drm/i915: Add checks to i915_bind_vma

Message ID	1429721111-22845-1-git-send-email-mika.kuoppala@intel.com (mailing list archive)
State	New, archived
Headers	show Return-Path: <intel-gfx-bounces@lists.freedesktop.org> From: Mika Kuoppala <mika.kuoppala@linux.intel.com> To: torvalds@linux-foundation.org, daniel.vetter@intel.com, jani.nikula@linux.intel.com, airlied@linux.ie, ben@bwidawsk.net Date: Wed, 22 Apr 2015 19:45:11 +0300 Message-Id: <1429721111-22845-1-git-send-email-mika.kuoppala@intel.com> In-Reply-To: <CA+55aFyTY1i9PtRH4DqSKWcpQog+EzXKftirHh_2-17k41szhQ@mail.gmail.com> References: <CA+55aFyTY1i9PtRH4DqSKWcpQog+EzXKftirHh_2-17k41szhQ@mail.gmail.com> Cc: intel-gfx@lists.freedesktop.org, linux-kernel@vger.kernel.org Subject: [Intel-gfx] [PATCH] drm/i915: Add checks to i915_bind_vma Precedence: list MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 Errors-To: intel-gfx-bounces@lists.freedesktop.org Sender: "Intel-gfx" <intel-gfx-bounces@lists.freedesktop.org>

Message ID

1429721111-22845-1-git-send-email-mika.kuoppala@intel.com (mailing list archive)

State

New, archived

Headers

From: Mika Kuoppala <mika.kuoppala@linux.intel.com>
To: torvalds@linux-foundation.org, daniel.vetter@intel.com,
	jani.nikula@linux.intel.com, airlied@linux.ie, ben@bwidawsk.net
Date: Wed, 22 Apr 2015 19:45:11 +0300
Message-Id: <1429721111-22845-1-git-send-email-mika.kuoppala@intel.com>
In-Reply-To: <CA+55aFyTY1i9PtRH4DqSKWcpQog+EzXKftirHh_2-17k41szhQ@mail.gmail.com>
References: <CA+55aFyTY1i9PtRH4DqSKWcpQog+EzXKftirHh_2-17k41szhQ@mail.gmail.com>
Cc: intel-gfx@lists.freedesktop.org, linux-kernel@vger.kernel.org
Subject: [Intel-gfx] [PATCH] drm/i915: Add checks to i915_bind_vma
Precedence: list
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
Errors-To: intel-gfx-bounces@lists.freedesktop.org
Sender: "Intel-gfx" <intel-gfx-bounces@lists.freedesktop.org>

Commit Message

Mika Kuoppala April 22, 2015, 4:45 p.m. UTC

The current aliasing ppgtt implementation allocates
the page table structures on driver initialization
for the entire vm address space. Earlier the page tables
were allocated as array of struct pages, but introduction
of dynamic allocation of page structures changed the page
tables to be inside a page directory.

We have a detailed bug report where traversing of tables and
deferencing page_table[pte]->page oopses. This indicates that
our pre allocation of page tables has failed or that we get
corrupt vma which does not fit inside the vm area and throws
pte > 511.

Add more checks to catch the latter. Warn and bail out if
we get vma which is out of bounds for binding.

v2: Check vma node early (Chris)

Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Chris Wilson <chris@chris-wilson.co.uk>
Cc: Michel Thierry <michel.thierry@intel.com>
Signed-off-by: Mika Kuoppala <mika.kuoppala@intel.com>
---
 drivers/gpu/drm/i915/i915_gem_gtt.c | 7 +++++++
 1 file changed, 7 insertions(+)

Comments

Shuang He April 22, 2015, 7:53 p.m. UTC | #1

Tested-By: Intel Graphics QA PRTS (Patch Regression Test System Contact: shuang.he@intel.com)
Task id: 6249
-------------------------------------Summary-------------------------------------
Platform          Delta          drm-intel-nightly          Series Applied
PNV                                  276/276              276/276
ILK                                  302/302              302/302
SNB                                  318/318              318/318
IVB                                  341/341              341/341
BYT                                  287/287              287/287
BDW                                  318/318              318/318
-------------------------------------Detailed-------------------------------------
Platform  Test                                drm-intel-nightly          Series Applied
Note: You need to pay more attention to line start with '*'

Josh Boyer April 23, 2015, 1:14 p.m. UTC | #2

On Wed, Apr 22, 2015 at 12:45 PM, Mika Kuoppala
<mika.kuoppala@linux.intel.com> wrote:
> The current aliasing ppgtt implementation allocates
> the page table structures on driver initialization
> for the entire vm address space. Earlier the page tables
> were allocated as array of struct pages, but introduction
> of dynamic allocation of page structures changed the page
> tables to be inside a page directory.
>
> We have a detailed bug report where traversing of tables and
> deferencing page_table[pte]->page oopses. This indicates that
> our pre allocation of page tables has failed or that we get
> corrupt vma which does not fit inside the vm area and throws
> pte > 511.
>
> Add more checks to catch the latter. Warn and bail out if
> we get vma which is out of bounds for binding.
>
> v2: Check vma node early (Chris)
>
> Cc: Linus Torvalds <torvalds@linux-foundation.org>
> Cc: Chris Wilson <chris@chris-wilson.co.uk>
> Cc: Michel Thierry <michel.thierry@intel.com>
> Signed-off-by: Mika Kuoppala <mika.kuoppala@intel.com>
> ---
>  drivers/gpu/drm/i915/i915_gem_gtt.c | 7 +++++++
>  1 file changed, 7 insertions(+)
>
> diff --git a/drivers/gpu/drm/i915/i915_gem_gtt.c b/drivers/gpu/drm/i915/i915_gem_gtt.c
> index 0239fbf..2ffa8f6 100644
> --- a/drivers/gpu/drm/i915/i915_gem_gtt.c
> +++ b/drivers/gpu/drm/i915/i915_gem_gtt.c
> @@ -2746,6 +2746,13 @@ i915_get_ggtt_vma_pages(struct i915_vma *vma)
>  int i915_vma_bind(struct i915_vma *vma, enum i915_cache_level cache_level,
>                   u32 flags)
>  {
> +
> +       if (WARN_ON(!drm_mm_node_allocated(&vma->node)))
> +               return -EINVAL;
> +
> +       if (WARN_ON(vma->node.start > vma->vm->total - vma->node.size))
> +               return -EINVAL;
> +

Do you really need a full backtrace in these cases?  From an end user
perspective, they're going to get a popup saying they have a kernel
problem or an automated tool will file a bug for them and they will
have no idea what any of this means.

I understand the need for the check, but could it be done in a way
that doesn't splat an oops on a user's system?  The i915 driver has
tons of these kinds of WARN_ONs already and they don't seem to be
helping anything overall...

josh

>         if (i915_is_ggtt(vma->vm)) {
>                 int ret = i915_get_ggtt_vma_pages(vma);
>
> --
> 1.9.1
>
> --
> To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at  http://vger.kernel.org/majordomo-info.html
> Please read the FAQ at  http://www.tux.org/lkml/

diff --git a/drivers/gpu/drm/i915/i915_gem_gtt.c b/drivers/gpu/drm/i915/i915_gem_gtt.c
index 0239fbf..2ffa8f6 100644
--- a/drivers/gpu/drm/i915/i915_gem_gtt.c
+++ b/drivers/gpu/drm/i915/i915_gem_gtt.c
@@ -2746,6 +2746,13 @@  i915_get_ggtt_vma_pages(struct i915_vma *vma)
 int i915_vma_bind(struct i915_vma *vma, enum i915_cache_level cache_level,
 		  u32 flags)
 {
+
+	if (WARN_ON(!drm_mm_node_allocated(&vma->node)))
+		return -EINVAL;
+
+	if (WARN_ON(vma->node.start > vma->vm->total - vma->node.size))
+		return -EINVAL;
+
 	if (i915_is_ggtt(vma->vm)) {
 		int ret = i915_get_ggtt_vma_pages(vma);