[4/5] drm/i915/gvt: Check if cur_pt_type is valid

Submitted by Aleksei Gimbitskii on April 8, 2019, 5:55 a.m.

Details

Message ID 20190408055502.8474-4-aleksei.gimbitskii@intel.com
State New
Headers show
Series "Series without cover letter" ( rev: 1 ) in Intel GVT devel

Not browsing as part of any series.

Commit Message

Aleksei Gimbitskii April 8, 2019, 5:55 a.m.
Static code analyzer warns that index value for scratch_pt may be equal
to -1. Index value type is intel_gvt_gtt_type_t, so it may be any number
at range -1 to 17. Check first if cur_pt_type and cur_pt_type+1 is valid
values.

This patch fixed the critial issue #422 reported by klocwork.

Signed-off-by: Aleksei Gimbitskii <aleksei.gimbitskii@intel.com>
Cc: Zhenyu Wang <zhenyuw@linux.intel.com>
Cc: Zhi Wang <zhi.a.wang@intel.com>
---
 drivers/gpu/drm/i915/gvt/gtt.c | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

Patch hide | download patch | download mbox

diff --git a/drivers/gpu/drm/i915/gvt/gtt.c b/drivers/gpu/drm/i915/gvt/gtt.c
index 8dcb6223b985..7dc09b389e59 100644
--- a/drivers/gpu/drm/i915/gvt/gtt.c
+++ b/drivers/gpu/drm/i915/gvt/gtt.c
@@ -936,7 +936,14 @@  static int ppgtt_invalidate_spt_by_shadow_entry(struct intel_vgpu *vgpu,
 
 	if (e->type != GTT_TYPE_PPGTT_ROOT_L3_ENTRY
 		&& e->type != GTT_TYPE_PPGTT_ROOT_L4_ENTRY) {
-		cur_pt_type = get_next_pt_type(e->type) + 1;
+		cur_pt_type = get_next_pt_type(e->type);
+
+		if (!gtt_type_is_pt(cur_pt_type) ||
+				!gtt_type_is_pt(cur_pt_type + 1))
+			return -EINVAL;
+
+		cur_pt_type += 1;
+
 		if (ops->get_pfn(e) ==
 			vgpu->gtt.scratch_pt[cur_pt_type].page_mfn)
 			return 0;

Comments

On 2019-04-08 13:55, Aleksei Gimbitskii wrote:
> Static code analyzer warns that index value for scratch_pt may be equal
> to -1. Index value type is intel_gvt_gtt_type_t, so it may be any number
> at range -1 to 17. Check first if cur_pt_type and cur_pt_type+1 is valid
> values.
>
> This patch fixed the critial issue #422 reported by klocwork.
>
> Signed-off-by: Aleksei Gimbitskii <aleksei.gimbitskii@intel.com>
> Cc: Zhenyu Wang <zhenyuw@linux.intel.com>
> Cc: Zhi Wang <zhi.a.wang@intel.com>
> ---
>   drivers/gpu/drm/i915/gvt/gtt.c | 9 ++++++++-
>   1 file changed, 8 insertions(+), 1 deletion(-)
>
> diff --git a/drivers/gpu/drm/i915/gvt/gtt.c b/drivers/gpu/drm/i915/gvt/gtt.c
> index 8dcb6223b985..7dc09b389e59 100644
> --- a/drivers/gpu/drm/i915/gvt/gtt.c
> +++ b/drivers/gpu/drm/i915/gvt/gtt.c
> @@ -936,7 +936,14 @@ static int ppgtt_invalidate_spt_by_shadow_entry(struct intel_vgpu *vgpu,
>   
>   	if (e->type != GTT_TYPE_PPGTT_ROOT_L3_ENTRY
>   		&& e->type != GTT_TYPE_PPGTT_ROOT_L4_ENTRY) {
> -		cur_pt_type = get_next_pt_type(e->type) + 1;
> +		cur_pt_type = get_next_pt_type(e->type);
> +
> +		if (!gtt_type_is_pt(cur_pt_type) ||
> +				!gtt_type_is_pt(cur_pt_type + 1))
> +			return -EINVAL;

It's better to leave some dbgmsg for invalid type.

> +
> +		cur_pt_type += 1;
> +
>   		if (ops->get_pfn(e) ==
>   			vgpu->gtt.scratch_pt[cur_pt_type].page_mfn)
>   			return 0;
Additional debug message is added in new patch version.

BR, Aleksei.

-----Original Message-----
From: Xu, Colin 

Sent: Monday, April 8, 2019 10:27 AM
To: Gimbitskii, Aleksei <aleksei.gimbitskii@intel.com>; intel-gvt-dev@lists.freedesktop.org
Cc: Wang, Zhi A <zhi.a.wang@intel.com>; Zhenyu Wang <zhenyuw@linux.intel.com>
Subject: Re: [PATCH 4/5] drm/i915/gvt: Check if cur_pt_type is valid


On 2019-04-08 13:55, Aleksei Gimbitskii wrote:
> Static code analyzer warns that index value for scratch_pt may be 

> equal to -1. Index value type is intel_gvt_gtt_type_t, so it may be 

> any number at range -1 to 17. Check first if cur_pt_type and 

> cur_pt_type+1 is valid values.

>

> This patch fixed the critial issue #422 reported by klocwork.

>

> Signed-off-by: Aleksei Gimbitskii <aleksei.gimbitskii@intel.com>

> Cc: Zhenyu Wang <zhenyuw@linux.intel.com>

> Cc: Zhi Wang <zhi.a.wang@intel.com>

> ---

>   drivers/gpu/drm/i915/gvt/gtt.c | 9 ++++++++-

>   1 file changed, 8 insertions(+), 1 deletion(-)

>

> diff --git a/drivers/gpu/drm/i915/gvt/gtt.c 

> b/drivers/gpu/drm/i915/gvt/gtt.c index 8dcb6223b985..7dc09b389e59 

> 100644

> --- a/drivers/gpu/drm/i915/gvt/gtt.c

> +++ b/drivers/gpu/drm/i915/gvt/gtt.c

> @@ -936,7 +936,14 @@ static int 

> ppgtt_invalidate_spt_by_shadow_entry(struct intel_vgpu *vgpu,

>   

>   	if (e->type != GTT_TYPE_PPGTT_ROOT_L3_ENTRY

>   		&& e->type != GTT_TYPE_PPGTT_ROOT_L4_ENTRY) {

> -		cur_pt_type = get_next_pt_type(e->type) + 1;

> +		cur_pt_type = get_next_pt_type(e->type);

> +

> +		if (!gtt_type_is_pt(cur_pt_type) ||

> +				!gtt_type_is_pt(cur_pt_type + 1))

> +			return -EINVAL;


It's better to leave some dbgmsg for invalid type.

> +

> +		cur_pt_type += 1;

> +

>   		if (ops->get_pfn(e) ==

>   			vgpu->gtt.scratch_pt[cur_pt_type].page_mfn)

>   			return 0;


--
Best Regards,
Colin Xu

---------------------------------------------------------------------
Intel Finland Oy
Registered Address: PL 281, 00181 Helsinki 
Business Identity Code: 0357606 - 4 
Domiciled in Helsinki 

This e-mail and any attachments may contain confidential material for
the sole use of the intended recipient(s). Any review or distribution
by others is strictly prohibited. If you are not the intended
recipient, please contact the sender and delete all copies.