the following
> static checker warning:
>
> 	drivers/gpu/drm/i915/i915_gem_execbuffer.c:1411 eb_select_ring()
> 	warn: buffer overflow 'dev_priv->ring' 5 <= 16385
>
> drivers/gpu/drm/i915/i915_gem_execbuffer.c
>    1397          if (user_ring_id == I915_EXEC_BSD && HAS_BSD2(dev_priv)) {
>    1398                  unsigned int bsd_idx = args->flags & I915_EXEC_BSD_MASK;
>    1399
>    1400                  if (bsd_idx == I915_EXEC_BSD_DEFAULT) {
>    1401                          bsd_idx = gen8_dispatch_bsd_ring(dev_priv, file);
>    1402                  } else if (bsd_idx >= I915_EXEC_BSD_RING1 &&
>    1403                             bsd_idx <= I915_EXEC_BSD_RING2) {
>    1404                          bsd_idx--;
>                                  ^^^^^^^^^
> This should probablye be "bsd_idx = (bsd_idx >> 13) - 1;" or something.
>
>    1405                  } else {
>    1406                          DRM_DEBUG("execbuf with unknown bsd ring: %u\n",
>    1407                                    bsd_idx);
>    1408                          return -EINVAL;
>    1409                  }
>    1410
>    1411                  *ring = &dev_priv->ring[_VCS(bsd_idx)];
>
> Otherwise we're way past the end of this array.

Yep, we have already found this and fixed it in "drm/i915: Fix VCS ring 
selection after uapi decoupling".

Thanks for the report, it is very useful!

Regards,

Tvrtko
_______________________________________________
dri-devel mailing list
dri-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/dri-devel