[Intel-gfx] [PATCH 12/15] drm/i915/guc: Prepare to process incoming requests from CT

[Michal Wajdeczko]

On Fri, Aug 04, 2017 at 06:13:42PM +0100, Chris Wilson wrote:
> Quoting Michal Wajdeczko (2017-08-04 17:27:09)
> >  static inline const char *guc_ct_buffer_type_to_str(u32 type)
> > @@ -600,13 +609,76 @@ static int guc_handle_response(struct intel_guc *guc, const u32 *data)
> >  static int guc_handle_request(struct intel_guc *guc, const u32 *data)
> >  {
> >         u32 header = data[0];
> > +       u32 len = ct_header_get_len(header) + 1; /* total len with header */
> > +       struct ct_incoming_request *request;
> > +       unsigned long flags;
> >  
> >         GEM_BUG_ON(ct_header_is_response(header));
> >         /* data layout beyond header is request specific */
> >  
> > +       request = kmalloc(sizeof(*request), GFP_ATOMIC);
> > +       if (unlikely(!request)) {
> > +               DRM_ERROR("CT: dropping request %*phn\n", 4*len, data);
> > +               return 0; /* XXX: -ENOMEM ? */
> > +       }
> > +
> > +       GEM_BUG_ON(len > GUC_CT_MSG_LEN_MASK + 1);
> 
> This is incoming from the guc, if we can validate it, do so. Keep
> GEM_BUG_ON() for programming errors and absolute catastrophe.

Sorry, this check is leftover from earlier design.

Now it will be always satisfied as len can't be encoded beyond given mask ;)
I can change it into more appropriate runtime check against our buffer size:

	if (4*len > sizeof(request->data)) ...

or into compile time check (with assumption then len can't larger than mask)

	BUILD_BUG_ON(sizeof(request->data) < 4*(GUC_MSG_LEN_MASK+1));

or both

-Michal