Re: [Intel-gfx] [PATCH v15 0/6] Fixes integer overflow or integer truncation issues in page lookups, ttm place configuration and scatterlist creation

[Rodrigo Vivi <rodrigo.vivi@intel.com>]

On Wed, Dec 28, 2022 at 04:25:27PM +0200, Gwan-gyeong Mun wrote:
> This patch series fixes integer overflow or integer truncation issues in
> page lookups, ttm place configuration and scatterlist creation, etc.
> We need to check that we avoid integer overflows when looking up a page,
> and so fix all the instances where we have mistakenly used a plain integer
> instead of a more suitable long.
> And there is an impedance mismatch between the scatterlist API using
> unsigned int and our memory/page accounting in unsigned long. That is we
> may try to create a scatterlist for a large object that overflows returning
> a small table into which we try to fit very many pages. As the object size
> is under the control of userspace, we have to be prudent and catch the
> conversion errors. To catch the implicit truncation as we switch from
> unsigned long into the scatterlist's unsigned int, we use improved
> overflows_type check and report E2BIG prior to the operation. This is
> already used in our create ioctls to indicate if the uABI request is simply
> too large for the backing store. 
> And ttm place also has the same problem with scatterlist creation,
> and we fix the integer truncation problem with the way approached by
> scatterlist creation.
> And It corrects the error code to return -E2BIG when creating gem objects
> using ttm or shmem, if the size is too large in each case.
> 
> Linux 6.2 rc1 merged into drm-tip. I resend the same patch series as the
> previous version, except for one patch[1] included in Linux 6.2 rc1 from
> the previous v15 patch series.

v6.2-rc1 is on drm-tip through drm-intel-fixes and topic/core-for-CI.
But if this series depends on a patch in the v6.2-rc1 we need to wait
drm-next to backmerge it, then we backmerge drm-next into drm-intel-next
and drm-intel-gt-next. Only then we can merge this series.

> 
> There is no difference in the code from the previous version [2] that was
> updated to v15 version. And it has already been confirmed by the CI results
> of v15 that there is no regression caused by this patch series.
> 
> [1] https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/commit/?id=4b21d25bf519c9487935a664886956bb18f04f6d
> [2] https://patchwork.freedesktop.org/series/111963/
> 
> Chris Wilson (3):
>   drm/i915/gem: Typecheck page lookups
>   drm/i915: Check for integer truncation on scatterlist creation
>   drm/i915: Remove truncation warning for large objects
> 
> Gwan-gyeong Mun (3):
>   drm/i915: Check for integer truncation on the configuration of ttm
>     place
>   drm/i915: Check if the size is too big while creating shmem file
>   drm/i915: Use error code as -E2BIG when the size of gem ttm object is
>     too large
> 
>  drivers/gpu/drm/i915/gem/i915_gem_internal.c  |   7 +-
>  drivers/gpu/drm/i915/gem/i915_gem_object.c    |   7 +-
>  drivers/gpu/drm/i915/gem/i915_gem_object.h    | 303 +++++++++++++++---
>  drivers/gpu/drm/i915/gem/i915_gem_pages.c     |  27 +-
>  drivers/gpu/drm/i915/gem/i915_gem_phys.c      |   4 +
>  drivers/gpu/drm/i915/gem/i915_gem_shmem.c     |  23 +-
>  drivers/gpu/drm/i915/gem/i915_gem_ttm.c       |  20 +-
>  drivers/gpu/drm/i915/gem/i915_gem_userptr.c   |   6 +-
>  .../drm/i915/gem/selftests/huge_gem_object.c  |   6 +-
>  .../gpu/drm/i915/gem/selftests/huge_pages.c   |   8 +
>  .../drm/i915/gem/selftests/i915_gem_context.c |  12 +-
>  .../drm/i915/gem/selftests/i915_gem_mman.c    |   8 +-
>  .../drm/i915/gem/selftests/i915_gem_object.c  |   8 +-
>  drivers/gpu/drm/i915/gvt/dmabuf.c             |  10 +-
>  drivers/gpu/drm/i915/i915_gem.c               |  18 +-
>  drivers/gpu/drm/i915/i915_scatterlist.c       |   9 +
>  drivers/gpu/drm/i915/i915_vma.c               |   8 +-
>  drivers/gpu/drm/i915/intel_region_ttm.c       |  14 +
>  drivers/gpu/drm/i915/selftests/i915_gem_gtt.c |   4 +
>  drivers/gpu/drm/i915/selftests/scatterlist.c  |   4 +
>  20 files changed, 420 insertions(+), 86 deletions(-)
> 
> -- 
> 2.37.1
>