[Intel-gfx] [PATCH] drm/i915: Fix possible overflow when recording semaphore states.

Damien Lespiau damien.lespiau at intel.com
Fri Jul 18 17:47:52 CEST 2014 

On Fri, Jul 18, 2014 at 01:39:29AM -0700, Rodrigo Vivi wrote:
> semaphore _sync_seqno, _seqno and _mbox are smaller than number of rings.
> This optimization is to remove the ring itself from the list and the logic to do that
> is at intel_ring_sync_index as below:
> 
> /*
>  * rcs -> 0 = vcs, 1 = bcs, 2 = vecs, 3 = vcs2;
>  * vcs -> 0 = bcs, 1 = vecs, 2 = vcs2, 3 = rcs;
>  * bcs -> 0 = vecs, 1 = vcs2. 2 = rcs, 3 = vcs;
>  * vecs -> 0 = vcs2, 1 = rcs, 2 = vcs, 3 = bcs;
>  * vcs2 -> 0 = rcs, 1 = vcs, 2 = bcs, 3 = vecs;
> */
> 
> v2: Skip when from == to (Damien).
> 
> Cc: Damien Lespiau <damien.lespiau at intel.com>
> Cc: Ben Widawsky <benjamin.widawsky at intel.com>
> Signed-off-by: Rodrigo Vivi <rodrigo.vivi at intel.com>
> ---
>  drivers/gpu/drm/i915/i915_gpu_error.c | 12 ++++++++----
>  1 file changed, 8 insertions(+), 4 deletions(-)
> 
> diff --git a/drivers/gpu/drm/i915/i915_gpu_error.c b/drivers/gpu/drm/i915/i915_gpu_error.c
> index 9faebbc..6608bee 100644
> --- a/drivers/gpu/drm/i915/i915_gpu_error.c
> +++ b/drivers/gpu/drm/i915/i915_gpu_error.c
> @@ -764,7 +764,7 @@ static void gen8_record_semaphore_state(struct drm_i915_private *dev_priv,
>  					struct intel_engine_cs *ring,
>  					struct drm_i915_error_ring *ering)
>  {
> -	struct intel_engine_cs *useless;
> +	struct intel_engine_cs *to;
>  	int i;
>  
>  	if (!i915_semaphore_is_enabled(dev_priv->dev))
> @@ -776,13 +776,17 @@ static void gen8_record_semaphore_state(struct drm_i915_private *dev_priv,
>  						 dev_priv->semaphore_obj,
>  						 &dev_priv->gtt.base);
>  
> -	for_each_ring(useless, dev_priv, i) {
> +	for_each_ring(to, dev_priv, i) {
>  		u16 signal_offset =
>  			(GEN8_SIGNAL_OFFSET(ring, i) & PAGE_MASK) / 4;
>  		u32 *tmp = error->semaphore_obj->pages[0];
> +		int idx = intel_ring_sync_index(ring, to);
>  
> -		ering->semaphore_mboxes[i] = tmp[signal_offset];
> -		ering->semaphore_seqno[i] = ring->semaphore.sync_seqno[i];
> +		if (ring->id == to->id)
> +			return;

continue; ? you need to skip "ring", but you also need to fill the array
when to->id > ring->id.

I guess you should also be able to short-circuit the iteration sooner as
well, no need to do the computations. I believe if "(ring == to)" would
work as well.

-- 
Damien

More information about the Intel-gfx mailing list