[Intel-gfx] [PATCH] drm/i915/gt: handle null ptr at sg traversing
Matthew Auld
matthew.auld at intel.com
Tue Jun 28 09:40:56 UTC 2022
On 27/06/2022 18:35, Ramalingam C wrote:
> When calculating the starting address for ccs data in smem scatterlist,
> handle the NULL pointer returned from sg_next, incase of scatterlist
> less than required size..
Do we have some more information on how we can hit this? Is this a
programmer error? Do we have a testcase?
>
> Signed-off-by: Ramalingam C <ramalingam.c at intel.com>
> ---
> drivers/gpu/drm/i915/gt/intel_migrate.c | 13 ++++++++++---
> 1 file changed, 10 insertions(+), 3 deletions(-)
>
> diff --git a/drivers/gpu/drm/i915/gt/intel_migrate.c b/drivers/gpu/drm/i915/gt/intel_migrate.c
> index 2c35324b5f68..c206fb4f4186 100644
> --- a/drivers/gpu/drm/i915/gt/intel_migrate.c
> +++ b/drivers/gpu/drm/i915/gt/intel_migrate.c
> @@ -669,7 +669,7 @@ calculate_chunk_sz(struct drm_i915_private *i915, bool src_is_lmem,
> }
> }
>
> -static void get_ccs_sg_sgt(struct sgt_dma *it, u32 bytes_to_cpy)
> +static int get_ccs_sg_sgt(struct sgt_dma *it, u32 bytes_to_cpy)
> {
> u32 len;
>
> @@ -684,9 +684,13 @@ static void get_ccs_sg_sgt(struct sgt_dma *it, u32 bytes_to_cpy)
> bytes_to_cpy -= len;
>
> it->sg = __sg_next(it->sg);
> + if (!it->sg)
> + return -EINVAL;
> it->dma = sg_dma_address(it->sg);
> it->max = it->dma + sg_dma_len(it->sg);
> } while (bytes_to_cpy);
> +
> + return 0;
> }
>
> int
> @@ -745,8 +749,11 @@ intel_context_migrate_copy(struct intel_context *ce,
> * Need to fix it.
> */
> ccs_bytes_to_cpy = src_sz != dst_sz ? GET_CCS_BYTES(i915, bytes_to_cpy) : 0;
> - if (ccs_bytes_to_cpy)
> - get_ccs_sg_sgt(&it_ccs, bytes_to_cpy);
> + if (ccs_bytes_to_cpy) {
> + err = get_ccs_sg_sgt(&it_ccs, bytes_to_cpy);
> + if (err)
> + return err;
> + }
> }
>
> src_offset = 0;
More information about the Intel-gfx
mailing list