[PATCH] drm/i915/guc: prevent a possible int overflow in wq offsets
Tvrtko Ursulin
tursulin at ursulin.net
Wed Sep 4 09:59:48 UTC 2024
On 26/08/2024 11:45, Nikita Zhandarovich wrote:
> Hi,
>
> On 7/25/24 08:59, Nikita Zhandarovich wrote:
>> It may be possible for the sum of the values derived from
>> i915_ggtt_offset() and __get_parent_scratch_offset()/
>> i915_ggtt_offset() to go over the u32 limit before being assigned
>> to wq offsets of u64 type.
>>
>> Mitigate these issues by expanding one of the right operands
>> to u64 to avoid any overflow issues just in case.
>>
>> Found by Linux Verification Center (linuxtesting.org) with static
>> analysis tool SVACE.
>>
>> Fixes: 2584b3549f4c ("drm/i915/guc: Update to GuC version 70.1.1")
>> Cc: stable at vger.kernel.org
>> Signed-off-by: Nikita Zhandarovich <n.zhandarovich at fintech.ru>
>> ---
>> drivers/gpu/drm/i915/gt/uc/intel_guc_submission.c | 4 ++--
>> 1 file changed, 2 insertions(+), 2 deletions(-)
>>
>> diff --git a/drivers/gpu/drm/i915/gt/uc/intel_guc_submission.c b/drivers/gpu/drm/i915/gt/uc/intel_guc_submission.c
>> index 9400d0eb682b..908ebfa22933 100644
>> --- a/drivers/gpu/drm/i915/gt/uc/intel_guc_submission.c
>> +++ b/drivers/gpu/drm/i915/gt/uc/intel_guc_submission.c
>> @@ -2842,9 +2842,9 @@ static void prepare_context_registration_info_v70(struct intel_context *ce,
>> ce->parallel.guc.wqi_tail = 0;
>> ce->parallel.guc.wqi_head = 0;
>>
>> - wq_desc_offset = i915_ggtt_offset(ce->state) +
>> + wq_desc_offset = (u64)i915_ggtt_offset(ce->state) +
>> __get_parent_scratch_offset(ce);
>> - wq_base_offset = i915_ggtt_offset(ce->state) +
>> + wq_base_offset = (u64)i915_ggtt_offset(ce->state) +
>> __get_wq_offset(ce);
>> info->wq_desc_lo = lower_32_bits(wq_desc_offset);
>> info->wq_desc_hi = upper_32_bits(wq_desc_offset);
>
> Gentle ping,
With the current hardware this cannot overflow but I guess it doesn't
harm to be explicitly safe. Adding some GuC folks to either r-b or add
more candidates for review.
Regards,
Tvrtko
More information about the dri-devel
mailing list