Mesa (master): i965: Fix uint64_t overflow in intel_client_wait_sync()

[Kristian Høgsberg]

Module: Mesa
Branch: master
Commit: 10c82c6c5fc415d323a5e9c6acdc6a4c85d6b712
URL:    http://cgit.freedesktop.org/mesa/mesa/commit/?id=10c82c6c5fc415d323a5e9c6acdc6a4c85d6b712

Author: Kristian Høgsberg <krh at bitplanet.net>
Date:   Mon Mar  2 16:19:52 2015 -0800

i965: Fix uint64_t overflow in intel_client_wait_sync()

DRM_IOCTL_I915_GEM_WAIT takes an int64_t for the timeout value but
GL_ARB_sync takes an uint64_t.  Further, the ioctl used to wait
indefinitely when passed a negative timeout, but it's been broken and
now returns immediately in that case.  Thus, if an application passes
UINT64_MAX to wait forever, we overflow to -1LL and return immediately.
Work around this mess by clamping the wait timeout to INT64_MAX.

Signed-off-by: Kristian Høgsberg <krh at bitplanet.net>
Reviewed-by: Chad Versace <chad.versace at intel.com>

---

 src/mesa/drivers/dri/i965/intel_syncobj.c |    8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/src/mesa/drivers/dri/i965/intel_syncobj.c b/src/mesa/drivers/dri/i965/intel_syncobj.c
index 9cde152..e500fa0 100644
--- a/src/mesa/drivers/dri/i965/intel_syncobj.c
+++ b/src/mesa/drivers/dri/i965/intel_syncobj.c
@@ -84,6 +84,14 @@ static void intel_client_wait_sync(struct gl_context *ctx, struct gl_sync_object
 {
    struct intel_sync_object *sync = (struct intel_sync_object *)s;
 
+   /* DRM_IOCTL_I915_GEM_WAIT uses a signed 64 bit timeout and returns
+    * immediately for timeouts <= 0.  The best we can do is to clamp the
+    * timeout to INT64_MAX.  This limits the maximum timeout from 584 years to
+    * 292 years - likely not a big deal.
+    */
+   if (timeout > INT64_MAX)
+      timeout = INT64_MAX;
+
    if (sync->bo && drm_intel_gem_bo_wait(sync->bo, timeout) == 0) {
       s->StatusFlag = 1;
       drm_intel_bo_unreference(sync->bo);