Upon creating a partial view we should check that the offset + size is
valid relative to the size of the gem object.
v2:
(Tvrtko Ursulin)
- Don't use pages->nents to determine the page count
v3:
(Chris Wilson)
- Handle potential overflow
v4:
(Chris Wilson)
- Idiomatically handle overflow
- Less idiotic placement
- Treat as programmer error
Cc: Joonas Lahtinen <[email protected]>
Signed-off-by: Matthew Auld <[email protected]>
---
drivers/gpu/drm/i915/i915_gem_gtt.c | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/drivers/gpu/drm/i915/i915_gem_gtt.c
b/drivers/gpu/drm/i915/i915_gem_gtt.c
index fb0f963..593eb15 100644
--- a/drivers/gpu/drm/i915/i915_gem_gtt.c
+++ b/drivers/gpu/drm/i915/i915_gem_gtt.c
@@ -3356,6 +3356,14 @@ i915_gem_obj_lookup_or_create_ggtt_vma(struct
drm_i915_gem_object *obj,
if (WARN_ON(!view))
return ERR_PTR(-EINVAL);
+ if (view->type == I915_GGTT_VIEW_PARTIAL) {
+ unsigned int page_count = obj->base.size >> PAGE_SHIFT;
+ if (WARN_ON(view->params.partial.offset > page_count ||
+ view->params.partial.size > page_count -
+ view->params.partial.offset))
+ return ERR_PTR(-EINVAL);
+ }
+
vma = i915_gem_obj_to_ggtt_view(obj, view);
if (IS_ERR(vma))
--
2.4.3
_______________________________________________
Intel-gfx mailing list
[email protected]
https://lists.freedesktop.org/mailman/listinfo/intel-gfx
