[Intel-gfx] drm/i915: Decouple execbuf uAPI from internal implementation

Fri Jan 29 03:15:12 PST 2016

Hi Dan,

On 28/01/16 22:30, Dan Carpenter wrote:
> Hello Tvrtko Ursulin,
>
> The patch de1add360522: "drm/i915: Decouple execbuf uAPI from
> internal implementation" from Jan 15, 2016, leads to the following
> static checker warning:
>
> 	drivers/gpu/drm/i915/i915_gem_execbuffer.c:1411 eb_select_ring()
> 	warn: buffer overflow 'dev_priv->ring' 5 <= 16385
>
> drivers/gpu/drm/i915/i915_gem_execbuffer.c
>    1397          if (user_ring_id == I915_EXEC_BSD && HAS_BSD2(dev_priv)) {
>    1398                  unsigned int bsd_idx = args->flags & I915_EXEC_BSD_MASK;
>    1399
>    1400                  if (bsd_idx == I915_EXEC_BSD_DEFAULT) {
>    1401                          bsd_idx = gen8_dispatch_bsd_ring(dev_priv, file);
>    1402                  } else if (bsd_idx >= I915_EXEC_BSD_RING1 &&
>    1403                             bsd_idx <= I915_EXEC_BSD_RING2) {
>    1404                          bsd_idx--;
>                                  ^^^^^^^^^
> This should probablye be "bsd_idx = (bsd_idx >> 13) - 1;" or something.
>
>    1405                  } else {
>    1406                          DRM_DEBUG("execbuf with unknown bsd ring: %u\n",
>    1407                                    bsd_idx);
>    1408                          return -EINVAL;
>    1409                  }
>    1410
>    1411                  *ring = &dev_priv->ring[_VCS(bsd_idx)];
>
> Otherwise we're way past the end of this array.

Yep, we have already found this and fixed it in "drm/i915: Fix VCS ring 
selection after uapi decoupling".

Thanks for the report, it is very useful!

Regards,

Tvrtko