drm/ttm: Print debug information on memory manager when eviction fails
Dan Carpenter
dan.carpenter at oracle.com
Wed Dec 4 06:05:59 PST 2013
Hello Jerome Glisse,
The patch fb53f8621a3f: "drm/ttm: Print debug information on memory
manager when eviction fails" from Dec 9, 2009, leads to the following
static checker warning: "drivers/gpu/drm/ttm/ttm_bo.c:1494
ttm_mem_reg_is_pci()
warn: buffer overflow 'bdev->man' 8 <= 8"
drivers/gpu/drm/ttm/ttm_bo.c
56 static inline int ttm_mem_type_from_flags(uint32_t flags, uint32_t *mem_type)
57 {
58 int i;
59
60 for (i = 0; i <= TTM_PL_PRIV5; i++)
61 if (flags & (1 << i)) {
62 *mem_type = i;
63 return 0;
64 }
65 return -EINVAL;
66 }
--- [snip] to the ttm_bo_mem_space() function:
869 for (i = 0; i < placement->num_placement; ++i) {
870 ret = ttm_mem_type_from_flags(placement->placement[i],
871 &mem_type);
872 if (ret)
873 return ret;
874 man = &bdev->man[mem_type];
875
So after ttm_mem_type_from_flags then mem_type can be TTM_PL_PRIV5 (8)
but the bdev->man[] array only has TTM_NUM_MEM_TYPES (8) elements so we
are one space beyond the end of the array.
regards,
dan carpenter
More information about the dri-devel
mailing list