From patchwork Sat Jul 27 08:17:12 2013 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Maarten Lankhorst X-Patchwork-Id: 2834593 Return-Path: X-Original-To: patchwork-dri-devel@patchwork.kernel.org Delivered-To: patchwork-parsemail@patchwork1.web.kernel.org Received: from mail.kernel.org (mail.kernel.org [198.145.19.201]) by patchwork1.web.kernel.org (Postfix) with ESMTP id 647689F4D4 for ; Sat, 27 Jul 2013 08:17:30 +0000 (UTC) Received: from mail.kernel.org (localhost [127.0.0.1]) by mail.kernel.org (Postfix) with ESMTP id 7DC7220134 for ; Sat, 27 Jul 2013 08:17:29 +0000 (UTC) Received: from gabe.freedesktop.org (gabe.freedesktop.org [131.252.210.177]) by mail.kernel.org (Postfix) with ESMTP id 48B7120131 for ; Sat, 27 Jul 2013 08:17:28 +0000 (UTC) Received: from gabe.freedesktop.org (localhost [127.0.0.1]) by gabe.freedesktop.org (Postfix) with ESMTP id 21535E6497 for ; Sat, 27 Jul 2013 01:17:28 -0700 (PDT) X-Original-To: dri-devel@lists.freedesktop.org Delivered-To: dri-devel@lists.freedesktop.org Received: from youngberry.canonical.com (youngberry.canonical.com [91.189.89.112]) by gabe.freedesktop.org (Postfix) with ESMTP id 7DF86E5CDA for ; Sat, 27 Jul 2013 01:17:15 -0700 (PDT) Received: from 5ed49945.cm-7-5c.dynamic.ziggo.nl ([94.212.153.69] helo=[192.168.1.128]) by youngberry.canonical.com with esmtpsa (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1V2zgg-0007wo-Af; Sat, 27 Jul 2013 08:17:14 +0000 Message-ID: <51F38208.9010707@canonical.com> Date: Sat, 27 Jul 2013 10:17:12 +0200 From: Maarten Lankhorst User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20130623 Thunderbird/17.0.7 MIME-Version: 1.0 To: Dan Carpenter Subject: [PATCH] drm/nouveau: fix size check for cards without vm References: <20130724155516.GA14591@elgon.mountain> In-Reply-To: <20130724155516.GA14591@elgon.mountain> Cc: dri-devel@lists.freedesktop.org X-BeenThere: dri-devel@lists.freedesktop.org X-Mailman-Version: 2.1.13 Precedence: list List-Id: Direct Rendering Infrastructure - Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: dri-devel-bounces+patchwork-dri-devel=patchwork.kernel.org@lists.freedesktop.org Errors-To: dri-devel-bounces+patchwork-dri-devel=patchwork.kernel.org@lists.freedesktop.org X-Spam-Status: No, score=-5.7 required=5.0 tests=BAYES_00, RCVD_IN_DNSWL_MED, RP_MATCHES_RCVD, UNPARSEABLE_RELAY autolearn=unavailable version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on mail.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP Op 24-07-13 17:55, Dan Carpenter schreef: > Hello Maarten Lankhorst, > > This is a semi-automatic email about new static checker warnings. > > The patch 0108bc808107: "drm/nouveau: do not allow negative sizes for > now" from Jul 7, 2013, leads to the following Smatch complaint: > > drivers/gpu/drm/nouveau/nouveau_bo.c:222 nouveau_bo_new() > warn: variable dereferenced before check 'drm->client.base.vm' (see line 201) > > drivers/gpu/drm/nouveau/nouveau_bo.c > 200 int type = ttm_bo_type_device; > 201 int max_size = INT_MAX & ~((1 << drm->client.base.vm->vmm->lpg_shift) - 1); > ^^^^^^^^^^^^^^^^^^^ > New dereference. > > 202 > 203 if (size <= 0 || size > max_size) { > 204 nv_warn(drm, "skipped size %x\n", (u32)size); > 205 return -EINVAL; > 206 } > 207 > 208 if (sg) > 209 type = ttm_bo_type_sg; > 210 > 211 nvbo = kzalloc(sizeof(struct nouveau_bo), GFP_KERNEL); > 212 if (!nvbo) > 213 return -ENOMEM; > 214 INIT_LIST_HEAD(&nvbo->head); > 215 INIT_LIST_HEAD(&nvbo->entry); > 216 INIT_LIST_HEAD(&nvbo->vma_list); > 217 nvbo->tile_mode = tile_mode; > 218 nvbo->tile_flags = tile_flags; > 219 nvbo->bo.bdev = &drm->ttm.bdev; > 220 > 221 nvbo->page_shift = 12; > 222 if (drm->client.base.vm) { > ^^^^^^^^^^^^^^^^^^^ > Old check. > > 223 if (!(flags & TTM_PL_FLAG_TT) && size > 256 * 1024) > 224 nvbo->page_shift = drm->client.base.vm->vmm->lpg_shift; > > regards, > dan carpenter 8<----- Commit 0108bc808107: "drm/nouveau: do not allow negative sizes for now" broke older nvidia gpu's that lack a vm. Add an explicit check to handle this. Reported-by: Dan Carpenter Reported-by: konrad wilk Signed-off-by: Maarten Lankhorst diff --git a/drivers/gpu/drm/nouveau/nouveau_bo.c b/drivers/gpu/drm/nouveau/nouveau_bo.c index c3c40e7..a92f774 100644 --- a/drivers/gpu/drm/nouveau/nouveau_bo.c +++ b/drivers/gpu/drm/nouveau/nouveau_bo.c @@ -198,7 +198,12 @@ nouveau_bo_new(struct drm_device *dev, int size, int align, size_t acc_size; int ret; int type = ttm_bo_type_device; - int max_size = INT_MAX & ~((1 << drm->client.base.vm->vmm->lpg_shift) - 1); + int lpg_shift = 12; + int max_size; + + if (drm->client.base.vm) + lpg_shift = drm->client.base.vm->vmm->lpg_shift; + max_size = INT_MAX & ~((1 << lpg_shift) - 1); if (size <= 0 || size > max_size) { nv_warn(drm, "skipped size %x\n", (u32)size);