* [PATCH] drm/i915/gt: Avoid redundant pointer validity check @ 2023-02-03 19:30 Deepak R Varma 2023-02-06 9:45 ` Tvrtko Ursulin 0 siblings, 1 reply; 5+ messages in thread From: Deepak R Varma @ 2023-02-03 19:30 UTC (permalink / raw) To: Jani Nikula, Joonas Lahtinen, Rodrigo Vivi, Tvrtko Ursulin, David Airlie, Daniel Vetter, intel-gfx, dri-devel, linux-kernel Cc: Saurabh Singh Sengar, Praveen Kumar, Deepak R Varma The macro definition of gen6_for_all_pdes() expands to a for loop such that it breaks when the page table is null. Hence there is no need to again test validity of the page table entry pointers in the pde list. This change is identified using itnull.cocci semantic patch. Signed-off-by: Deepak R Varma <drv@mailo.com> --- Please note: Proposed change is compile tested only. drivers/gpu/drm/i915/gt/gen6_ppgtt.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/drivers/gpu/drm/i915/gt/gen6_ppgtt.c b/drivers/gpu/drm/i915/gt/gen6_ppgtt.c index 5aaacc53fa4c..787b9e6d9f59 100644 --- a/drivers/gpu/drm/i915/gt/gen6_ppgtt.c +++ b/drivers/gpu/drm/i915/gt/gen6_ppgtt.c @@ -258,8 +258,7 @@ static void gen6_ppgtt_free_pd(struct gen6_ppgtt *ppgtt) u32 pde; gen6_for_all_pdes(pt, pd, pde) - if (pt) - free_pt(&ppgtt->base.vm, pt); + free_pt(&ppgtt->base.vm, pt); } static void gen6_ppgtt_cleanup(struct i915_address_space *vm) @@ -304,7 +303,7 @@ static void pd_vma_unbind(struct i915_address_space *vm, /* Free all no longer used page tables */ gen6_for_all_pdes(pt, ppgtt->base.pd, pde) { - if (!pt || atomic_read(&pt->used)) + if (atomic_read(&pt->used)) continue; free_pt(&ppgtt->base.vm, pt); -- 2.34.1 ^ permalink raw reply related [flat|nested] 5+ messages in thread
* Re: [PATCH] drm/i915/gt: Avoid redundant pointer validity check 2023-02-03 19:30 [PATCH] drm/i915/gt: Avoid redundant pointer validity check Deepak R Varma @ 2023-02-06 9:45 ` Tvrtko Ursulin 2023-02-06 10:33 ` Matthew Auld 0 siblings, 1 reply; 5+ messages in thread From: Tvrtko Ursulin @ 2023-02-06 9:45 UTC (permalink / raw) To: Deepak R Varma, Jani Nikula, Joonas Lahtinen, Rodrigo Vivi, David Airlie, Daniel Vetter, intel-gfx, dri-devel, linux-kernel, Matthew Auld, Thomas Hellstrom Cc: Saurabh Singh Sengar, Praveen Kumar Hi, Adding Matt & Thomas as potential candidates to review. Regards, Tvrtko On 03/02/2023 19:30, Deepak R Varma wrote: > The macro definition of gen6_for_all_pdes() expands to a for loop such > that it breaks when the page table is null. Hence there is no need to > again test validity of the page table entry pointers in the pde list. > This change is identified using itnull.cocci semantic patch. > > Signed-off-by: Deepak R Varma <drv@mailo.com> > --- > Please note: Proposed change is compile tested only. > > drivers/gpu/drm/i915/gt/gen6_ppgtt.c | 5 ++--- > 1 file changed, 2 insertions(+), 3 deletions(-) > > diff --git a/drivers/gpu/drm/i915/gt/gen6_ppgtt.c b/drivers/gpu/drm/i915/gt/gen6_ppgtt.c > index 5aaacc53fa4c..787b9e6d9f59 100644 > --- a/drivers/gpu/drm/i915/gt/gen6_ppgtt.c > +++ b/drivers/gpu/drm/i915/gt/gen6_ppgtt.c > @@ -258,8 +258,7 @@ static void gen6_ppgtt_free_pd(struct gen6_ppgtt *ppgtt) > u32 pde; > > gen6_for_all_pdes(pt, pd, pde) > - if (pt) > - free_pt(&ppgtt->base.vm, pt); > + free_pt(&ppgtt->base.vm, pt); > } > > static void gen6_ppgtt_cleanup(struct i915_address_space *vm) > @@ -304,7 +303,7 @@ static void pd_vma_unbind(struct i915_address_space *vm, > > /* Free all no longer used page tables */ > gen6_for_all_pdes(pt, ppgtt->base.pd, pde) { > - if (!pt || atomic_read(&pt->used)) > + if (atomic_read(&pt->used)) > continue; > > free_pt(&ppgtt->base.vm, pt); ^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [PATCH] drm/i915/gt: Avoid redundant pointer validity check 2023-02-06 9:45 ` Tvrtko Ursulin @ 2023-02-06 10:33 ` Matthew Auld 2023-02-06 18:42 ` Deepak R Varma 0 siblings, 1 reply; 5+ messages in thread From: Matthew Auld @ 2023-02-06 10:33 UTC (permalink / raw) To: Tvrtko Ursulin, Deepak R Varma, Jani Nikula, Joonas Lahtinen, Rodrigo Vivi, David Airlie, Daniel Vetter, intel-gfx, dri-devel, linux-kernel, Thomas Hellstrom Cc: Saurabh Singh Sengar, Praveen Kumar On 06/02/2023 09:45, Tvrtko Ursulin wrote: > > Hi, > > Adding Matt & Thomas as potential candidates to review. > > Regards, > > Tvrtko > > On 03/02/2023 19:30, Deepak R Varma wrote: >> The macro definition of gen6_for_all_pdes() expands to a for loop such >> that it breaks when the page table is null. Hence there is no need to >> again test validity of the page table entry pointers in the pde list. >> This change is identified using itnull.cocci semantic patch. >> >> Signed-off-by: Deepak R Varma <drv@mailo.com> >> --- >> Please note: Proposed change is compile tested only. >> >> drivers/gpu/drm/i915/gt/gen6_ppgtt.c | 5 ++--- >> 1 file changed, 2 insertions(+), 3 deletions(-) >> >> diff --git a/drivers/gpu/drm/i915/gt/gen6_ppgtt.c >> b/drivers/gpu/drm/i915/gt/gen6_ppgtt.c >> index 5aaacc53fa4c..787b9e6d9f59 100644 >> --- a/drivers/gpu/drm/i915/gt/gen6_ppgtt.c >> +++ b/drivers/gpu/drm/i915/gt/gen6_ppgtt.c >> @@ -258,8 +258,7 @@ static void gen6_ppgtt_free_pd(struct gen6_ppgtt >> *ppgtt) >> u32 pde; >> gen6_for_all_pdes(pt, pd, pde) >> - if (pt) >> - free_pt(&ppgtt->base.vm, pt); >> + free_pt(&ppgtt->base.vm, pt); >> } >> static void gen6_ppgtt_cleanup(struct i915_address_space *vm) >> @@ -304,7 +303,7 @@ static void pd_vma_unbind(struct >> i915_address_space *vm, >> /* Free all no longer used page tables */ >> gen6_for_all_pdes(pt, ppgtt->base.pd, pde) { >> - if (!pt || atomic_read(&pt->used)) >> + if (atomic_read(&pt->used)) Wow, I was really confused trying to remember how this all works. The gen6_for_all_pdes() does: (pt = i915_pt_entry(pd, iter), true) So NULL pt is expected, and does not 'break' here, since 'true' is always the value that decides whether to terminate the loop. So this patch would lead to NULL ptr deref, AFAICT. >> continue; >> free_pt(&ppgtt->base.vm, pt); ^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [PATCH] drm/i915/gt: Avoid redundant pointer validity check 2023-02-06 10:33 ` Matthew Auld @ 2023-02-06 18:42 ` Deepak R Varma 2023-02-06 18:53 ` Deepak R Varma 0 siblings, 1 reply; 5+ messages in thread From: Deepak R Varma @ 2023-02-06 18:42 UTC (permalink / raw) To: Matthew Auld Cc: Tvrtko Ursulin, Jani Nikula, Joonas Lahtinen, Rodrigo Vivi, David Airlie, Daniel Vetter, intel-gfx, dri-devel, linux-kernel, Thomas Hellstrom, Saurabh Singh Sengar, Praveen Kumar, Deepak R Varma On Mon, Feb 06, 2023 at 10:33:13AM +0000, Matthew Auld wrote: > On 06/02/2023 09:45, Tvrtko Ursulin wrote: > > > > Hi, > > > > Adding Matt & Thomas as potential candidates to review. > > > > Regards, > > > > Tvrtko > > > > On 03/02/2023 19:30, Deepak R Varma wrote: > > > The macro definition of gen6_for_all_pdes() expands to a for loop such > > > that it breaks when the page table is null. Hence there is no need to > > > again test validity of the page table entry pointers in the pde list. > > > This change is identified using itnull.cocci semantic patch. > > > > > > Signed-off-by: Deepak R Varma <drv@mailo.com> > > > --- > > > Please note: Proposed change is compile tested only. > > > > > > drivers/gpu/drm/i915/gt/gen6_ppgtt.c | 5 ++--- > > > 1 file changed, 2 insertions(+), 3 deletions(-) > > > > > > diff --git a/drivers/gpu/drm/i915/gt/gen6_ppgtt.c > > > b/drivers/gpu/drm/i915/gt/gen6_ppgtt.c > > > index 5aaacc53fa4c..787b9e6d9f59 100644 > > > --- a/drivers/gpu/drm/i915/gt/gen6_ppgtt.c > > > +++ b/drivers/gpu/drm/i915/gt/gen6_ppgtt.c > > > @@ -258,8 +258,7 @@ static void gen6_ppgtt_free_pd(struct gen6_ppgtt > > > *ppgtt) > > > u32 pde; > > > gen6_for_all_pdes(pt, pd, pde) > > > - if (pt) > > > - free_pt(&ppgtt->base.vm, pt); > > > + free_pt(&ppgtt->base.vm, pt); > > > } > > > static void gen6_ppgtt_cleanup(struct i915_address_space *vm) > > > @@ -304,7 +303,7 @@ static void pd_vma_unbind(struct > > > i915_address_space *vm, > > > /* Free all no longer used page tables */ > > > gen6_for_all_pdes(pt, ppgtt->base.pd, pde) { > > > - if (!pt || atomic_read(&pt->used)) > > > + if (atomic_read(&pt->used)) > > Wow, I was really confused trying to remember how this all works. > > The gen6_for_all_pdes() does: > > (pt = i915_pt_entry(pd, iter), true) > > So NULL pt is expected, and does not 'break' here, since 'true' is always > the value that decides whether to terminate the loop. So this patch would > lead to NULL ptr deref, AFAICT. Hello Matt, I understand it now. I was misreading the true as part of the function argument. Could you please also comment if the implementation of gen6_ppgtt_free_pd() in the same file is safe? It doesn't appear to have an check on pt validity here. Thank you, deepak. > > > > > > continue; > > > free_pt(&ppgtt->base.vm, pt); ^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [PATCH] drm/i915/gt: Avoid redundant pointer validity check 2023-02-06 18:42 ` Deepak R Varma @ 2023-02-06 18:53 ` Deepak R Varma 0 siblings, 0 replies; 5+ messages in thread From: Deepak R Varma @ 2023-02-06 18:53 UTC (permalink / raw) To: Matthew Auld Cc: Tvrtko Ursulin, Jani Nikula, Joonas Lahtinen, Rodrigo Vivi, David Airlie, Daniel Vetter, intel-gfx, dri-devel, linux-kernel, Thomas Hellstrom, Saurabh Singh Sengar, Praveen Kumar On Tue, Feb 07, 2023 at 12:12:18AM +0530, Deepak R Varma wrote: > On Mon, Feb 06, 2023 at 10:33:13AM +0000, Matthew Auld wrote: > > On 06/02/2023 09:45, Tvrtko Ursulin wrote: > > > > > > Hi, > > > > > > Adding Matt & Thomas as potential candidates to review. > > > > > > Regards, > > > > > > Tvrtko > > > > > > On 03/02/2023 19:30, Deepak R Varma wrote: > > > > The macro definition of gen6_for_all_pdes() expands to a for loop such > > > > that it breaks when the page table is null. Hence there is no need to > > > > again test validity of the page table entry pointers in the pde list. > > > > This change is identified using itnull.cocci semantic patch. > > > > > > > > Signed-off-by: Deepak R Varma <drv@mailo.com> > > > > --- > > > > Please note: Proposed change is compile tested only. > > > > > > > > drivers/gpu/drm/i915/gt/gen6_ppgtt.c | 5 ++--- > > > > 1 file changed, 2 insertions(+), 3 deletions(-) > > > > > > > > diff --git a/drivers/gpu/drm/i915/gt/gen6_ppgtt.c > > > > b/drivers/gpu/drm/i915/gt/gen6_ppgtt.c > > > > index 5aaacc53fa4c..787b9e6d9f59 100644 > > > > --- a/drivers/gpu/drm/i915/gt/gen6_ppgtt.c > > > > +++ b/drivers/gpu/drm/i915/gt/gen6_ppgtt.c > > > > @@ -258,8 +258,7 @@ static void gen6_ppgtt_free_pd(struct gen6_ppgtt > > > > *ppgtt) > > > > u32 pde; > > > > gen6_for_all_pdes(pt, pd, pde) > > > > - if (pt) > > > > - free_pt(&ppgtt->base.vm, pt); > > > > + free_pt(&ppgtt->base.vm, pt); > > > > } > > > > static void gen6_ppgtt_cleanup(struct i915_address_space *vm) > > > > @@ -304,7 +303,7 @@ static void pd_vma_unbind(struct > > > > i915_address_space *vm, > > > > /* Free all no longer used page tables */ > > > > gen6_for_all_pdes(pt, ppgtt->base.pd, pde) { > > > > - if (!pt || atomic_read(&pt->used)) > > > > + if (atomic_read(&pt->used)) > > > > Wow, I was really confused trying to remember how this all works. > > > > The gen6_for_all_pdes() does: > > > > (pt = i915_pt_entry(pd, iter), true) > > > > So NULL pt is expected, and does not 'break' here, since 'true' is always > > the value that decides whether to terminate the loop. So this patch would > > lead to NULL ptr deref, AFAICT. > > Hello Matt, > I understand it now. I was misreading the true as part of the function argument. > Could you please also comment if the implementation of gen6_ppgtt_free_pd() in > the same file is safe? It doesn't appear to have an check on pt validity here. Please ignore the question. I understand it now. My apologies for inconvenience. The patch is invalid and can be dropped. deepak. > > Thank you, > deepak. > > > > > > > > > > > continue; > > > > free_pt(&ppgtt->base.vm, pt); ^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2023-02-06 18:53 UTC | newest] Thread overview: 5+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2023-02-03 19:30 [PATCH] drm/i915/gt: Avoid redundant pointer validity check Deepak R Varma 2023-02-06 9:45 ` Tvrtko Ursulin 2023-02-06 10:33 ` Matthew Auld 2023-02-06 18:42 ` Deepak R Varma 2023-02-06 18:53 ` Deepak R Varma
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox