| Message ID | 20240502154025.1425278-5-boris.brezillon@collabora.com (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
| Series | drm/panthor: Collection of tiler heap related fixes | expand |
On 02/05/2024 16:40, Boris Brezillon wrote: > The heap ID is used to index the heap context pool, and allocating > in the [1:MAX_HEAPS_PER_POOL] leads to an off-by-one. This was > originally to avoid returning a zero heap handle, but given the handle > is formed with (vm_id << 16) | heap_id, with vm_id > 0, we already can't > end up with a valid heap handle that's zero. > > v3: > - Allocate in the [0:MAX_HEAPS_PER_POOL-1] range > > v2: > - New patch > > Fixes: 9cca48fa4f89 ("drm/panthor: Add the heap logical block") > Reported-by: Eric Smith <eric.smith@collabora.com> > Signed-off-by: Boris Brezillon <boris.brezillon@collabora.com> > Tested-by: Eric Smith <eric.smith@collabora.com> Don't we also need to change the xa_init_flags() in panthor_heap_pool_create()? Steve > --- > drivers/gpu/drm/panthor/panthor_heap.c | 3 ++- > 1 file changed, 2 insertions(+), 1 deletion(-) > > diff --git a/drivers/gpu/drm/panthor/panthor_heap.c b/drivers/gpu/drm/panthor/panthor_heap.c > index 683bb94761bc..252332f5390f 100644 > --- a/drivers/gpu/drm/panthor/panthor_heap.c > +++ b/drivers/gpu/drm/panthor/panthor_heap.c > @@ -323,7 +323,8 @@ int panthor_heap_create(struct panthor_heap_pool *pool, > if (!pool->vm) { > ret = -EINVAL; > } else { > - ret = xa_alloc(&pool->xa, &id, heap, XA_LIMIT(1, MAX_HEAPS_PER_POOL), GFP_KERNEL); > + ret = xa_alloc(&pool->xa, &id, heap, > + XA_LIMIT(0, MAX_HEAPS_PER_POOL - 1), GFP_KERNEL); > if (!ret) { > void *gpu_ctx = panthor_get_heap_ctx(pool, id); >
On Thu, 2 May 2024 16:52:24 +0100 Steven Price <steven.price@arm.com> wrote: > On 02/05/2024 16:40, Boris Brezillon wrote: > > The heap ID is used to index the heap context pool, and allocating > > in the [1:MAX_HEAPS_PER_POOL] leads to an off-by-one. This was > > originally to avoid returning a zero heap handle, but given the handle > > is formed with (vm_id << 16) | heap_id, with vm_id > 0, we already can't > > end up with a valid heap handle that's zero. > > > > v3: > > - Allocate in the [0:MAX_HEAPS_PER_POOL-1] range > > > > v2: > > - New patch > > > > Fixes: 9cca48fa4f89 ("drm/panthor: Add the heap logical block") > > Reported-by: Eric Smith <eric.smith@collabora.com> > > Signed-off-by: Boris Brezillon <boris.brezillon@collabora.com> > > Tested-by: Eric Smith <eric.smith@collabora.com> > > Don't we also need to change the xa_init_flags() in > panthor_heap_pool_create()? Uh, we should, indeed. > > Steve > > > --- > > drivers/gpu/drm/panthor/panthor_heap.c | 3 ++- > > 1 file changed, 2 insertions(+), 1 deletion(-) > > > > diff --git a/drivers/gpu/drm/panthor/panthor_heap.c b/drivers/gpu/drm/panthor/panthor_heap.c > > index 683bb94761bc..252332f5390f 100644 > > --- a/drivers/gpu/drm/panthor/panthor_heap.c > > +++ b/drivers/gpu/drm/panthor/panthor_heap.c > > @@ -323,7 +323,8 @@ int panthor_heap_create(struct panthor_heap_pool *pool, > > if (!pool->vm) { > > ret = -EINVAL; > > } else { > > - ret = xa_alloc(&pool->xa, &id, heap, XA_LIMIT(1, MAX_HEAPS_PER_POOL), GFP_KERNEL); > > + ret = xa_alloc(&pool->xa, &id, heap, > > + XA_LIMIT(0, MAX_HEAPS_PER_POOL - 1), GFP_KERNEL); > > if (!ret) { > > void *gpu_ctx = panthor_get_heap_ctx(pool, id); > > >
diff --git a/drivers/gpu/drm/panthor/panthor_heap.c b/drivers/gpu/drm/panthor/panthor_heap.c index 683bb94761bc..252332f5390f 100644 --- a/drivers/gpu/drm/panthor/panthor_heap.c +++ b/drivers/gpu/drm/panthor/panthor_heap.c @@ -323,7 +323,8 @@ int panthor_heap_create(struct panthor_heap_pool *pool, if (!pool->vm) { ret = -EINVAL; } else { - ret = xa_alloc(&pool->xa, &id, heap, XA_LIMIT(1, MAX_HEAPS_PER_POOL), GFP_KERNEL); + ret = xa_alloc(&pool->xa, &id, heap, + XA_LIMIT(0, MAX_HEAPS_PER_POOL - 1), GFP_KERNEL); if (!ret) { void *gpu_ctx = panthor_get_heap_ctx(pool, id);
The heap ID is used to index the heap context pool, and allocating in the [1:MAX_HEAPS_PER_POOL] leads to an off-by-one. This was originally to avoid returning a zero heap handle, but given the handle is formed with (vm_id << 16) | heap_id, with vm_id > 0, we already can't end up with a valid heap handle that's zero. v3: - Allocate in the [0:MAX_HEAPS_PER_POOL-1] range v2: - New patch Fixes: 9cca48fa4f89 ("drm/panthor: Add the heap logical block") Reported-by: Eric Smith <eric.smith@collabora.com> Signed-off-by: Boris Brezillon <boris.brezillon@collabora.com> Tested-by: Eric Smith <eric.smith@collabora.com> --- drivers/gpu/drm/panthor/panthor_heap.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-)