* [PATCH] drm/i915/ppgtt: Prevent NULL deref in reset ioctl
@ 2013-12-19 23:22 Ben Widawsky
2013-12-20 6:05 ` Daniel Vetter
2013-12-22 20:55 ` [PATCH] drm/i915/ppgtt: Never return a NULL context Ben Widawsky
0 siblings, 2 replies; 14+ messages in thread
From: Ben Widawsky @ 2013-12-19 23:22 UTC (permalink / raw)
To: Intel GFX; +Cc: Ben Widawsky, Ben Widawsky
If we look up an invalid context ID, the idr will return NULL. The ptr
is unconditionally dereferenced afterwards causing a problem.
Note that if the context does not exist, we still return success. This
appears to be the behavior desired by gem_reset_stats --subtest ban
Introduced in v3 of
commit 41bde5535a7d48876095926bb55b1aed5ccd6b2c
Author: Ben Widawsky <ben@bwidawsk.net>
Date: Fri Dec 6 14:11:21 2013 -0800
drm/i915: Get context early in execbuf
Cc: Mika Kuoppala <mika.kuoppala@linux.intel.com>
Signed-off-by: Ben Widawsky <ben@bwidawsk.net>
---
drivers/gpu/drm/i915/intel_uncore.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/gpu/drm/i915/intel_uncore.c b/drivers/gpu/drm/i915/intel_uncore.c
index e52fcce..aa4c55a 100644
--- a/drivers/gpu/drm/i915/intel_uncore.c
+++ b/drivers/gpu/drm/i915/intel_uncore.c
@@ -850,7 +850,7 @@ int i915_get_reset_stats_ioctl(struct drm_device *dev,
return ret;
ctx = i915_gem_context_get(file->driver_priv, args->ctx_id);
- if (IS_ERR(ctx)) {
+ if (IS_ERR_OR_NULL(ctx)) {
mutex_unlock(&dev->struct_mutex);
return PTR_ERR(ctx);
}
--
1.8.5.1
^ permalink raw reply related [flat|nested] 14+ messages in thread* Re: [PATCH] drm/i915/ppgtt: Prevent NULL deref in reset ioctl 2013-12-19 23:22 [PATCH] drm/i915/ppgtt: Prevent NULL deref in reset ioctl Ben Widawsky @ 2013-12-20 6:05 ` Daniel Vetter 2013-12-20 6:55 ` Ben Widawsky 2013-12-22 20:55 ` [PATCH] drm/i915/ppgtt: Never return a NULL context Ben Widawsky 1 sibling, 1 reply; 14+ messages in thread From: Daniel Vetter @ 2013-12-20 6:05 UTC (permalink / raw) To: Ben Widawsky; +Cc: Intel GFX, Ben Widawsky On Fri, Dec 20, 2013 at 12:22 AM, Ben Widawsky <benjamin.widawsky@intel.com> wrote: > ctx = i915_gem_context_get(file->driver_priv, args->ctx_id); > - if (IS_ERR(ctx)) { > + if (IS_ERR_OR_NULL(ctx)) { We now have half the callers check for IS_ERR and the others not. Afaics i915_gem_context_get can only return NULL or a real context though. Also from a quite read the expected error for a lookup failure is ENOENT (and there seems to be a testcase for this). -Daniel -- Daniel Vetter Software Engineer, Intel Corporation +41 (0) 79 365 57 48 - http://blog.ffwll.ch ^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: [PATCH] drm/i915/ppgtt: Prevent NULL deref in reset ioctl 2013-12-20 6:05 ` Daniel Vetter @ 2013-12-20 6:55 ` Ben Widawsky 2013-12-20 14:11 ` Daniel Vetter 0 siblings, 1 reply; 14+ messages in thread From: Ben Widawsky @ 2013-12-20 6:55 UTC (permalink / raw) To: Daniel Vetter; +Cc: Intel GFX, Ben Widawsky On Fri, Dec 20, 2013 at 07:05:10AM +0100, Daniel Vetter wrote: > On Fri, Dec 20, 2013 at 12:22 AM, Ben Widawsky > <benjamin.widawsky@intel.com> wrote: > > ctx = i915_gem_context_get(file->driver_priv, args->ctx_id); > > - if (IS_ERR(ctx)) { > > + if (IS_ERR_OR_NULL(ctx)) { > > We now have half the callers check for IS_ERR and the others not. > Afaics i915_gem_context_get can only return NULL or a real context > though. Also from a quite read the expected error for a lookup failure > is ENOENT (and there seems to be a testcase for this). > -Daniel To your first point: I think checking null is always the right thing currently, but for future proofing, IS_ERR_OR_NULL is really the right thing. After his patch, I believe only i915_gem_context_destroy_ioctl is still incorrect. To the second: This is only based on my memory, so feel free to change whatever you need. When I retuned -ENXIO, the test failed. It should be: return ctx ? PTR_ERR(ctx) : -ENOENT; I had return ctx ? PTR_ERR(ctx) : -ENXIO; which made the subtest fail. However, as we've noted, this itself was not correct. Try the return above. -- Ben Widawsky, Intel Open Source Technology Center ^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: [PATCH] drm/i915/ppgtt: Prevent NULL deref in reset ioctl 2013-12-20 6:55 ` Ben Widawsky @ 2013-12-20 14:11 ` Daniel Vetter 2013-12-20 14:37 ` Jani Nikula 2013-12-20 18:21 ` Ben Widawsky 0 siblings, 2 replies; 14+ messages in thread From: Daniel Vetter @ 2013-12-20 14:11 UTC (permalink / raw) To: Ben Widawsky; +Cc: Intel GFX, Ben Widawsky On Thu, Dec 19, 2013 at 10:55:56PM -0800, Ben Widawsky wrote: > On Fri, Dec 20, 2013 at 07:05:10AM +0100, Daniel Vetter wrote: > > On Fri, Dec 20, 2013 at 12:22 AM, Ben Widawsky > > <benjamin.widawsky@intel.com> wrote: > > > ctx = i915_gem_context_get(file->driver_priv, args->ctx_id); > > > - if (IS_ERR(ctx)) { > > > + if (IS_ERR_OR_NULL(ctx)) { > > > > We now have half the callers check for IS_ERR and the others not. > > Afaics i915_gem_context_get can only return NULL or a real context > > though. Also from a quite read the expected error for a lookup failure > > is ENOENT (and there seems to be a testcase for this). > > -Daniel > > > To your first point: > I think checking null is always the right thing currently, but for > future proofing, IS_ERR_OR_NULL is really the right thing. After his > patch, I believe only i915_gem_context_destroy_ioctl is still incorrect. Using IS_ERR_OR_NULL on a return value which can never contain an encoded errno value is imo confusing, more so when it's inconsitently applied. > To the second: > This is only based on my memory, so feel free to change whatever you > need. When I retuned -ENXIO, the test failed. > > It should be: > return ctx ? PTR_ERR(ctx) : -ENOENT; On a cursory read that's been the semantics before your patch. And there seems to be a testcase in gem_reset_stat for this, have you run all subtests? > I had > return ctx ? PTR_ERR(ctx) : -ENXIO; > which made the subtest fail. However, as we've noted, this itself was > not correct. Try the return above. Thanks, Daniel -- Daniel Vetter Software Engineer, Intel Corporation +41 (0) 79 365 57 48 - http://blog.ffwll.ch ^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: [PATCH] drm/i915/ppgtt: Prevent NULL deref in reset ioctl 2013-12-20 14:11 ` Daniel Vetter @ 2013-12-20 14:37 ` Jani Nikula 2013-12-20 18:21 ` Ben Widawsky 2013-12-20 18:21 ` Ben Widawsky 1 sibling, 1 reply; 14+ messages in thread From: Jani Nikula @ 2013-12-20 14:37 UTC (permalink / raw) To: Daniel Vetter, Ben Widawsky; +Cc: Intel GFX, Ben Widawsky On Fri, 20 Dec 2013, Daniel Vetter <daniel@ffwll.ch> wrote: > On Thu, Dec 19, 2013 at 10:55:56PM -0800, Ben Widawsky wrote: >> On Fri, Dec 20, 2013 at 07:05:10AM +0100, Daniel Vetter wrote: >> > On Fri, Dec 20, 2013 at 12:22 AM, Ben Widawsky >> > <benjamin.widawsky@intel.com> wrote: >> > > ctx = i915_gem_context_get(file->driver_priv, args->ctx_id); >> > > - if (IS_ERR(ctx)) { >> > > + if (IS_ERR_OR_NULL(ctx)) { >> > >> > We now have half the callers check for IS_ERR and the others not. >> > Afaics i915_gem_context_get can only return NULL or a real context >> > though. Also from a quite read the expected error for a lookup failure >> > is ENOENT (and there seems to be a testcase for this). >> > -Daniel >> >> >> To your first point: >> I think checking null is always the right thing currently, but for >> future proofing, IS_ERR_OR_NULL is really the right thing. After his >> patch, I believe only i915_gem_context_destroy_ioctl is still incorrect. > > Using IS_ERR_OR_NULL on a return value which can never contain an > encoded errno value is imo confusing, more so when it's inconsitently > applied. Moreover, the error path then goes on to return 0 for success when the pointer is NULL. BR, Jani. -- Jani Nikula, Intel Open Source Technology Center ^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: [PATCH] drm/i915/ppgtt: Prevent NULL deref in reset ioctl 2013-12-20 14:37 ` Jani Nikula @ 2013-12-20 18:21 ` Ben Widawsky 0 siblings, 0 replies; 14+ messages in thread From: Ben Widawsky @ 2013-12-20 18:21 UTC (permalink / raw) To: Jani Nikula; +Cc: Intel GFX, Ben Widawsky On Fri, Dec 20, 2013 at 04:37:34PM +0200, Jani Nikula wrote: > On Fri, 20 Dec 2013, Daniel Vetter <daniel@ffwll.ch> wrote: > > On Thu, Dec 19, 2013 at 10:55:56PM -0800, Ben Widawsky wrote: > >> On Fri, Dec 20, 2013 at 07:05:10AM +0100, Daniel Vetter wrote: > >> > On Fri, Dec 20, 2013 at 12:22 AM, Ben Widawsky > >> > <benjamin.widawsky@intel.com> wrote: > >> > > ctx = i915_gem_context_get(file->driver_priv, args->ctx_id); > >> > > - if (IS_ERR(ctx)) { > >> > > + if (IS_ERR_OR_NULL(ctx)) { > >> > > >> > We now have half the callers check for IS_ERR and the others not. > >> > Afaics i915_gem_context_get can only return NULL or a real context > >> > though. Also from a quite read the expected error for a lookup failure > >> > is ENOENT (and there seems to be a testcase for this). > >> > -Daniel > >> > >> > >> To your first point: > >> I think checking null is always the right thing currently, but for > >> future proofing, IS_ERR_OR_NULL is really the right thing. After his > >> patch, I believe only i915_gem_context_destroy_ioctl is still incorrect. > > > > Using IS_ERR_OR_NULL on a return value which can never contain an > > encoded errno value is imo confusing, more so when it's inconsitently > > applied. > > Moreover, the error path then goes on to return 0 for success when the > pointer is NULL. > That was mentioned in the commit message. > BR, > Jani. > > > -- > Jani Nikula, Intel Open Source Technology Center -- Ben Widawsky, Intel Open Source Technology Center ^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: [PATCH] drm/i915/ppgtt: Prevent NULL deref in reset ioctl 2013-12-20 14:11 ` Daniel Vetter 2013-12-20 14:37 ` Jani Nikula @ 2013-12-20 18:21 ` Ben Widawsky 1 sibling, 0 replies; 14+ messages in thread From: Ben Widawsky @ 2013-12-20 18:21 UTC (permalink / raw) To: Daniel Vetter; +Cc: Intel GFX, Ben Widawsky On Fri, Dec 20, 2013 at 03:11:09PM +0100, Daniel Vetter wrote: > On Thu, Dec 19, 2013 at 10:55:56PM -0800, Ben Widawsky wrote: > > On Fri, Dec 20, 2013 at 07:05:10AM +0100, Daniel Vetter wrote: > > > On Fri, Dec 20, 2013 at 12:22 AM, Ben Widawsky > > > <benjamin.widawsky@intel.com> wrote: > > > > ctx = i915_gem_context_get(file->driver_priv, args->ctx_id); > > > > - if (IS_ERR(ctx)) { > > > > + if (IS_ERR_OR_NULL(ctx)) { > > > > > > We now have half the callers check for IS_ERR and the others not. > > > Afaics i915_gem_context_get can only return NULL or a real context > > > though. Also from a quite read the expected error for a lookup failure > > > is ENOENT (and there seems to be a testcase for this). > > > -Daniel > > > > > > To your first point: > > I think checking null is always the right thing currently, but for > > future proofing, IS_ERR_OR_NULL is really the right thing. After his > > patch, I believe only i915_gem_context_destroy_ioctl is still incorrect. > > Using IS_ERR_OR_NULL on a return value which can never contain an > encoded errno value is imo confusing, more so when it's inconsitently > applied. > > > To the second: > > This is only based on my memory, so feel free to change whatever you > > need. When I retuned -ENXIO, the test failed. > > > > It should be: > > return ctx ? PTR_ERR(ctx) : -ENOENT; > > On a cursory read that's been the semantics before your patch. And there > seems to be a testcase in gem_reset_stat for this, have you run all > subtests? As I mentioned on IRC, but I think you missed it - a later subtest hits a really bad BUG (pre-ppgtt). It was all pass up to that subtest. > > > I had > > return ctx ? PTR_ERR(ctx) : -ENXIO; > > which made the subtest fail. However, as we've noted, this itself was > > not correct. Try the return above. > > Thanks, Daniel > -- > Daniel Vetter > Software Engineer, Intel Corporation > +41 (0) 79 365 57 48 - http://blog.ffwll.ch -- Ben Widawsky, Intel Open Source Technology Center ^ permalink raw reply [flat|nested] 14+ messages in thread
* [PATCH] drm/i915/ppgtt: Never return a NULL context 2013-12-19 23:22 [PATCH] drm/i915/ppgtt: Prevent NULL deref in reset ioctl Ben Widawsky 2013-12-20 6:05 ` Daniel Vetter @ 2013-12-22 20:55 ` Ben Widawsky 2014-01-01 5:46 ` [PATCH] [v2] " Ben Widawsky 1 sibling, 1 reply; 14+ messages in thread From: Ben Widawsky @ 2013-12-22 20:55 UTC (permalink / raw) To: Intel GFX; +Cc: Ben Widawsky, Ben Widawsky It makes all the code which calls into this function way too confusing. Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=72903 Signed-off-by: Ben Widawsky <ben@bwidawsk.net> --- drivers/gpu/drm/i915/i915_gem_context.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/drivers/gpu/drm/i915/i915_gem_context.c b/drivers/gpu/drm/i915/i915_gem_context.c index ebe0f67..4794c18 100644 --- a/drivers/gpu/drm/i915/i915_gem_context.c +++ b/drivers/gpu/drm/i915/i915_gem_context.c @@ -526,10 +526,16 @@ void i915_gem_context_close(struct drm_device *dev, struct drm_file *file) struct i915_hw_context * i915_gem_context_get(struct drm_i915_file_private *file_priv, u32 id) { + struct i915_hw_context *ctx; + if (!HAS_HW_CONTEXTS(file_priv->dev_priv->dev)) return file_priv->private_default_ctx; - return (struct i915_hw_context *)idr_find(&file_priv->context_idr, id); + ctx = (struct i915_hw_context *)idr_find(&file_priv->context_idr, id); + if (!ctx) + return ERR_PTR(-ENOENT); + + return ctx; } static inline int -- 1.8.5.2 ^ permalink raw reply related [flat|nested] 14+ messages in thread
* [PATCH] [v2] drm/i915/ppgtt: Never return a NULL context 2013-12-22 20:55 ` [PATCH] drm/i915/ppgtt: Never return a NULL context Ben Widawsky @ 2014-01-01 5:46 ` Ben Widawsky 2014-01-02 14:34 ` Mika Kuoppala 0 siblings, 1 reply; 14+ messages in thread From: Ben Widawsky @ 2014-01-01 5:46 UTC (permalink / raw) To: Intel GFX; +Cc: Ben Widawsky, Ben Widawsky It makes all the code which calls into this function way too confusing. v2: Fix destroy IOCTL as well Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=72903 Signed-off-by: Ben Widawsky <ben@bwidawsk.net> --- drivers/gpu/drm/i915/i915_gem_context.c | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/drivers/gpu/drm/i915/i915_gem_context.c b/drivers/gpu/drm/i915/i915_gem_context.c index a90a0a1..f3ac9a2 100644 --- a/drivers/gpu/drm/i915/i915_gem_context.c +++ b/drivers/gpu/drm/i915/i915_gem_context.c @@ -524,10 +524,16 @@ void i915_gem_context_close(struct drm_device *dev, struct drm_file *file) struct i915_hw_context * i915_gem_context_get(struct drm_i915_file_private *file_priv, u32 id) { + struct i915_hw_context *ctx; + if (!HAS_HW_CONTEXTS(file_priv->dev_priv->dev)) return file_priv->private_default_ctx; - return (struct i915_hw_context *)idr_find(&file_priv->context_idr, id); + ctx = (struct i915_hw_context *)idr_find(&file_priv->context_idr, id); + if (!ctx) + return ERR_PTR(-ENOENT); + + return ctx; } static inline int @@ -774,9 +780,9 @@ int i915_gem_context_destroy_ioctl(struct drm_device *dev, void *data, return ret; ctx = i915_gem_context_get(file_priv, args->ctx_id); - if (!ctx) { + if (IS_ERR(ctx)) { mutex_unlock(&dev->struct_mutex); - return -ENOENT; + return PTR_ERR(ctx); } idr_remove(&ctx->file_priv->context_idr, ctx->id); -- 1.8.5.2 ^ permalink raw reply related [flat|nested] 14+ messages in thread
* Re: [PATCH] [v2] drm/i915/ppgtt: Never return a NULL context 2014-01-01 5:46 ` [PATCH] [v2] " Ben Widawsky @ 2014-01-02 14:34 ` Mika Kuoppala 0 siblings, 0 replies; 14+ messages in thread From: Mika Kuoppala @ 2014-01-02 14:34 UTC (permalink / raw) To: Intel GFX; +Cc: Ben Widawsky, Ben Widawsky Ben Widawsky <benjamin.widawsky@intel.com> writes: > It makes all the code which calls into this function way too confusing. > > v2: Fix destroy IOCTL as well > callsite inside i915_gem_validate_context() and after it is called in i915_gem_do_execbuffer() are still confusing as they seem to expect NULL. Latter even tries to dig out error value from NULL. -- Mika > Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=72903 > Signed-off-by: Ben Widawsky <ben@bwidawsk.net> > --- > drivers/gpu/drm/i915/i915_gem_context.c | 12 +++++++++--- > 1 file changed, 9 insertions(+), 3 deletions(-) > > diff --git a/drivers/gpu/drm/i915/i915_gem_context.c b/drivers/gpu/drm/i915/i915_gem_context.c > index a90a0a1..f3ac9a2 100644 > --- a/drivers/gpu/drm/i915/i915_gem_context.c > +++ b/drivers/gpu/drm/i915/i915_gem_context.c > @@ -524,10 +524,16 @@ void i915_gem_context_close(struct drm_device *dev, struct drm_file *file) > struct i915_hw_context * > i915_gem_context_get(struct drm_i915_file_private *file_priv, u32 id) > { > + struct i915_hw_context *ctx; > + > if (!HAS_HW_CONTEXTS(file_priv->dev_priv->dev)) > return file_priv->private_default_ctx; > > - return (struct i915_hw_context *)idr_find(&file_priv->context_idr, id); > + ctx = (struct i915_hw_context *)idr_find(&file_priv->context_idr, id); > + if (!ctx) > + return ERR_PTR(-ENOENT); > + > + return ctx; > } > > static inline int > @@ -774,9 +780,9 @@ int i915_gem_context_destroy_ioctl(struct drm_device *dev, void *data, > return ret; > > ctx = i915_gem_context_get(file_priv, args->ctx_id); > - if (!ctx) { > + if (IS_ERR(ctx)) { > mutex_unlock(&dev->struct_mutex); > - return -ENOENT; > + return PTR_ERR(ctx); > } > > idr_remove(&ctx->file_priv->context_idr, ctx->id); > -- > 1.8.5.2 > > _______________________________________________ > Intel-gfx mailing list > Intel-gfx@lists.freedesktop.org > http://lists.freedesktop.org/mailman/listinfo/intel-gfx ^ permalink raw reply [flat|nested] 14+ messages in thread
[parent not found: <to=1388555170-19936-1-git-send-email-benjamin.widawsky@intel.com>]
* [PATCH] [v2] drm/i915/ppgtt: Never return a NULL context [not found] <to=1388555170-19936-1-git-send-email-benjamin.widawsky@intel.com> @ 2014-01-03 5:50 ` Ben Widawsky 2014-01-03 12:07 ` Mika Kuoppala 0 siblings, 1 reply; 14+ messages in thread From: Ben Widawsky @ 2014-01-03 5:50 UTC (permalink / raw) To: Intel GFX; +Cc: Ben Widawsky, Ben Widawsky It makes all the code which calls into this function way too confusing. v2: Fix destroy IOCTL as well v3: Clarify the other two callers of i915_gem_context_get() to never check for NULL. (Mika) Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=72903 Signed-off-by: Ben Widawsky <ben@bwidawsk.net> --- drivers/gpu/drm/i915/i915_gem_context.c | 12 +++++++++--- drivers/gpu/drm/i915/i915_gem_execbuffer.c | 4 ++-- 2 files changed, 11 insertions(+), 5 deletions(-) diff --git a/drivers/gpu/drm/i915/i915_gem_context.c b/drivers/gpu/drm/i915/i915_gem_context.c index ebe0f67..44dddc00 100644 --- a/drivers/gpu/drm/i915/i915_gem_context.c +++ b/drivers/gpu/drm/i915/i915_gem_context.c @@ -526,10 +526,16 @@ void i915_gem_context_close(struct drm_device *dev, struct drm_file *file) struct i915_hw_context * i915_gem_context_get(struct drm_i915_file_private *file_priv, u32 id) { + struct i915_hw_context *ctx; + if (!HAS_HW_CONTEXTS(file_priv->dev_priv->dev)) return file_priv->private_default_ctx; - return (struct i915_hw_context *)idr_find(&file_priv->context_idr, id); + ctx = (struct i915_hw_context *)idr_find(&file_priv->context_idr, id); + if (!ctx) + return ERR_PTR(-ENOENT); + + return ctx; } static inline int @@ -776,9 +782,9 @@ int i915_gem_context_destroy_ioctl(struct drm_device *dev, void *data, return ret; ctx = i915_gem_context_get(file_priv, args->ctx_id); - if (!ctx) { + if (IS_ERR(ctx)) { mutex_unlock(&dev->struct_mutex); - return -ENOENT; + return PTR_ERR(ctx); } idr_remove(&ctx->file_priv->context_idr, ctx->id); diff --git a/drivers/gpu/drm/i915/i915_gem_execbuffer.c b/drivers/gpu/drm/i915/i915_gem_execbuffer.c index bbff8f9..c30a6ee 100644 --- a/drivers/gpu/drm/i915/i915_gem_execbuffer.c +++ b/drivers/gpu/drm/i915/i915_gem_execbuffer.c @@ -916,7 +916,7 @@ i915_gem_validate_context(struct drm_device *dev, struct drm_file *file, return ERR_PTR(-EINVAL); ctx = i915_gem_context_get(file->driver_priv, ctx_id); - if (IS_ERR_OR_NULL(ctx)) + if (IS_ERR(ctx)) return ctx; hs = &ctx->hang_stats; @@ -1126,7 +1126,7 @@ i915_gem_do_execbuffer(struct drm_device *dev, void *data, } ctx = i915_gem_validate_context(dev, file, ring, ctx_id); - if (IS_ERR_OR_NULL(ctx)) { + if (IS_ERR(ctx)) { mutex_unlock(&dev->struct_mutex); ret = PTR_ERR(ctx); goto pre_mutex_err; -- 1.8.5.2 ^ permalink raw reply related [flat|nested] 14+ messages in thread
* Re: [PATCH] [v2] drm/i915/ppgtt: Never return a NULL context 2014-01-03 5:50 ` Ben Widawsky @ 2014-01-03 12:07 ` Mika Kuoppala 2014-01-07 7:51 ` Daniel Vetter 0 siblings, 1 reply; 14+ messages in thread From: Mika Kuoppala @ 2014-01-03 12:07 UTC (permalink / raw) To: Intel GFX; +Cc: Ben Widawsky, Ben Widawsky Ben Widawsky <benjamin.widawsky@intel.com> writes: > It makes all the code which calls into this function way too confusing. > > v2: Fix destroy IOCTL as well > > v3: Clarify the other two callers of i915_gem_context_get() to never > check for NULL. (Mika) > > Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=72903 > Signed-off-by: Ben Widawsky <ben@bwidawsk.net> Reviewed-by: Mika Kuoppala <mika.kuoppala@intel.com> > drivers/gpu/drm/i915/i915_gem_context.c | 12 +++++++++--- > drivers/gpu/drm/i915/i915_gem_execbuffer.c | 4 ++-- > 2 files changed, 11 insertions(+), 5 deletions(-) > > diff --git a/drivers/gpu/drm/i915/i915_gem_context.c b/drivers/gpu/drm/i915/i915_gem_context.c > index ebe0f67..44dddc00 100644 > --- a/drivers/gpu/drm/i915/i915_gem_context.c > +++ b/drivers/gpu/drm/i915/i915_gem_context.c > @@ -526,10 +526,16 @@ void i915_gem_context_close(struct drm_device *dev, struct drm_file *file) > struct i915_hw_context * > i915_gem_context_get(struct drm_i915_file_private *file_priv, u32 id) > { > + struct i915_hw_context *ctx; > + > if (!HAS_HW_CONTEXTS(file_priv->dev_priv->dev)) > return file_priv->private_default_ctx; > > - return (struct i915_hw_context *)idr_find(&file_priv->context_idr, id); > + ctx = (struct i915_hw_context *)idr_find(&file_priv->context_idr, id); > + if (!ctx) > + return ERR_PTR(-ENOENT); > + > + return ctx; > } > > static inline int > @@ -776,9 +782,9 @@ int i915_gem_context_destroy_ioctl(struct drm_device *dev, void *data, > return ret; > > ctx = i915_gem_context_get(file_priv, args->ctx_id); > - if (!ctx) { > + if (IS_ERR(ctx)) { > mutex_unlock(&dev->struct_mutex); > - return -ENOENT; > + return PTR_ERR(ctx); > } > > idr_remove(&ctx->file_priv->context_idr, ctx->id); > diff --git a/drivers/gpu/drm/i915/i915_gem_execbuffer.c b/drivers/gpu/drm/i915/i915_gem_execbuffer.c > index bbff8f9..c30a6ee 100644 > --- a/drivers/gpu/drm/i915/i915_gem_execbuffer.c > +++ b/drivers/gpu/drm/i915/i915_gem_execbuffer.c > @@ -916,7 +916,7 @@ i915_gem_validate_context(struct drm_device *dev, struct drm_file *file, > return ERR_PTR(-EINVAL); > > ctx = i915_gem_context_get(file->driver_priv, ctx_id); > - if (IS_ERR_OR_NULL(ctx)) > + if (IS_ERR(ctx)) > return ctx; > > hs = &ctx->hang_stats; > @@ -1126,7 +1126,7 @@ i915_gem_do_execbuffer(struct drm_device *dev, void *data, > } > > ctx = i915_gem_validate_context(dev, file, ring, ctx_id); > - if (IS_ERR_OR_NULL(ctx)) { > + if (IS_ERR(ctx)) { > mutex_unlock(&dev->struct_mutex); > ret = PTR_ERR(ctx); > goto pre_mutex_err; > -- > 1.8.5.2 ^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: [PATCH] [v2] drm/i915/ppgtt: Never return a NULL context 2014-01-03 12:07 ` Mika Kuoppala @ 2014-01-07 7:51 ` Daniel Vetter [not found] ` <CALNAZXq8EZ4Wmq2ONz08gNFcEv4Bi-JzBasEvnAKWEfEWyf_xw@mail.gmail.com> 0 siblings, 1 reply; 14+ messages in thread From: Daniel Vetter @ 2014-01-07 7:51 UTC (permalink / raw) To: Mika Kuoppala; +Cc: Intel GFX, Ben Widawsky, Ben Widawsky On Fri, Jan 03, 2014 at 02:07:47PM +0200, Mika Kuoppala wrote: > Ben Widawsky <benjamin.widawsky@intel.com> writes: > > > It makes all the code which calls into this function way too confusing. > > > > v2: Fix destroy IOCTL as well > > > > v3: Clarify the other two callers of i915_gem_context_get() to never > > check for NULL. (Mika) > > > > Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=72903 > > Signed-off-by: Ben Widawsky <ben@bwidawsk.net> > > Reviewed-by: Mika Kuoppala <mika.kuoppala@intel.com> Neither patch subject nor the commit message mention that this fixes a bug. Also, the Testcase: line at the bottom is missing. I've fixed this up. -Daniel > > > drivers/gpu/drm/i915/i915_gem_context.c | 12 +++++++++--- > > drivers/gpu/drm/i915/i915_gem_execbuffer.c | 4 ++-- > > 2 files changed, 11 insertions(+), 5 deletions(-) > > > > diff --git a/drivers/gpu/drm/i915/i915_gem_context.c b/drivers/gpu/drm/i915/i915_gem_context.c > > index ebe0f67..44dddc00 100644 > > --- a/drivers/gpu/drm/i915/i915_gem_context.c > > +++ b/drivers/gpu/drm/i915/i915_gem_context.c > > @@ -526,10 +526,16 @@ void i915_gem_context_close(struct drm_device *dev, struct drm_file *file) > > struct i915_hw_context * > > i915_gem_context_get(struct drm_i915_file_private *file_priv, u32 id) > > { > > + struct i915_hw_context *ctx; > > + > > if (!HAS_HW_CONTEXTS(file_priv->dev_priv->dev)) > > return file_priv->private_default_ctx; > > > > - return (struct i915_hw_context *)idr_find(&file_priv->context_idr, id); > > + ctx = (struct i915_hw_context *)idr_find(&file_priv->context_idr, id); > > + if (!ctx) > > + return ERR_PTR(-ENOENT); > > + > > + return ctx; > > } > > > > static inline int > > @@ -776,9 +782,9 @@ int i915_gem_context_destroy_ioctl(struct drm_device *dev, void *data, > > return ret; > > > > ctx = i915_gem_context_get(file_priv, args->ctx_id); > > - if (!ctx) { > > + if (IS_ERR(ctx)) { > > mutex_unlock(&dev->struct_mutex); > > - return -ENOENT; > > + return PTR_ERR(ctx); > > } > > > > idr_remove(&ctx->file_priv->context_idr, ctx->id); > > diff --git a/drivers/gpu/drm/i915/i915_gem_execbuffer.c b/drivers/gpu/drm/i915/i915_gem_execbuffer.c > > index bbff8f9..c30a6ee 100644 > > --- a/drivers/gpu/drm/i915/i915_gem_execbuffer.c > > +++ b/drivers/gpu/drm/i915/i915_gem_execbuffer.c > > @@ -916,7 +916,7 @@ i915_gem_validate_context(struct drm_device *dev, struct drm_file *file, > > return ERR_PTR(-EINVAL); > > > > ctx = i915_gem_context_get(file->driver_priv, ctx_id); > > - if (IS_ERR_OR_NULL(ctx)) > > + if (IS_ERR(ctx)) > > return ctx; > > > > hs = &ctx->hang_stats; > > @@ -1126,7 +1126,7 @@ i915_gem_do_execbuffer(struct drm_device *dev, void *data, > > } > > > > ctx = i915_gem_validate_context(dev, file, ring, ctx_id); > > - if (IS_ERR_OR_NULL(ctx)) { > > + if (IS_ERR(ctx)) { > > mutex_unlock(&dev->struct_mutex); > > ret = PTR_ERR(ctx); > > goto pre_mutex_err; > > -- > > 1.8.5.2 > _______________________________________________ > Intel-gfx mailing list > Intel-gfx@lists.freedesktop.org > http://lists.freedesktop.org/mailman/listinfo/intel-gfx -- Daniel Vetter Software Engineer, Intel Corporation +41 (0) 79 365 57 48 - http://blog.ffwll.ch ^ permalink raw reply [flat|nested] 14+ messages in thread
[parent not found: <CALNAZXq8EZ4Wmq2ONz08gNFcEv4Bi-JzBasEvnAKWEfEWyf_xw@mail.gmail.com>]
[parent not found: <CAKMK7uE9aai27U7jwGe0jK5AzjxKx40z8VyS1D4mr__a5x-Qeg@mail.gmail.com>]
* Re: [PATCH] [v2] drm/i915/ppgtt: Never return a NULL context [not found] ` <CAKMK7uE9aai27U7jwGe0jK5AzjxKx40z8VyS1D4mr__a5x-Qeg@mail.gmail.com> @ 2014-01-10 23:20 ` Daniel Vetter 0 siblings, 0 replies; 14+ messages in thread From: Daniel Vetter @ 2014-01-10 23:20 UTC (permalink / raw) To: Ben Widawsky; +Cc: intel-gfx Readding intel-gfx. On Sat, Jan 11, 2014 at 12:20 AM, Daniel Vetter <daniel@ffwll.ch> wrote: > On Fri, Jan 10, 2014 at 8:24 PM, Ben Widawsky > <benjamin.widawsky@intel.com> wrote: >> On Mon, Jan 6, 2014 at 11:51 PM, Daniel Vetter <daniel@ffwll.ch> wrote: >>> Neither patch subject nor the commit message mention that this fixes a >>> bug. Also, the Testcase: line at the bottom is missing. I've fixed this >>> up. >>> -Daniel >> >> I thought "Bugzilla" link implies it fixes a bug. > > Forcing people to read through bugzilla to figure out what exactly the > patch fixes and how is a bit unfriendly. Generally describing the why > and effects is much more important than than the what. > -Daniel > -- > Daniel Vetter > Software Engineer, Intel Corporation > +41 (0) 79 365 57 48 - http://blog.ffwll.ch -- Daniel Vetter Software Engineer, Intel Corporation +41 (0) 79 365 57 48 - http://blog.ffwll.ch ^ permalink raw reply [flat|nested] 14+ messages in thread
end of thread, other threads:[~2014-01-10 23:20 UTC | newest]
Thread overview: 14+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2013-12-19 23:22 [PATCH] drm/i915/ppgtt: Prevent NULL deref in reset ioctl Ben Widawsky
2013-12-20 6:05 ` Daniel Vetter
2013-12-20 6:55 ` Ben Widawsky
2013-12-20 14:11 ` Daniel Vetter
2013-12-20 14:37 ` Jani Nikula
2013-12-20 18:21 ` Ben Widawsky
2013-12-20 18:21 ` Ben Widawsky
2013-12-22 20:55 ` [PATCH] drm/i915/ppgtt: Never return a NULL context Ben Widawsky
2014-01-01 5:46 ` [PATCH] [v2] " Ben Widawsky
2014-01-02 14:34 ` Mika Kuoppala
[not found] <to=1388555170-19936-1-git-send-email-benjamin.widawsky@intel.com>
2014-01-03 5:50 ` Ben Widawsky
2014-01-03 12:07 ` Mika Kuoppala
2014-01-07 7:51 ` Daniel Vetter
[not found] ` <CALNAZXq8EZ4Wmq2ONz08gNFcEv4Bi-JzBasEvnAKWEfEWyf_xw@mail.gmail.com>
[not found] ` <CAKMK7uE9aai27U7jwGe0jK5AzjxKx40z8VyS1D4mr__a5x-Qeg@mail.gmail.com>
2014-01-10 23:20 ` Daniel Vetter
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox