[V2,6/6] drm/i915/gvt: Check if get_next_pt_type() always returns a valid value

Submitted by Aleksei Gimbitskii on April 11, 2019, 10:46 a.m.

Details

Message ID 20190411104631.7627-7-aleksei.gimbitskii@intel.com
State New
Headers show
Series "Fix issues reported by klocwork" ( rev: 1 ) in Intel GVT devel

Not browsing as part of any series.

Commit Message

Aleksei Gimbitskii April 11, 2019, 10:46 a.m.
According to gtt_type_table[] function get_next_pt_type() may returns
GTT_TYPE_INVALID in some cases. To prevent driver to try to create memory
page with invalid data type, additional check is added.

Signed-off-by: Aleksei Gimbitskii <aleksei.gimbitskii@intel.com>
Cc: Zhenyu Wang <zhenyuw@linux.intel.com>
Cc: Zhi Wang <zhi.a.wang@intel.com>
Cc: Colin Xu <colin.xu@intel.com>
---
 drivers/gpu/drm/i915/gvt/gtt.c | 3 +++
 1 file changed, 3 insertions(+)

Patch hide | download patch | download mbox

diff --git a/drivers/gpu/drm/i915/gvt/gtt.c b/drivers/gpu/drm/i915/gvt/gtt.c
index 95cd8f25d6f9..c93e7a3a7f36 100644
--- a/drivers/gpu/drm/i915/gvt/gtt.c
+++ b/drivers/gpu/drm/i915/gvt/gtt.c
@@ -1079,6 +1079,9 @@  static struct intel_vgpu_ppgtt_spt *ppgtt_populate_spt_by_guest_entry(
 	} else {
 		int type = get_next_pt_type(we->type);
 
+		if (!gtt_type_is_pt(type))
+			goto err;
+
 		spt = ppgtt_alloc_spt_gfn(vgpu, type, ops->get_pfn(we), ips);
 		if (IS_ERR(spt)) {
 			ret = PTR_ERR(spt);

Comments

On 2019-04-11 18:46, Aleksei Gimbitskii wrote:
> According to gtt_type_table[] function get_next_pt_type() may returns
> GTT_TYPE_INVALID in some cases. To prevent driver to try to create memory
> page with invalid data type, additional check is added.
>
> Signed-off-by: Aleksei Gimbitskii <aleksei.gimbitskii@intel.com>
> Cc: Zhenyu Wang <zhenyuw@linux.intel.com>
> Cc: Zhi Wang <zhi.a.wang@intel.com>
> Cc: Colin Xu <colin.xu@intel.com>
> ---
>   drivers/gpu/drm/i915/gvt/gtt.c | 3 +++
>   1 file changed, 3 insertions(+)
>
> diff --git a/drivers/gpu/drm/i915/gvt/gtt.c b/drivers/gpu/drm/i915/gvt/gtt.c
> index 95cd8f25d6f9..c93e7a3a7f36 100644
> --- a/drivers/gpu/drm/i915/gvt/gtt.c
> +++ b/drivers/gpu/drm/i915/gvt/gtt.c
> @@ -1079,6 +1079,9 @@ static struct intel_vgpu_ppgtt_spt *ppgtt_populate_spt_by_guest_entry(
>   	} else {
>   		int type = get_next_pt_type(we->type);
>   
> +		if (!gtt_type_is_pt(type))
> +			goto err;
> +

Logically it's OK since it guarantees valid spt->shadow_page.type or spt->guest_page.type.

I'm still not sure which way to change is better, see comments in [patch v2 1/6].
Looking forward comments from others.

>   		spt = ppgtt_alloc_spt_gfn(vgpu, type, ops->get_pfn(we), ips);
>   		if (IS_ERR(spt)) {
>   			ret = PTR_ERR(spt);