drm/i915: Decouple execbuf uAPI from internal implementation
Dan Carpenter
dan.carpenter at oracle.com
Thu Jan 28 14:30:00 PST 2016
Hello Tvrtko Ursulin,
The patch de1add360522: "drm/i915: Decouple execbuf uAPI from
internal implementation" from Jan 15, 2016, leads to the following
static checker warning:
drivers/gpu/drm/i915/i915_gem_execbuffer.c:1411 eb_select_ring()
warn: buffer overflow 'dev_priv->ring' 5 <= 16385
drivers/gpu/drm/i915/i915_gem_execbuffer.c
1397 if (user_ring_id == I915_EXEC_BSD && HAS_BSD2(dev_priv)) {
1398 unsigned int bsd_idx = args->flags & I915_EXEC_BSD_MASK;
1399
1400 if (bsd_idx == I915_EXEC_BSD_DEFAULT) {
1401 bsd_idx = gen8_dispatch_bsd_ring(dev_priv, file);
1402 } else if (bsd_idx >= I915_EXEC_BSD_RING1 &&
1403 bsd_idx <= I915_EXEC_BSD_RING2) {
1404 bsd_idx--;
^^^^^^^^^
This should probablye be "bsd_idx = (bsd_idx >> 13) - 1;" or something.
1405 } else {
1406 DRM_DEBUG("execbuf with unknown bsd ring: %u\n",
1407 bsd_idx);
1408 return -EINVAL;
1409 }
1410
1411 *ring = &dev_priv->ring[_VCS(bsd_idx)];
Otherwise we're way past the end of this array.
1412 } else {
1413 *ring = &dev_priv->ring[user_ring_map[user_ring_id]];
1414 }
1415
1416 if (!intel_ring_initialized(*ring)) {
1417 DRM_DEBUG("execbuf with invalid ring: %u\n", user_ring_id);
1418 return -EINVAL;
1419 }
regards,
dan carpenter
More information about the dri-devel
mailing list