[v4,1/2] drm/i915/gvt: Check if cur_pt_type is valid

Submitted by Aleksei Gimbitskii on May 2, 2019, 9:59 a.m.

Details

Message ID 20190502095922.31917-2-aleksei.gimbitskii@intel.com
State New
Headers show
Series "Fix issues reported by klocwork" ( rev: 3 ) in Intel GVT devel

Not browsing as part of any series.

Commit Message

Aleksei Gimbitskii May 2, 2019, 9:59 a.m.
Static code analyzer warns that index value for scratch_pt may be equal
to -1. Index value type is intel_gvt_gtt_type_t, so it may be any number
at range -1 to 17. Check first if cur_pt_type and cur_pt_type+1 is valid
values.

v2:
 - Print some error messages if page table type is invalid. (Colin Xu)

v4:
 - Print cur_pt_type in error message. (Colin Xu)

This patch fixed the critial issue #422 reported by klocwork.

Signed-off-by: Aleksei Gimbitskii <aleksei.gimbitskii@intel.com>
Cc: Zhenyu Wang <zhenyuw@linux.intel.com>
Cc: Zhi Wang <zhi.a.wang@intel.com>
Cc: Colin Xu <colin.xu@intel.com>
---
 drivers/gpu/drm/i915/gvt/gtt.c | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

Patch hide | download patch | download mbox

diff --git a/drivers/gpu/drm/i915/gvt/gtt.c b/drivers/gpu/drm/i915/gvt/gtt.c
index 08c74e65836b..7e61396a65c6 100644
--- a/drivers/gpu/drm/i915/gvt/gtt.c
+++ b/drivers/gpu/drm/i915/gvt/gtt.c
@@ -942,7 +942,16 @@  static int ppgtt_invalidate_spt_by_shadow_entry(struct intel_vgpu *vgpu,
 
 	if (e->type != GTT_TYPE_PPGTT_ROOT_L3_ENTRY
 		&& e->type != GTT_TYPE_PPGTT_ROOT_L4_ENTRY) {
-		cur_pt_type = get_next_pt_type(e->type) + 1;
+		cur_pt_type = get_next_pt_type(e->type);
+
+		if (!gtt_type_is_pt(cur_pt_type) ||
+				!gtt_type_is_pt(cur_pt_type + 1)) {
+			WARN(1, "Invalid page table type, cur_pt_type is: %d\n", cur_pt_type);
+			return -EINVAL;
+		}
+
+		cur_pt_type += 1;
+
 		if (ops->get_pfn(e) ==
 			vgpu->gtt.scratch_pt[cur_pt_type].page_mfn)
 			return 0;

Comments

Acked-by: Colin Xu <colin.xu@intel.com>

I'm OK with the change. Zhenyu has some comments in v3 see if he has 
more comments in v4. Thanks.

On 2019-05-02 17:59, Aleksei Gimbitskii wrote:
> Static code analyzer warns that index value for scratch_pt may be equal
> to -1. Index value type is intel_gvt_gtt_type_t, so it may be any number
> at range -1 to 17. Check first if cur_pt_type and cur_pt_type+1 is valid
> values.
>
> v2:
>   - Print some error messages if page table type is invalid. (Colin Xu)
>
> v4:
>   - Print cur_pt_type in error message. (Colin Xu)
>
> This patch fixed the critial issue #422 reported by klocwork.
>
> Signed-off-by: Aleksei Gimbitskii <aleksei.gimbitskii@intel.com>
> Cc: Zhenyu Wang <zhenyuw@linux.intel.com>
> Cc: Zhi Wang <zhi.a.wang@intel.com>
> Cc: Colin Xu <colin.xu@intel.com>
> ---
>   drivers/gpu/drm/i915/gvt/gtt.c | 11 ++++++++++-
>   1 file changed, 10 insertions(+), 1 deletion(-)
>
> diff --git a/drivers/gpu/drm/i915/gvt/gtt.c b/drivers/gpu/drm/i915/gvt/gtt.c
> index 08c74e65836b..7e61396a65c6 100644
> --- a/drivers/gpu/drm/i915/gvt/gtt.c
> +++ b/drivers/gpu/drm/i915/gvt/gtt.c
> @@ -942,7 +942,16 @@ static int ppgtt_invalidate_spt_by_shadow_entry(struct intel_vgpu *vgpu,
>   
>   	if (e->type != GTT_TYPE_PPGTT_ROOT_L3_ENTRY
>   		&& e->type != GTT_TYPE_PPGTT_ROOT_L4_ENTRY) {
> -		cur_pt_type = get_next_pt_type(e->type) + 1;
> +		cur_pt_type = get_next_pt_type(e->type);
> +
> +		if (!gtt_type_is_pt(cur_pt_type) ||
> +				!gtt_type_is_pt(cur_pt_type + 1)) {
> +			WARN(1, "Invalid page table type, cur_pt_type is: %d\n", cur_pt_type);
> +			return -EINVAL;
> +		}
> +
> +		cur_pt_type += 1;
> +
>   		if (ops->get_pfn(e) ==
>   			vgpu->gtt.scratch_pt[cur_pt_type].page_mfn)
>   			return 0;