[V2,4/6] drm/i915/gvt: Check if cur_pt_type is valid

Submitted by Aleksei Gimbitskii on April 11, 2019, 10:46 a.m.

Details

Message ID 20190411104631.7627-5-aleksei.gimbitskii@intel.com
State New
Headers show
Series "Fix issues reported by klocwork" ( rev: 1 ) in Intel GVT devel

Not browsing as part of any series.

Commit Message

Aleksei Gimbitskii April 11, 2019, 10:46 a.m.
Static code analyzer warns that index value for scratch_pt may be equal
to -1. Index value type is intel_gvt_gtt_type_t, so it may be any number
at range -1 to 17. Check first if cur_pt_type and cur_pt_type+1 is valid
values.

v2:
 - Print some error messages if page table type is invalid. (Colin Xu)

This patch fixed the critial issue #422 reported by klocwork.

Signed-off-by: Aleksei Gimbitskii <aleksei.gimbitskii@intel.com>
Cc: Zhenyu Wang <zhenyuw@linux.intel.com>
Cc: Zhi Wang <zhi.a.wang@intel.com>
Cc: Colin Xu <colin.xu@intel.com>
---
 drivers/gpu/drm/i915/gvt/gtt.c | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

Patch hide | download patch | download mbox

diff --git a/drivers/gpu/drm/i915/gvt/gtt.c b/drivers/gpu/drm/i915/gvt/gtt.c
index 8dcb6223b985..e44ddb328b4b 100644
--- a/drivers/gpu/drm/i915/gvt/gtt.c
+++ b/drivers/gpu/drm/i915/gvt/gtt.c
@@ -936,7 +936,16 @@  static int ppgtt_invalidate_spt_by_shadow_entry(struct intel_vgpu *vgpu,
 
 	if (e->type != GTT_TYPE_PPGTT_ROOT_L3_ENTRY
 		&& e->type != GTT_TYPE_PPGTT_ROOT_L4_ENTRY) {
-		cur_pt_type = get_next_pt_type(e->type) + 1;
+		cur_pt_type = get_next_pt_type(e->type);
+
+		if (!gtt_type_is_pt(cur_pt_type) ||
+				!gtt_type_is_pt(cur_pt_type + 1)) {
+			WARN(1, "Invalid page table type\n");
+			return -EINVAL;
+		}
+
+		cur_pt_type += 1;
+
 		if (ops->get_pfn(e) ==
 			vgpu->gtt.scratch_pt[cur_pt_type].page_mfn)
 			return 0;

Comments

On 2019-04-11 18:46, Aleksei Gimbitskii wrote:
> Static code analyzer warns that index value for scratch_pt may be equal
> to -1. Index value type is intel_gvt_gtt_type_t, so it may be any number
> at range -1 to 17. Check first if cur_pt_type and cur_pt_type+1 is valid
> values.
>
> v2:
>   - Print some error messages if page table type is invalid. (Colin Xu)
>
> This patch fixed the critial issue #422 reported by klocwork.
>
> Signed-off-by: Aleksei Gimbitskii <aleksei.gimbitskii@intel.com>
> Cc: Zhenyu Wang <zhenyuw@linux.intel.com>
> Cc: Zhi Wang <zhi.a.wang@intel.com>
> Cc: Colin Xu <colin.xu@intel.com>
> ---
>   drivers/gpu/drm/i915/gvt/gtt.c | 11 ++++++++++-
>   1 file changed, 10 insertions(+), 1 deletion(-)
>
> diff --git a/drivers/gpu/drm/i915/gvt/gtt.c b/drivers/gpu/drm/i915/gvt/gtt.c
> index 8dcb6223b985..e44ddb328b4b 100644
> --- a/drivers/gpu/drm/i915/gvt/gtt.c
> +++ b/drivers/gpu/drm/i915/gvt/gtt.c
> @@ -936,7 +936,16 @@ static int ppgtt_invalidate_spt_by_shadow_entry(struct intel_vgpu *vgpu,
>   
>   	if (e->type != GTT_TYPE_PPGTT_ROOT_L3_ENTRY
>   		&& e->type != GTT_TYPE_PPGTT_ROOT_L4_ENTRY) {
> -		cur_pt_type = get_next_pt_type(e->type) + 1;
> +		cur_pt_type = get_next_pt_type(e->type);
> +
> +		if (!gtt_type_is_pt(cur_pt_type) ||
> +				!gtt_type_is_pt(cur_pt_type + 1)) {
> +			WARN(1, "Invalid page table type\n");
It will be better if include cur_pt_type in the warning.
> +			return -EINVAL;
> +		}
> +
> +		cur_pt_type += 1;
> +
>   		if (ops->get_pfn(e) ==
>   			vgpu->gtt.scratch_pt[cur_pt_type].page_mfn)
>   			return 0;