[PATCH 1/3] drm/i915/display: Do not assume zero offset when duplicating global state

Ville Syrjälä ville.syrjala at linux.intel.com
Fri Dec 20 09:11:57 UTC 2024


On Thu, Dec 19, 2024 at 06:48:36PM -0300, Gustavo Sousa wrote:
> The current intel_*_duplicate_state() functions assume the offset for
> the base member of their state structures is zero when calling
> kmemdup(). While that is true today, such assumption should not be made
> and proper offset must be applied when calling kmemdup(), otherwise we
> will be duplicating the wrong memory area if, for some reason, the
> offset is changed in the future.

All kms objects we use make that same assumption. I think the correct
thing to do is to just throw in some BUILD_BUG_ON()/etc. to make the
thing not build if that doesn't hold. I had a patch like that ages
ago, but it's no doubt 110% stale by now.

I suppose no real harm if avoiding that assumption in spots like
this, but the &foo->base==NULL <-> foo==NULL assumptions we have
all over the place are the far bigger issue.

> 
> As such, update each of those functions to use its respective
> to_*_state() as the parameter to kmemdup().
> 
> Signed-off-by: Gustavo Sousa <gustavo.sousa at intel.com>
> ---
>  drivers/gpu/drm/i915/display/intel_bw.c       | 4 ++--
>  drivers/gpu/drm/i915/display/intel_cdclk.c    | 4 ++--
>  drivers/gpu/drm/i915/display/intel_pmdemand.c | 4 ++--
>  drivers/gpu/drm/i915/display/skl_watermark.c  | 4 ++--
>  4 files changed, 8 insertions(+), 8 deletions(-)
> 
> diff --git a/drivers/gpu/drm/i915/display/intel_bw.c b/drivers/gpu/drm/i915/display/intel_bw.c
> index 08e8a67ca74c..30236010e0ed 100644
> --- a/drivers/gpu/drm/i915/display/intel_bw.c
> +++ b/drivers/gpu/drm/i915/display/intel_bw.c
> @@ -1425,9 +1425,9 @@ int intel_bw_atomic_check(struct intel_atomic_state *state)
>  static struct intel_global_state *
>  intel_bw_duplicate_state(struct intel_global_obj *obj)
>  {
> -	struct intel_bw_state *state;
> +	struct intel_bw_state *state = to_intel_bw_state(obj->state);
>  
> -	state = kmemdup(obj->state, sizeof(*state), GFP_KERNEL);
> +	state = kmemdup(state, sizeof(*state), GFP_KERNEL);
>  	if (!state)
>  		return NULL;
>  
> diff --git a/drivers/gpu/drm/i915/display/intel_cdclk.c b/drivers/gpu/drm/i915/display/intel_cdclk.c
> index 3506e576bf6b..fc084e2a4c6a 100644
> --- a/drivers/gpu/drm/i915/display/intel_cdclk.c
> +++ b/drivers/gpu/drm/i915/display/intel_cdclk.c
> @@ -3130,9 +3130,9 @@ static int fixed_modeset_calc_cdclk(struct intel_atomic_state *state)
>  
>  static struct intel_global_state *intel_cdclk_duplicate_state(struct intel_global_obj *obj)
>  {
> -	struct intel_cdclk_state *cdclk_state;
> +	struct intel_cdclk_state *cdclk_state = to_intel_cdclk_state(obj->state);
>  
> -	cdclk_state = kmemdup(obj->state, sizeof(*cdclk_state), GFP_KERNEL);
> +	cdclk_state = kmemdup(cdclk_state, sizeof(*cdclk_state), GFP_KERNEL);
>  	if (!cdclk_state)
>  		return NULL;
>  
> diff --git a/drivers/gpu/drm/i915/display/intel_pmdemand.c b/drivers/gpu/drm/i915/display/intel_pmdemand.c
> index cdd314956a31..1f71efb7d04d 100644
> --- a/drivers/gpu/drm/i915/display/intel_pmdemand.c
> +++ b/drivers/gpu/drm/i915/display/intel_pmdemand.c
> @@ -18,9 +18,9 @@
>  static struct intel_global_state *
>  intel_pmdemand_duplicate_state(struct intel_global_obj *obj)
>  {
> -	struct intel_pmdemand_state *pmdemand_state;
> +	struct intel_pmdemand_state *pmdemand_state = to_intel_pmdemand_state(obj->state);
>  
> -	pmdemand_state = kmemdup(obj->state, sizeof(*pmdemand_state), GFP_KERNEL);
> +	pmdemand_state = kmemdup(pmdemand_state, sizeof(*pmdemand_state), GFP_KERNEL);
>  	if (!pmdemand_state)
>  		return NULL;
>  
> diff --git a/drivers/gpu/drm/i915/display/skl_watermark.c b/drivers/gpu/drm/i915/display/skl_watermark.c
> index 29e8ea91c858..b3d38e09df5a 100644
> --- a/drivers/gpu/drm/i915/display/skl_watermark.c
> +++ b/drivers/gpu/drm/i915/display/skl_watermark.c
> @@ -3291,9 +3291,9 @@ static void skl_setup_wm_latency(struct drm_i915_private *i915)
>  
>  static struct intel_global_state *intel_dbuf_duplicate_state(struct intel_global_obj *obj)
>  {
> -	struct intel_dbuf_state *dbuf_state;
> +	struct intel_dbuf_state *dbuf_state = to_intel_dbuf_state(obj->state);
>  
> -	dbuf_state = kmemdup(obj->state, sizeof(*dbuf_state), GFP_KERNEL);
> +	dbuf_state = kmemdup(dbuf_state, sizeof(*dbuf_state), GFP_KERNEL);
>  	if (!dbuf_state)
>  		return NULL;
>  
> -- 
> 2.47.1

-- 
Ville Syrjälä
Intel


More information about the Intel-gfx mailing list