Message ID | 1379585916-6521-2-git-send-email-daniel.vetter@ffwll.ch (mailing list archive) |
---|---|
State | New, archived |
Headers | show |
On Thu, 19 Sep 2013, Daniel Vetter <daniel.vetter@ffwll.ch> wrote: > No buffer overflows here, but better safe than sorry. > > Signed-off-by: Daniel Vetter <daniel.vetter@ffwll.ch> > --- > drivers/gpu/drm/i915/i915_gem_execbuffer.c | 5 +++-- > drivers/gpu/drm/i915/i915_gem_gtt.c | 8 ++++---- > drivers/gpu/drm/i915/i915_gem_tiling.c | 6 +++--- > drivers/gpu/drm/i915/i915_gpu_error.c | 4 ++-- > drivers/gpu/drm/i915/intel_display.c | 2 +- > 5 files changed, 13 insertions(+), 12 deletions(-) > > diff --git a/drivers/gpu/drm/i915/i915_gem_execbuffer.c b/drivers/gpu/drm/i915/i915_gem_execbuffer.c > index ee93357..a733118 100644 > --- a/drivers/gpu/drm/i915/i915_gem_execbuffer.c > +++ b/drivers/gpu/drm/i915/i915_gem_execbuffer.c > @@ -1047,7 +1047,8 @@ i915_gem_do_execbuffer(struct drm_device *dev, void *data, > return -EINVAL; > } > > - cliprects = kmalloc(args->num_cliprects * sizeof(*cliprects), > + cliprects = kcalloc(args->num_cliprects, > + sizeof(*cliprects), > GFP_KERNEL); > if (cliprects == NULL) { > ret = -ENOMEM; > @@ -1302,7 +1303,7 @@ i915_gem_execbuffer2(struct drm_device *dev, void *data, > return -EINVAL; > } > > - exec2_list = kmalloc(sizeof(*exec2_list)*args->buffer_count, > + exec2_list = kcalloc(args->buffer_count, sizeof(*exec2_list), > GFP_TEMPORARY | __GFP_NOWARN | __GFP_NORETRY); > if (exec2_list == NULL) > exec2_list = drm_malloc_ab(sizeof(*exec2_list), > diff --git a/drivers/gpu/drm/i915/i915_gem_gtt.c b/drivers/gpu/drm/i915/i915_gem_gtt.c > index 212f6d8..dafbdb7 100644 > --- a/drivers/gpu/drm/i915/i915_gem_gtt.c > +++ b/drivers/gpu/drm/i915/i915_gem_gtt.c > @@ -336,8 +336,8 @@ static int gen6_ppgtt_init(struct i915_hw_ppgtt *ppgtt) > ppgtt->base.insert_entries = gen6_ppgtt_insert_entries; > ppgtt->base.cleanup = gen6_ppgtt_cleanup; > ppgtt->base.scratch = dev_priv->gtt.base.scratch; > - ppgtt->pt_pages = kzalloc(sizeof(struct page *)*ppgtt->num_pd_entries, > - GFP_KERNEL); > + ppgtt->pt_pages = kcalloc(ppgtt->num_pd_entries, sizeof(struct page *), > + GFP_KERNEL | __GFP_ZERO); kcalloc implies __GFP_ZERO, specifying it is redundant. Ditto below. This also means this patch does a bunch of zeroing that's strictly not necessary. > if (!ppgtt->pt_pages) > return -ENOMEM; > > @@ -347,8 +347,8 @@ static int gen6_ppgtt_init(struct i915_hw_ppgtt *ppgtt) > goto err_pt_alloc; > } > > - ppgtt->pt_dma_addr = kzalloc(sizeof(dma_addr_t) *ppgtt->num_pd_entries, > - GFP_KERNEL); > + ppgtt->pt_dma_addr = kcalloc(ppgtt->num_pd_entries, sizeof(dma_addr_t), > + GFP_KERNEL | __GFP_ZERO); > if (!ppgtt->pt_dma_addr) > goto err_pt_alloc; > > diff --git a/drivers/gpu/drm/i915/i915_gem_tiling.c b/drivers/gpu/drm/i915/i915_gem_tiling.c > index 032e9ef..ac9ebe9 100644 > --- a/drivers/gpu/drm/i915/i915_gem_tiling.c > +++ b/drivers/gpu/drm/i915/i915_gem_tiling.c > @@ -393,7 +393,7 @@ i915_gem_set_tiling(struct drm_device *dev, void *data, > /* Try to preallocate memory required to save swizzling on put-pages */ > if (i915_gem_object_needs_bit17_swizzle(obj)) { > if (obj->bit_17 == NULL) { > - obj->bit_17 = kmalloc(BITS_TO_LONGS(obj->base.size >> PAGE_SHIFT) * > + obj->bit_17 = kcalloc(BITS_TO_LONGS(obj->base.size >> PAGE_SHIFT), > sizeof(long), GFP_KERNEL); > } > } else { > @@ -504,8 +504,8 @@ i915_gem_object_save_bit_17_swizzle(struct drm_i915_gem_object *obj) > int i; > > if (obj->bit_17 == NULL) { > - obj->bit_17 = kmalloc(BITS_TO_LONGS(page_count) * > - sizeof(long), GFP_KERNEL); > + obj->bit_17 = kcalloc(BITS_TO_LONGS(page_count), > + sizeof(long), GFP_KERNEL); > if (obj->bit_17 == NULL) { > DRM_ERROR("Failed to allocate memory for bit 17 " > "record\n"); > diff --git a/drivers/gpu/drm/i915/i915_gpu_error.c b/drivers/gpu/drm/i915/i915_gpu_error.c > index c38d575..763283e 100644 > --- a/drivers/gpu/drm/i915/i915_gpu_error.c > +++ b/drivers/gpu/drm/i915/i915_gpu_error.c > @@ -791,7 +791,7 @@ static void i915_gem_record_rings(struct drm_device *dev, > > error->ring[i].num_requests = count; > error->ring[i].requests = > - kmalloc(count*sizeof(struct drm_i915_error_request), > + kcalloc(count, sizeof(error->ring[i].requests), Crash boom bang. BR, Jani. > GFP_ATOMIC); > if (error->ring[i].requests == NULL) { > error->ring[i].num_requests = 0; > @@ -833,7 +833,7 @@ static void i915_gem_capture_vm(struct drm_i915_private *dev_priv, > error->pinned_bo_count[ndx] = i - error->active_bo_count[ndx]; > > if (i) { > - active_bo = kmalloc(sizeof(*active_bo)*i, GFP_ATOMIC); > + active_bo = kcalloc(i, sizeof(*active_bo), GFP_ATOMIC); > if (active_bo) > pinned_bo = active_bo + error->active_bo_count[ndx]; > } > diff --git a/drivers/gpu/drm/i915/intel_display.c b/drivers/gpu/drm/i915/intel_display.c > index fe8db37..6b8a107 100644 > --- a/drivers/gpu/drm/i915/intel_display.c > +++ b/drivers/gpu/drm/i915/intel_display.c > @@ -9031,7 +9031,7 @@ static int __intel_set_mode(struct drm_crtc *crtc, > unsigned disable_pipes, prepare_pipes, modeset_pipes; > int ret = 0; > > - saved_mode = kmalloc(2 * sizeof(*saved_mode), GFP_KERNEL); > + saved_mode = kcalloc(2, sizeof(*saved_mode), GFP_KERNEL); > if (!saved_mode) > return -ENOMEM; > saved_hwmode = saved_mode + 1; > -- > 1.8.4.rc3 > > _______________________________________________ > Intel-gfx mailing list > Intel-gfx@lists.freedesktop.org > http://lists.freedesktop.org/mailman/listinfo/intel-gfx
On Thu, Sep 19, 2013 at 12:18:33PM +0200, Daniel Vetter wrote:
> No buffer overflows here, but better safe than sorry.
You are also introducing needless memsets.
-Chris
On Thu, Sep 19, 2013 at 01:38:18PM +0300, Jani Nikula wrote: > On Thu, 19 Sep 2013, Daniel Vetter <daniel.vetter@ffwll.ch> wrote: > > diff --git a/drivers/gpu/drm/i915/i915_gpu_error.c b/drivers/gpu/drm/i915/i915_gpu_error.c > > index c38d575..763283e 100644 > > --- a/drivers/gpu/drm/i915/i915_gpu_error.c > > +++ b/drivers/gpu/drm/i915/i915_gpu_error.c > > @@ -791,7 +791,7 @@ static void i915_gem_record_rings(struct drm_device *dev, > > > > error->ring[i].num_requests = count; > > error->ring[i].requests = > > - kmalloc(count*sizeof(struct drm_i915_error_request), > > + kcalloc(count, sizeof(error->ring[i].requests), > > Crash boom bang. Not quite. This is evaluated at compile time by parsing the type rather than by pointer dereference. -Chris
On Thu, 19 Sep 2013, Chris Wilson <chris@chris-wilson.co.uk> wrote: > On Thu, Sep 19, 2013 at 01:38:18PM +0300, Jani Nikula wrote: >> On Thu, 19 Sep 2013, Daniel Vetter <daniel.vetter@ffwll.ch> wrote: >> > diff --git a/drivers/gpu/drm/i915/i915_gpu_error.c b/drivers/gpu/drm/i915/i915_gpu_error.c >> > index c38d575..763283e 100644 >> > --- a/drivers/gpu/drm/i915/i915_gpu_error.c >> > +++ b/drivers/gpu/drm/i915/i915_gpu_error.c >> > @@ -791,7 +791,7 @@ static void i915_gem_record_rings(struct drm_device *dev, >> > >> > error->ring[i].num_requests = count; >> > error->ring[i].requests = >> > - kmalloc(count*sizeof(struct drm_i915_error_request), >> > + kcalloc(count, sizeof(error->ring[i].requests), >> >> Crash boom bang. > > Not quite. This is evaluated at compile time by parsing the type rather > than by pointer dereference. Sizeof changes from sizeof(struct drm_i915_error_request) to sizeof(struct drm_i915_error_request *). It'll break something. Maybe not as spectacularly as I was implying. Jani.
On Thu, Sep 19, 2013 at 02:00:30PM +0300, Jani Nikula wrote: > On Thu, 19 Sep 2013, Chris Wilson <chris@chris-wilson.co.uk> wrote: > > On Thu, Sep 19, 2013 at 01:38:18PM +0300, Jani Nikula wrote: > >> On Thu, 19 Sep 2013, Daniel Vetter <daniel.vetter@ffwll.ch> wrote: > >> > diff --git a/drivers/gpu/drm/i915/i915_gpu_error.c b/drivers/gpu/drm/i915/i915_gpu_error.c > >> > index c38d575..763283e 100644 > >> > --- a/drivers/gpu/drm/i915/i915_gpu_error.c > >> > +++ b/drivers/gpu/drm/i915/i915_gpu_error.c > >> > @@ -791,7 +791,7 @@ static void i915_gem_record_rings(struct drm_device *dev, > >> > > >> > error->ring[i].num_requests = count; > >> > error->ring[i].requests = > >> > - kmalloc(count*sizeof(struct drm_i915_error_request), > >> > + kcalloc(count, sizeof(error->ring[i].requests), > >> > >> Crash boom bang. > > > > Not quite. This is evaluated at compile time by parsing the type rather > > than by pointer dereference. > > Sizeof changes from sizeof(struct drm_i915_error_request) to > sizeof(struct drm_i915_error_request *). It'll break something. Maybe > not as spectacularly as I was implying. Apologies, I automatically go into CLANG is a not a valid C compiler mode... sizeof(*error->ring[i].requests) -Chris
On Thu, Sep 19, 2013 at 11:46:55AM +0100, Chris Wilson wrote: > On Thu, Sep 19, 2013 at 12:18:33PM +0200, Daniel Vetter wrote: > > No buffer overflows here, but better safe than sorry. > > You are also introducing needless memsets. Meh, somehow I've thought kcalloc won't zero. I'll drop the redundant GFP_ZEROs that Jani spotted and switch kcalloc to kmalloc_array in the place we care about speed and want to avoid the memset. -Daniel
diff --git a/drivers/gpu/drm/i915/i915_gem_execbuffer.c b/drivers/gpu/drm/i915/i915_gem_execbuffer.c index ee93357..a733118 100644 --- a/drivers/gpu/drm/i915/i915_gem_execbuffer.c +++ b/drivers/gpu/drm/i915/i915_gem_execbuffer.c @@ -1047,7 +1047,8 @@ i915_gem_do_execbuffer(struct drm_device *dev, void *data, return -EINVAL; } - cliprects = kmalloc(args->num_cliprects * sizeof(*cliprects), + cliprects = kcalloc(args->num_cliprects, + sizeof(*cliprects), GFP_KERNEL); if (cliprects == NULL) { ret = -ENOMEM; @@ -1302,7 +1303,7 @@ i915_gem_execbuffer2(struct drm_device *dev, void *data, return -EINVAL; } - exec2_list = kmalloc(sizeof(*exec2_list)*args->buffer_count, + exec2_list = kcalloc(args->buffer_count, sizeof(*exec2_list), GFP_TEMPORARY | __GFP_NOWARN | __GFP_NORETRY); if (exec2_list == NULL) exec2_list = drm_malloc_ab(sizeof(*exec2_list), diff --git a/drivers/gpu/drm/i915/i915_gem_gtt.c b/drivers/gpu/drm/i915/i915_gem_gtt.c index 212f6d8..dafbdb7 100644 --- a/drivers/gpu/drm/i915/i915_gem_gtt.c +++ b/drivers/gpu/drm/i915/i915_gem_gtt.c @@ -336,8 +336,8 @@ static int gen6_ppgtt_init(struct i915_hw_ppgtt *ppgtt) ppgtt->base.insert_entries = gen6_ppgtt_insert_entries; ppgtt->base.cleanup = gen6_ppgtt_cleanup; ppgtt->base.scratch = dev_priv->gtt.base.scratch; - ppgtt->pt_pages = kzalloc(sizeof(struct page *)*ppgtt->num_pd_entries, - GFP_KERNEL); + ppgtt->pt_pages = kcalloc(ppgtt->num_pd_entries, sizeof(struct page *), + GFP_KERNEL | __GFP_ZERO); if (!ppgtt->pt_pages) return -ENOMEM; @@ -347,8 +347,8 @@ static int gen6_ppgtt_init(struct i915_hw_ppgtt *ppgtt) goto err_pt_alloc; } - ppgtt->pt_dma_addr = kzalloc(sizeof(dma_addr_t) *ppgtt->num_pd_entries, - GFP_KERNEL); + ppgtt->pt_dma_addr = kcalloc(ppgtt->num_pd_entries, sizeof(dma_addr_t), + GFP_KERNEL | __GFP_ZERO); if (!ppgtt->pt_dma_addr) goto err_pt_alloc; diff --git a/drivers/gpu/drm/i915/i915_gem_tiling.c b/drivers/gpu/drm/i915/i915_gem_tiling.c index 032e9ef..ac9ebe9 100644 --- a/drivers/gpu/drm/i915/i915_gem_tiling.c +++ b/drivers/gpu/drm/i915/i915_gem_tiling.c @@ -393,7 +393,7 @@ i915_gem_set_tiling(struct drm_device *dev, void *data, /* Try to preallocate memory required to save swizzling on put-pages */ if (i915_gem_object_needs_bit17_swizzle(obj)) { if (obj->bit_17 == NULL) { - obj->bit_17 = kmalloc(BITS_TO_LONGS(obj->base.size >> PAGE_SHIFT) * + obj->bit_17 = kcalloc(BITS_TO_LONGS(obj->base.size >> PAGE_SHIFT), sizeof(long), GFP_KERNEL); } } else { @@ -504,8 +504,8 @@ i915_gem_object_save_bit_17_swizzle(struct drm_i915_gem_object *obj) int i; if (obj->bit_17 == NULL) { - obj->bit_17 = kmalloc(BITS_TO_LONGS(page_count) * - sizeof(long), GFP_KERNEL); + obj->bit_17 = kcalloc(BITS_TO_LONGS(page_count), + sizeof(long), GFP_KERNEL); if (obj->bit_17 == NULL) { DRM_ERROR("Failed to allocate memory for bit 17 " "record\n"); diff --git a/drivers/gpu/drm/i915/i915_gpu_error.c b/drivers/gpu/drm/i915/i915_gpu_error.c index c38d575..763283e 100644 --- a/drivers/gpu/drm/i915/i915_gpu_error.c +++ b/drivers/gpu/drm/i915/i915_gpu_error.c @@ -791,7 +791,7 @@ static void i915_gem_record_rings(struct drm_device *dev, error->ring[i].num_requests = count; error->ring[i].requests = - kmalloc(count*sizeof(struct drm_i915_error_request), + kcalloc(count, sizeof(error->ring[i].requests), GFP_ATOMIC); if (error->ring[i].requests == NULL) { error->ring[i].num_requests = 0; @@ -833,7 +833,7 @@ static void i915_gem_capture_vm(struct drm_i915_private *dev_priv, error->pinned_bo_count[ndx] = i - error->active_bo_count[ndx]; if (i) { - active_bo = kmalloc(sizeof(*active_bo)*i, GFP_ATOMIC); + active_bo = kcalloc(i, sizeof(*active_bo), GFP_ATOMIC); if (active_bo) pinned_bo = active_bo + error->active_bo_count[ndx]; } diff --git a/drivers/gpu/drm/i915/intel_display.c b/drivers/gpu/drm/i915/intel_display.c index fe8db37..6b8a107 100644 --- a/drivers/gpu/drm/i915/intel_display.c +++ b/drivers/gpu/drm/i915/intel_display.c @@ -9031,7 +9031,7 @@ static int __intel_set_mode(struct drm_crtc *crtc, unsigned disable_pipes, prepare_pipes, modeset_pipes; int ret = 0; - saved_mode = kmalloc(2 * sizeof(*saved_mode), GFP_KERNEL); + saved_mode = kcalloc(2, sizeof(*saved_mode), GFP_KERNEL); if (!saved_mode) return -ENOMEM; saved_hwmode = saved_mode + 1;
No buffer overflows here, but better safe than sorry. Signed-off-by: Daniel Vetter <daniel.vetter@ffwll.ch> --- drivers/gpu/drm/i915/i915_gem_execbuffer.c | 5 +++-- drivers/gpu/drm/i915/i915_gem_gtt.c | 8 ++++---- drivers/gpu/drm/i915/i915_gem_tiling.c | 6 +++--- drivers/gpu/drm/i915/i915_gpu_error.c | 4 ++-- drivers/gpu/drm/i915/intel_display.c | 2 +- 5 files changed, 13 insertions(+), 12 deletions(-)