[Intel-gfx] [PATCH v2] drm/i915/userptr: restore probe_range behaviour
Liam Howlett
liam.howlett at oracle.com
Fri Oct 28 13:55:35 UTC 2022
* Matthew Auld <matthew.auld at intel.com> [221028 09:07]:
> The conversion looks harmless, however the addr value is updated inside
> the loop with the previous vm_end, which then incorrectly leads to
> for_each_vma_range() iterating over stuff outside the range we care
> about. Fix this by storing the end value separately. Also fix the case
> where the range doesn't intersect with any vma, or if the vma itself
> doesn't extend the entire range, which must mean we have hole at the
> end. Both should result in an error, as per the previous behaviour.
>
> v2: Fix the cases where the range is empty, or if there's a hole at
> the end of the range
>
Reviewed-by: Liam R. Howlett <Liam.Howlett at oracle.com>
> Closes: https://gitlab.freedesktop.org/drm/intel/-/issues/7247
> Testcase: igt at gem_userptr_blits@probe
> Fixes: f683b9d61319 ("i915: use the VMA iterator")
> Reported-by: kernel test robot <oliver.sang at intel.com>
> Signed-off-by: Matthew Auld <matthew.auld at intel.com>
> Cc: Tvrtko Ursulin <tvrtko.ursulin at linux.intel.com>
> Cc: Matthew Wilcox (Oracle) <willy at infradead.org>
> Cc: Liam R. Howlett <Liam.Howlett at Oracle.com>
> Cc: Vlastimil Babka <vbabka at suse.cz>
> Cc: Yu Zhao <yuzhao at google.com>
> ---
> drivers/gpu/drm/i915/gem/i915_gem_userptr.c | 5 +++--
> 1 file changed, 3 insertions(+), 2 deletions(-)
>
> diff --git a/drivers/gpu/drm/i915/gem/i915_gem_userptr.c b/drivers/gpu/drm/i915/gem/i915_gem_userptr.c
> index 1b1a22716722..ca7a388ba2bf 100644
> --- a/drivers/gpu/drm/i915/gem/i915_gem_userptr.c
> +++ b/drivers/gpu/drm/i915/gem/i915_gem_userptr.c
> @@ -427,9 +427,10 @@ probe_range(struct mm_struct *mm, unsigned long addr, unsigned long len)
> {
> VMA_ITERATOR(vmi, mm, addr);
> struct vm_area_struct *vma;
> + unsigned long end = addr + len;
>
> mmap_read_lock(mm);
> - for_each_vma_range(vmi, vma, addr + len) {
> + for_each_vma_range(vmi, vma, end) {
> /* Check for holes, note that we also update the addr below */
> if (vma->vm_start > addr)
> break;
> @@ -441,7 +442,7 @@ probe_range(struct mm_struct *mm, unsigned long addr, unsigned long len)
> }
> mmap_read_unlock(mm);
>
> - if (vma)
> + if (vma || addr < end)
> return -EFAULT;
> return 0;
> }
> --
> 2.37.3
>
More information about the Intel-gfx
mailing list