[PATCH] drm/i915/gvt: Double check batch buffer size after copy
Zhang, Tina
tina.zhang at intel.com
Mon May 27 05:07:21 UTC 2019
> -----Original Message-----
> From: Zhao, Yan Y
> Sent: Friday, May 24, 2019 4:06 PM
> To: Zhang, Tina <tina.zhang at intel.com>
> Cc: zhenyuw at linux.intel.com; Yuan, Hang <hang.yuan at intel.com>; intel-
> gvt-dev at lists.freedesktop.org
> Subject: Re: [PATCH] drm/i915/gvt: Double check batch buffer size after copy
>
> On Fri, May 24, 2019 at 02:39:54PM +0800, Tina Zhang wrote:
> > Double check the size of the privilege buffer to make sure the size
> > remains unchanged after copy.
> >
> > Signed-off-by: Tina Zhang <tina.zhang at intel.com>
> > ---
> > drivers/gpu/drm/i915/gvt/cmd_parser.c | 12 +++++++++++-
> > 1 file changed, 11 insertions(+), 1 deletion(-)
> >
> > diff --git a/drivers/gpu/drm/i915/gvt/cmd_parser.c
> > b/drivers/gpu/drm/i915/gvt/cmd_parser.c
> > index ab002cfd3cab..96dade32a33c 100644
> > --- a/drivers/gpu/drm/i915/gvt/cmd_parser.c
> > +++ b/drivers/gpu/drm/i915/gvt/cmd_parser.c
> > @@ -1717,7 +1717,7 @@ static int perform_bb_shadow(struct
> parser_exec_state *s)
> > struct intel_vgpu *vgpu = s->vgpu;
> > struct intel_vgpu_shadow_bb *bb;
> > unsigned long gma = 0;
> > - unsigned long bb_size;
> > + unsigned long bb_size, check_bb_size;
> > int ret = 0;
> > struct intel_vgpu_mm *mm = (s->buf_addr_type == GTT_BUFFER) ?
> > s->vgpu->gtt.ggtt_mm : s->workload->shadow_mm; @@ -
> 1783,6 +1783,16
> > @@ static int perform_bb_shadow(struct parser_exec_state *s)
> > goto err_unmap;
> > }
> >
> > + ret = find_bb_size(s, &check_bb_size);
> > + if (ret)
> > + goto err_unmap;
> > +
> can just check whether the batch buffer is ended with bb start or bb end to
> avoid calling find_bb_size() twice, which is a rather heavy call and may cause
> endless loop in itself if max size limit is not imposed.
Make sense. Thanks.
BR,
Tina
>
>
> > + if (check_bb_size != bb_size) {
> > + gvt_vgpu_err("guest ring buffer has been changed\n");
> > + ret = -EINVAL;
> > + goto err_unmap;
> > + }
> > +
> > INIT_LIST_HEAD(&bb->list);
> > list_add(&bb->list, &s->workload->shadow_bb);
> >
> > --
> > 2.17.1
> >
> > _______________________________________________
> > intel-gvt-dev mailing list
> > intel-gvt-dev at lists.freedesktop.org
> > https://lists.freedesktop.org/mailman/listinfo/intel-gvt-dev
More information about the intel-gvt-dev
mailing list