drivers/gpu/drm/i915/gem/i915_gem_context.c:2162:9-16: WARNING opportunity for memdup_user

public inbox for linux-kernel@vger.kernel.org
 help / color / mirror / Atom feed

From: kernel test robot <lkp@intel.com>
To: Tvrtko Ursulin <tvrtko.ursulin@intel.com>
Cc: oe-kbuild-all@lists.linux.dev, linux-kernel@vger.kernel.org,
	Rodrigo Vivi <rodrigo.vivi@intel.com>
Subject: drivers/gpu/drm/i915/gem/i915_gem_context.c:2162:9-16: WARNING opportunity for memdup_user
Date: Wed, 15 Jan 2025 12:51:43 +0800	[thread overview]
Message-ID: <202501151212.S309qHCR-lkp@intel.com> (raw)

tree:   https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master
head:   619f0b6fad524f08d493a98d55bac9ab8895e3a6
commit: 0f1bb41bf39695c84c83ce6f69e125b562d1d7ab drm/i915: Support replaying GPU hangs with captured context image
date:   8 months ago
config: x86_64-randconfig-101-20250115 (https://download.01.org/0day-ci/archive/20250115/202501151212.S309qHCR-lkp@intel.com/config)
compiler: gcc-12 (Debian 12.2.0-14) 12.2.0

If you fix the issue in a separate patch/commit (i.e. not just a new version of
the same patch/commit), kindly add following tags
| Reported-by: kernel test robot <lkp@intel.com>
| Closes: https://lore.kernel.org/oe-kbuild-all/202501151212.S309qHCR-lkp@intel.com/

cocci warnings: (new ones prefixed by >>)
>> drivers/gpu/drm/i915/gem/i915_gem_context.c:2162:9-16: WARNING opportunity for memdup_user

vim +2162 drivers/gpu/drm/i915/gem/i915_gem_context.c

  2108	
  2109	static int set_context_image(struct i915_gem_context *ctx,
  2110				     struct drm_i915_gem_context_param *args)
  2111	{
  2112		struct i915_gem_context_param_context_image user;
  2113		struct intel_context *ce;
  2114		struct file *shmem_state;
  2115		unsigned long lookup;
  2116		void *state;
  2117		int ret = 0;
  2118	
  2119		if (!IS_ENABLED(CONFIG_DRM_I915_REPLAY_GPU_HANGS_API))
  2120			return -EINVAL;
  2121	
  2122		if (!ctx->i915->params.enable_debug_only_api)
  2123			return -EINVAL;
  2124	
  2125		if (args->size < sizeof(user))
  2126			return -EINVAL;
  2127	
  2128		if (copy_from_user(&user, u64_to_user_ptr(args->value), sizeof(user)))
  2129			return -EFAULT;
  2130	
  2131		if (user.mbz)
  2132			return -EINVAL;
  2133	
  2134		if (user.flags & ~(I915_CONTEXT_IMAGE_FLAG_ENGINE_INDEX))
  2135			return -EINVAL;
  2136	
  2137		lookup = 0;
  2138		if (user.flags & I915_CONTEXT_IMAGE_FLAG_ENGINE_INDEX)
  2139			lookup |= LOOKUP_USER_INDEX;
  2140	
  2141		ce = lookup_user_engine(ctx, lookup, &user.engine);
  2142		if (IS_ERR(ce))
  2143			return PTR_ERR(ce);
  2144	
  2145		if (user.size < ce->engine->context_size) {
  2146			ret = -EINVAL;
  2147			goto out_ce;
  2148		}
  2149	
  2150		if (drm_WARN_ON_ONCE(&ctx->i915->drm,
  2151				     test_bit(CONTEXT_ALLOC_BIT, &ce->flags))) {
  2152			/*
  2153			 * This is racy but for a debug only API, if userspace is keen
  2154			 * to create and configure contexts, while simultaneously using
  2155			 * them from a second thread, let them suffer by potentially not
  2156			 * executing with the context image they just raced to apply.
  2157			 */
  2158			ret = -EBUSY;
  2159			goto out_ce;
  2160		}
  2161	
> 2162		state = kmalloc(ce->engine->context_size, GFP_KERNEL);
  2163		if (!state) {
  2164			ret = -ENOMEM;
  2165			goto out_ce;
  2166		}
  2167	
  2168		if (copy_from_user(state, u64_to_user_ptr(user.image),
  2169				   ce->engine->context_size)) {
  2170			ret = -EFAULT;
  2171			goto out_state;
  2172		}
  2173	
  2174		shmem_state = shmem_create_from_data(ce->engine->name,
  2175						     state, ce->engine->context_size);
  2176		if (IS_ERR(shmem_state)) {
  2177			ret = PTR_ERR(shmem_state);
  2178			goto out_state;
  2179		}
  2180	
  2181		if (intel_context_set_own_state(ce)) {
  2182			ret = -EBUSY;
  2183			fput(shmem_state);
  2184			goto out_state;
  2185		}
  2186	
  2187		ce->default_state = shmem_state;
  2188	
  2189		args->size = sizeof(user);
  2190	
  2191	out_state:
  2192		kfree(state);
  2193	out_ce:
  2194		intel_context_put(ce);
  2195		return ret;
  2196	}
  2197	

-- 
0-DAY CI Kernel Test Service
https://github.com/intel/lkp-tests/wiki

                 reply	other threads:[~2025-01-15  4:52 UTC|newest]

Thread overview: [no followups] expand[flat|nested]  mbox.gz  Atom feed

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=202501151212.S309qHCR-lkp@intel.com \
    --to=lkp@intel.com \
    --cc=linux-kernel@vger.kernel.org \
    --cc=oe-kbuild-all@lists.linux.dev \
    --cc=rodrigo.vivi@intel.com \
    --cc=tvrtko.ursulin@intel.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox