From patchwork Thu Sep 19 12:00:11 2013 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Daniel Vetter X-Patchwork-Id: 2910941 Return-Path: X-Original-To: patchwork-intel-gfx@patchwork.kernel.org Delivered-To: patchwork-parsemail@patchwork2.web.kernel.org Received: from mail.kernel.org (mail.kernel.org [198.145.19.201]) by patchwork2.web.kernel.org (Postfix) with ESMTP id 90335BFF05 for ; Thu, 19 Sep 2013 12:00:54 +0000 (UTC) Received: from mail.kernel.org (localhost [127.0.0.1]) by mail.kernel.org (Postfix) with ESMTP id 2E06F20426 for ; Thu, 19 Sep 2013 12:00:53 +0000 (UTC) Received: from gabe.freedesktop.org (gabe.freedesktop.org [131.252.210.177]) by mail.kernel.org (Postfix) with ESMTP id 79F9620424 for ; Thu, 19 Sep 2013 12:00:48 +0000 (UTC) Received: from gabe.freedesktop.org (localhost [127.0.0.1]) by gabe.freedesktop.org (Postfix) with ESMTP id 1C8F2E790F for ; Thu, 19 Sep 2013 05:00:48 -0700 (PDT) X-Original-To: intel-gfx@lists.freedesktop.org Delivered-To: intel-gfx@lists.freedesktop.org Received: from mail-ea0-f170.google.com (mail-ea0-f170.google.com [209.85.215.170]) by gabe.freedesktop.org (Postfix) with ESMTP id 71783E5D03 for ; Thu, 19 Sep 2013 05:00:07 -0700 (PDT) Received: by mail-ea0-f170.google.com with SMTP id h14so4126953eak.15 for ; Thu, 19 Sep 2013 05:00:05 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ffwll.ch; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=oYZTKsZ1VqZIzjJfF4xPj0aSYvM7DZ33in79herc744=; b=BBXGuiR5ur+xoK6hO5Ck3PWlnPcd0NUgvD5f/ySGmLQ9iKmgWv7rvn2b90anM7Eq4L MgVzXBqpaAvEyR6zs5aSVDEs5jRNME9S0HACZKuFQeUA4prwKVMOA5fBzS9H/Y221qw5 7KXlXRAwc2EOBCXZU4NNzAVfWQtrHdy4SA/BE= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=oYZTKsZ1VqZIzjJfF4xPj0aSYvM7DZ33in79herc744=; b=HcKvR75QSna0XAmCp1WamXCE3/lAAN+yYmU2jOkfJgTMELhtBcxcWjk0BBDnsfaSAg 4yuq3Lck2+SBWnX13PeqX2W5E5NqLMV6jUxMe/RW5bpI+es2tZKLVCsSFHD3KXHbRW9/ P9Hv+NyZGLz13et8uWQ3gcavGZM1NEDREfJSv08eYrblRBjDvZIhiMHmET2tvirL7tLJ vvZinIJL/RfRCogp/2voATk5n1rbLUGCL0J/j0Aiy3D8Vh1bFTddy9N1/Mx75Qhe0bS8 1VGkdTkGrC+jmGVtCti3Ds2D67djzBV7Mu2iEnR/E+XJHOFT4bjhEHMRiyef+xpkY701 NxPg== X-Gm-Message-State: ALoCoQk+kVvgcCchTxW3pRspwRupRFc1bY/ETtPTLdgwWsHgrefZXRb7Fu+3fg3H4kjT9Fz8ht/Z X-Received: by 10.14.93.134 with SMTP id l6mr333816eef.112.1379592005464; Thu, 19 Sep 2013 05:00:05 -0700 (PDT) Received: from phenom.ffwll.local (178-83-130-250.dynamic.hispeed.ch. [178.83.130.250]) by mx.google.com with ESMTPSA id bn13sm10733428eeb.11.1969.12.31.16.00.00 (version=TLSv1.2 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Thu, 19 Sep 2013 05:00:04 -0700 (PDT) From: Daniel Vetter To: Intel Graphics Development Date: Thu, 19 Sep 2013 14:00:11 +0200 Message-Id: <1379592011-14751-1-git-send-email-daniel.vetter@ffwll.ch> X-Mailer: git-send-email 1.8.4.rc3 In-Reply-To: <20130919104455.GD6566@nuc-i3427.alporthouse.com> References: <20130919104455.GD6566@nuc-i3427.alporthouse.com> Cc: Daniel Vetter Subject: [Intel-gfx] [PATCH] drm/i915: Use unsigned for overflow checks in execbuf X-BeenThere: intel-gfx@lists.freedesktop.org X-Mailman-Version: 2.1.13 Precedence: list List-Id: Intel graphics driver community testing & development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Sender: intel-gfx-bounces+patchwork-intel-gfx=patchwork.kernel.org@lists.freedesktop.org Errors-To: intel-gfx-bounces+patchwork-intel-gfx=patchwork.kernel.org@lists.freedesktop.org X-Spam-Status: No, score=-4.7 required=5.0 tests=BAYES_00,DKIM_SIGNED, RCVD_IN_DNSWL_MED,RP_MATCHES_RCVD,T_DKIM_INVALID,UNPARSEABLE_RELAY autolearn=unavailable version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on mail.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP There's actually no real risk since we already check for stricter constraints earlier (using UINT_MAX / sizeof (struct drm_i915_gem_exec_object2) as the limit). But in eb_create we use signed integers, which steals a factor of 2. Luckily struct drm_i915_gem_exec_object2 for this to not matter. Still, be consistent and use unsigned integers. Similar use unsinged integers when checking for overflows in the relocation entry processing. I've also added a new subtests to igt/gem_reloc_overflow to also test for overflowing args->buffer_count values. v2: Give the variables again tighter scope to make it clear that the computation is purely local and doesn't leak out to the 2nd block. Requested by Chris Wilson. Cc: Chris Wilson Signed-off-by: Daniel Vetter --- drivers/gpu/drm/i915/i915_gem_execbuffer.c | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/drivers/gpu/drm/i915/i915_gem_execbuffer.c b/drivers/gpu/drm/i915/i915_gem_execbuffer.c index a733118..742b127 100644 --- a/drivers/gpu/drm/i915/i915_gem_execbuffer.c +++ b/drivers/gpu/drm/i915/i915_gem_execbuffer.c @@ -48,15 +48,15 @@ eb_create(struct drm_i915_gem_execbuffer2 *args, struct i915_address_space *vm) struct eb_vmas *eb = NULL; if (args->flags & I915_EXEC_HANDLE_LUT) { - int size = args->buffer_count; + unsigned size = args->buffer_count; size *= sizeof(struct i915_vma *); size += sizeof(struct eb_vmas); eb = kmalloc(size, GFP_TEMPORARY | __GFP_NOWARN | __GFP_NORETRY); } if (eb == NULL) { - int size = args->buffer_count; - int count = PAGE_SIZE / sizeof(struct hlist_head) / 2; + unsigned size = args->buffer_count; + unsigned count = PAGE_SIZE / sizeof(struct hlist_head) / 2; BUILD_BUG_ON_NOT_POWER_OF_2(PAGE_SIZE / sizeof(struct hlist_head)); while (count > 2*size) count >>= 1; @@ -667,7 +667,7 @@ i915_gem_execbuffer_relocate_slow(struct drm_device *dev, bool need_relocs; int *reloc_offset; int i, total, ret; - int count = args->buffer_count; + unsigned count = args->buffer_count; if (WARN_ON(list_empty(&eb->vmas))) return 0; @@ -818,8 +818,8 @@ validate_exec_list(struct drm_i915_gem_exec_object2 *exec, int count) { int i; - int relocs_total = 0; - int relocs_max = INT_MAX / sizeof(struct drm_i915_gem_relocation_entry); + unsigned relocs_total = 0; + unsigned relocs_max = UINT_MAX / sizeof(struct drm_i915_gem_relocation_entry); for (i = 0; i < count; i++) { char __user *ptr = to_user_ptr(exec[i].relocs_ptr);