[PATCH i-g-t v3 3/6] lib/igt_fb: Sanitize blt_fb_init
Zbigniew Kempczyński
zbigniew.kempczynski at intel.com
Thu May 9 10:21:08 UTC 2024
On Tue, Apr 30, 2024 at 07:29:36PM +0300, Juha-Pekka Heikkila wrote:
> Sanitize building of Intel blitter setup
>
> Signed-off-by: Juha-Pekka Heikkila <juhapekka.heikkila at gmail.com>
> ---
> lib/igt_fb.c | 64 +++++++++++++++++++++++++++++++++++++---------------
> 1 file changed, 46 insertions(+), 18 deletions(-)
>
> diff --git a/lib/igt_fb.c b/lib/igt_fb.c
> index 707eb0a1e..b4afcaacb 100644
> --- a/lib/igt_fb.c
> +++ b/lib/igt_fb.c
> @@ -2760,21 +2760,18 @@ static void copy_with_engine(struct fb_blit_upload *blit,
> fini_buf(src);
> }
>
> -static struct blt_copy_object *blt_fb_init(const struct igt_fb *fb,
> - uint32_t plane, uint32_t memregion)
> +static struct blt_copy_object *allocate_and_initialize_blt(const struct igt_fb *fb,
> + uint32_t handle,
> + uint32_t memregion,
> + enum blt_tiling_type blt_tile,
> + uint32_t plane)
> {
> - uint32_t name, handle;
> - struct blt_copy_object *blt;
> - enum blt_tiling_type blt_tile;
> uint64_t stride;
> + struct blt_copy_object *blt = malloc(sizeof(*blt));
>
> - blt = malloc(sizeof(*blt));
> - igt_assert(blt);
> + if (!blt)
> + return NULL;
As you're touching this I would use calloc(). If blt_copy_object would be
extended it would contain uninitialized value.
>
> - name = gem_flink(fb->fd, fb->gem_handle);
> - handle = gem_open(fb->fd, name);
> -
> - blt_tile = fb_tile_to_blt_tile(fb->modifier);
> stride = blt_tile == T_LINEAR ? fb->strides[plane] : fb->strides[plane] / 4;
>
> blt_set_object(blt, handle, fb->size, memregion,
> @@ -2785,17 +2782,48 @@ static struct blt_copy_object *blt_fb_init(const struct igt_fb *fb,
> is_gen12_mc_ccs_modifier(fb->modifier) ? COMPRESSION_TYPE_MEDIA : COMPRESSION_TYPE_3D);
>
> blt_set_geom(blt, stride, 0, 0, fb->width, fb->plane_height[plane], 0, 0);
> -
> blt->plane_offset = fb->offsets[plane];
>
> - igt_assert(fb->size);
> + return blt;
> +}
>
> - if (is_xe_device(fb->fd))
> - blt->ptr = xe_bo_mmap_ext(fb->fd, handle, fb->size,
> - PROT_READ | PROT_WRITE);
> +static void *map_buffer(int fd, uint32_t handle, size_t size)
> +{
> + if (is_xe_device(fd))
> + return xe_bo_mmap_ext(fd, handle, size, PROT_READ | PROT_WRITE);
> else
> - blt->ptr = gem_mmap__device_coherent(fb->fd, handle, 0, fb->size,
> - PROT_READ | PROT_WRITE);
> + return gem_mmap__device_coherent(fd, handle, 0, size,
> + PROT_READ | PROT_WRITE);
> +}
> +
> +static struct blt_copy_object *blt_fb_init(const struct igt_fb *fb,
> + uint32_t plane, uint32_t memregion)
> +{
> + uint32_t name, handle;
> + enum blt_tiling_type blt_tile;
> + struct blt_copy_object *blt;
> +
> + if (!fb)
> + return NULL;
> +
> + name = gem_flink(fb->fd, fb->gem_handle);
> + handle = gem_open(fb->fd, name);
> +
> + if (!handle)
> + return NULL;
> +
> + blt_tile = fb_tile_to_blt_tile(fb->modifier);
> + blt = allocate_and_initialize_blt(fb, handle, memregion, blt_tile, plane);
> +
> + if (!blt)
> + return NULL;
It will be problematic in do_block_copy() if blt is NULL. We'll get
segfault on accessing these structures.
--
Zbigniew
> +
> + blt->ptr = map_buffer(fb->fd, handle, fb->size);
> + if (!blt->ptr) {
> + free(blt);
> + return NULL;
> + }
> +
> return blt;
> }
>
> --
> 2.25.1
>
More information about the igt-dev
mailing list