Mesa (master): i965: Fix uint64_t overflow in intel_client_wait_sync()
Kristian Høgsberg
krh at kemper.freedesktop.org
Wed Mar 4 17:55:46 UTC 2015
Module: Mesa
Branch: master
Commit: 10c82c6c5fc415d323a5e9c6acdc6a4c85d6b712
URL: http://cgit.freedesktop.org/mesa/mesa/commit/?id=10c82c6c5fc415d323a5e9c6acdc6a4c85d6b712
Author: Kristian Høgsberg <krh at bitplanet.net>
Date: Mon Mar 2 16:19:52 2015 -0800
i965: Fix uint64_t overflow in intel_client_wait_sync()
DRM_IOCTL_I915_GEM_WAIT takes an int64_t for the timeout value but
GL_ARB_sync takes an uint64_t. Further, the ioctl used to wait
indefinitely when passed a negative timeout, but it's been broken and
now returns immediately in that case. Thus, if an application passes
UINT64_MAX to wait forever, we overflow to -1LL and return immediately.
Work around this mess by clamping the wait timeout to INT64_MAX.
Signed-off-by: Kristian Høgsberg <krh at bitplanet.net>
Reviewed-by: Chad Versace <chad.versace at intel.com>
---
src/mesa/drivers/dri/i965/intel_syncobj.c | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/src/mesa/drivers/dri/i965/intel_syncobj.c b/src/mesa/drivers/dri/i965/intel_syncobj.c
index 9cde152..e500fa0 100644
--- a/src/mesa/drivers/dri/i965/intel_syncobj.c
+++ b/src/mesa/drivers/dri/i965/intel_syncobj.c
@@ -84,6 +84,14 @@ static void intel_client_wait_sync(struct gl_context *ctx, struct gl_sync_object
{
struct intel_sync_object *sync = (struct intel_sync_object *)s;
+ /* DRM_IOCTL_I915_GEM_WAIT uses a signed 64 bit timeout and returns
+ * immediately for timeouts <= 0. The best we can do is to clamp the
+ * timeout to INT64_MAX. This limits the maximum timeout from 584 years to
+ * 292 years - likely not a big deal.
+ */
+ if (timeout > INT64_MAX)
+ timeout = INT64_MAX;
+
if (sync->bo && drm_intel_gem_bo_wait(sync->bo, timeout) == 0) {
s->StatusFlag = 1;
drm_intel_bo_unreference(sync->bo);
More information about the mesa-commit
mailing list