drm/i915: Sanity check the computed size and base of stolen memory

Submitted by Chris Wilson on Jan. 27, 2017, 5:20 p.m.

Details

Message ID 20170127172008.25126-1-chris@chris-wilson.co.uk
State New
Headers show
Series "Series without cover letter" ( rev: 3 ) in Intel GFX

Browsing this patch as part of:
"Series without cover letter" rev 3 in Intel GFX
<< prev patch [2/2] next patch >>

Commit Message

Chris Wilson Jan. 27, 2017, 5:20 p.m.
Just do a quick check that the stolen memory address range doesn't
overflow our chosen integer type.

Signed-off-by: Chris Wilson <chris@chris-wilson.co.uk>
---
 drivers/gpu/drm/i915/i915_gem_stolen.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

Patch hide | download patch | download mbox

diff --git a/drivers/gpu/drm/i915/i915_gem_stolen.c b/drivers/gpu/drm/i915/i915_gem_stolen.c
index 42bbc4b04fd6..37a26e1c9190 100644
--- a/drivers/gpu/drm/i915/i915_gem_stolen.c
+++ b/drivers/gpu/drm/i915/i915_gem_stolen.c
@@ -189,7 +189,7 @@  static dma_addr_t i915_stolen_to_dma(struct drm_i915_private *dev_priv)
 		base = tom - tseg_size - ggtt->stolen_size;
 	}
 
-	if (base == 0)
+	if (base == 0 || base + ggtt->stolen_size <= base)
 		return 0;
 
 	/* make sure we don't clobber the GTT if it's within stolen memory */

Comments

Em Sex, 2017-01-27 às 17:20 +0000, Chris Wilson escreveu:
> Just do a quick check that the stolen memory address range doesn't
> overflow our chosen integer type.

Reviewed-by: Paulo Zanoni <paulo.r.zanoni@intel.com>

> 
> Signed-off-by: Chris Wilson <chris@chris-wilson.co.uk>
> ---
>  drivers/gpu/drm/i915/i915_gem_stolen.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/drivers/gpu/drm/i915/i915_gem_stolen.c
> b/drivers/gpu/drm/i915/i915_gem_stolen.c
> index 42bbc4b04fd6..37a26e1c9190 100644
> --- a/drivers/gpu/drm/i915/i915_gem_stolen.c
> +++ b/drivers/gpu/drm/i915/i915_gem_stolen.c
> @@ -189,7 +189,7 @@ static dma_addr_t i915_stolen_to_dma(struct
> drm_i915_private *dev_priv)
>  		base = tom - tseg_size - ggtt->stolen_size;
>  	}
>  
> -	if (base == 0)
> +	if (base == 0 || base + ggtt->stolen_size <= base)
>  		return 0;
>  
>  	/* make sure we don't clobber the GTT if it's within stolen
> memory */
On pe, 2017-01-27 at 17:20 +0000, Chris Wilson wrote:
> Just do a quick check that the stolen memory address range doesn't
> overflow our chosen integer type.
> 
> Signed-off-by: Chris Wilson <chris@chris-wilson.co.uk>

<SNIP>

> @@ -189,7 +189,7 @@ static dma_addr_t i915_stolen_to_dma(struct drm_i915_private *dev_priv)
>  		base = tom - tseg_size - ggtt->stolen_size;
>  	}
>  
> -	if (base == 0)
> +	if (base == 0 || base + ggtt->stolen_size <= base)

range_overflows?

Regards, Joonas
On Mon, Jan 30, 2017 at 02:41:15PM +0200, Joonas Lahtinen wrote:
> On pe, 2017-01-27 at 17:20 +0000, Chris Wilson wrote:
> > Just do a quick check that the stolen memory address range doesn't
> > overflow our chosen integer type.
> > 
> > Signed-off-by: Chris Wilson <chris@chris-wilson.co.uk>
> 
> <SNIP>
> 
> > @@ -189,7 +189,7 @@ static dma_addr_t i915_stolen_to_dma(struct drm_i915_private *dev_priv)
> >  		base = tom - tseg_size - ggtt->stolen_size;
> >  	}
> >  
> > -	if (base == 0)
> > +	if (base == 0 || base + ggtt->stolen_size <= base)
> 
> range_overflows?

if (base == 0 || range_overflows(base, ggtt->stolen_size, U64_MAX /* DMA_ADDR_MAX */))

Bleh.

#define add_overflows(A, B) __builtin_add_overflow_p((A), (B), (typeof((A) + (B)))0)

if (base == 0 || add_overflows(base, ggtt->stolen_size))
-Chris
On ma, 2017-01-30 at 13:15 +0000, Chris Wilson wrote:

> if (base == 0 || range_overflows(base, ggtt->stolen_size, U64_MAX /* DMA_ADDR_MAX */))
> 
> Bleh.
> 
> #define add_overflows(A, B) __builtin_add_overflow_p((A), (B), (typeof((A) + (B)))0)
> 
> if (base == 0 || add_overflows(base, ggtt->stolen_size))

Looks good.

Regards, Joonas