| Message ID | 20220425162430.28844-2-ramalingam.c@intel.com (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
| Series | Flat-CCS eviction enhancements | expand |
On 25/04/2022 17:24, Ramalingam C wrote: > While locating the start of ccs scatterlist in smem scatterlist, that has > to be the size of lmem obj size + corresponding ccs data size. Report bug > if scatterlist terminate before that length. > > Signed-off-by: Ramalingam C <ramalingam.c@intel.com> > --- > drivers/gpu/drm/i915/gt/intel_migrate.c | 6 ++++++ > 1 file changed, 6 insertions(+) > > diff --git a/drivers/gpu/drm/i915/gt/intel_migrate.c b/drivers/gpu/drm/i915/gt/intel_migrate.c > index 9d552f30b627..29d761da02c4 100644 > --- a/drivers/gpu/drm/i915/gt/intel_migrate.c > +++ b/drivers/gpu/drm/i915/gt/intel_migrate.c > @@ -687,6 +687,12 @@ static void get_ccs_sg_sgt(struct sgt_dma *it, u32 bytes_to_cpy) > bytes_to_cpy -= len; > > it->sg = __sg_next(it->sg); > + > + /* > + * scatterlist supposed to be the size of > + * bytes_to_cpy + GET_CCS_BYTES(bytes_to_copy). > + */ > + GEM_BUG_ON(!it->sg); It will crash and burn anyway, with the below NULL deref. Not sure if BUG_ON() is really much better, but I guess with the additional comment, Reviewed-by: Matthew Auld <matthew.auld@intel.com> > it->dma = sg_dma_address(it->sg); > it->max = it->dma + sg_dma_len(it->sg); > } while (bytes_to_cpy);
diff --git a/drivers/gpu/drm/i915/gt/intel_migrate.c b/drivers/gpu/drm/i915/gt/intel_migrate.c index 9d552f30b627..29d761da02c4 100644 --- a/drivers/gpu/drm/i915/gt/intel_migrate.c +++ b/drivers/gpu/drm/i915/gt/intel_migrate.c @@ -687,6 +687,12 @@ static void get_ccs_sg_sgt(struct sgt_dma *it, u32 bytes_to_cpy) bytes_to_cpy -= len; it->sg = __sg_next(it->sg); + + /* + * scatterlist supposed to be the size of + * bytes_to_cpy + GET_CCS_BYTES(bytes_to_copy). + */ + GEM_BUG_ON(!it->sg); it->dma = sg_dma_address(it->sg); it->max = it->dma + sg_dma_len(it->sg); } while (bytes_to_cpy);
While locating the start of ccs scatterlist in smem scatterlist, that has to be the size of lmem obj size + corresponding ccs data size. Report bug if scatterlist terminate before that length. Signed-off-by: Ramalingam C <ramalingam.c@intel.com> --- drivers/gpu/drm/i915/gt/intel_migrate.c | 6 ++++++ 1 file changed, 6 insertions(+)