drm/i915: Decouple execbuf uAPI from internal implementation

Dan Carpenter dan.carpenter at oracle.com
Thu Jan 28 14:30:00 PST 2016


Hello Tvrtko Ursulin,

The patch de1add360522: "drm/i915: Decouple execbuf uAPI from
internal implementation" from Jan 15, 2016, leads to the following
static checker warning:

	drivers/gpu/drm/i915/i915_gem_execbuffer.c:1411 eb_select_ring()
	warn: buffer overflow 'dev_priv->ring' 5 <= 16385

drivers/gpu/drm/i915/i915_gem_execbuffer.c
  1397          if (user_ring_id == I915_EXEC_BSD && HAS_BSD2(dev_priv)) {
  1398                  unsigned int bsd_idx = args->flags & I915_EXEC_BSD_MASK;
  1399  
  1400                  if (bsd_idx == I915_EXEC_BSD_DEFAULT) {
  1401                          bsd_idx = gen8_dispatch_bsd_ring(dev_priv, file);
  1402                  } else if (bsd_idx >= I915_EXEC_BSD_RING1 &&
  1403                             bsd_idx <= I915_EXEC_BSD_RING2) {
  1404                          bsd_idx--;
                                ^^^^^^^^^
This should probablye be "bsd_idx = (bsd_idx >> 13) - 1;" or something.

  1405                  } else {
  1406                          DRM_DEBUG("execbuf with unknown bsd ring: %u\n",
  1407                                    bsd_idx);
  1408                          return -EINVAL;
  1409                  }
  1410  
  1411                  *ring = &dev_priv->ring[_VCS(bsd_idx)];

Otherwise we're way past the end of this array.

  1412          } else {
  1413                  *ring = &dev_priv->ring[user_ring_map[user_ring_id]];
  1414          }
  1415  
  1416          if (!intel_ring_initialized(*ring)) {
  1417                  DRM_DEBUG("execbuf with invalid ring: %u\n", user_ring_id);
  1418                  return -EINVAL;
  1419          }

regards,
dan carpenter


More information about the dri-devel mailing list