[Intel-gfx] [PATCH] drm/i915: add sanity check for partial view creation
Tvrtko Ursulin
tvrtko.ursulin at linux.intel.com
Wed Mar 2 13:33:41 UTC 2016
On 29/02/16 17:11, Matthew Auld wrote:
> When binding pages for a partial view we should check that the offset +
> size is valid relative to the size of the gem object.
>
> Cc: Joonas Lahtinen <joonas.lahtinen at linux.intel.com>
> Signed-off-by: Matthew Auld <matthew.auld at intel.com>
> ---
> drivers/gpu/drm/i915/i915_gem_gtt.c | 4 ++++
> 1 file changed, 4 insertions(+)
>
> diff --git a/drivers/gpu/drm/i915/i915_gem_gtt.c b/drivers/gpu/drm/i915/i915_gem_gtt.c
> index 49e4f26..a477bb2 100644
> --- a/drivers/gpu/drm/i915/i915_gem_gtt.c
> +++ b/drivers/gpu/drm/i915/i915_gem_gtt.c
> @@ -3500,6 +3500,10 @@ intel_partial_pages(const struct i915_ggtt_view *view,
> struct sg_page_iter obj_sg_iter;
> int ret = -ENOMEM;
>
> + if (view->params.partial.offset + view->params.partial.size >
> + obj->pages->nents)
> + return ERR_PTR(-EINVAL);
> +
obj->pages->nents is not guaranteed to be equal to number of pages but
can be less than due sg entry coalescing.
I suggest replacing with a check against "obj->base.size >> PAGE_SHIFT".
> st = kmalloc(sizeof(*st), GFP_KERNEL);
> if (!st)
> goto err_st_alloc;
>
Regards,
Tvrtko
More information about the Intel-gfx
mailing list