Re: [Intel-gfx] [PATCH v3 1/3] drm/i915/gt: BUG_ON unexpected NULL at scatterlist walking

[Jani Nikula]

On Mon, 02 May 2022, Ramalingam C  wrote:
> While locating the start of ccs scatterlist in smem scatterlist, that has
> to be the size of lmem obj size + corresponding ccs data size, report bug
> if scatterlist terminate before that length.
>
> v2:
>   s/GEM_BUG_ON/BUG_ON with more commenting [Matt]
> v3:
>   Converted GEM_BUG_ON into BUG_ON with more documentation [Matt]
>
> Signed-off-by: Ramalingam C 
> Reviewed-by: Matthew Auld  (v1)
> ---
>  drivers/gpu/drm/i915/gt/intel_migrate.c | 14 +-
>  1 file changed, 13 insertions(+), 1 deletion(-)
>
> diff --git a/drivers/gpu/drm/i915/gt/intel_migrate.c 
> b/drivers/gpu/drm/i915/gt/intel_migrate.c
> index 9d552f30b627..168d17b6f48a 100644
> --- a/drivers/gpu/drm/i915/gt/intel_migrate.c
> +++ b/drivers/gpu/drm/i915/gt/intel_migrate.c
> @@ -687,6 +687,16 @@ static void get_ccs_sg_sgt(struct sgt_dma *it, u32 
> bytes_to_cpy)
>   bytes_to_cpy -= len;
>  
>   it->sg = __sg_next(it->sg);
> +
> + /*
> +  * On Flat-CCS capable platform when we back the lmem pages with
> +  * smem pages we add extra pages at the end of the smem
> +  * scatterlist, to store the ccs data corresponding to the lmem
> +  * pages. get_ccs_sg_sgt() is called to get the pointer for the
> +  * start of the extra pages added at the end of smem 
> scatterlist.
> +  * So scatterlist can't end at or before bytes_to_cpy.
> +  */
> + BUG_ON(!it->sg);

Why would you have to bring the entire kernel down in this case? Why not
just let it oops on the NULL pointer dereference?

I'd prefer nuking *all* of the current BUG/BUG_ON in the driver, and not
add any single one back.


BR,
Jani.


>   it->dma = sg_dma_address(it->sg);
>   it->max = it->dma + sg_dma_len(it->sg);
>   } while (bytes_to_cpy);
> @@ -748,8 +758,10 @@ intel_context_migrate_copy(struct intel_context *ce,
>* Need to fix it.
>*/
>   ccs_bytes_to_cpy = src_sz != dst_sz ? GET_CCS_BYTES(i915, 
> bytes_to_cpy) : 0;
> - if (ccs_bytes_to_cpy)
> + if (ccs_bytes_to_cpy) {
> + WARN_ON(abs(src_sz - dst_sz) < ccs_bytes_to_cpy);
>   get_ccs_sg_sgt(_ccs, bytes_to_cpy);
> + }
>   }
>  
>   src_offset = 0;

-- 
Jani Nikula, Intel Open Source Graphics Center

[Intel-gfx] [PATCH v3 1/3] drm/i915/gt: BUG_ON unexpected NULL at scatterlist walking

[Ramalingam C]

While locating the start of ccs scatterlist in smem scatterlist, that has
to be the size of lmem obj size + corresponding ccs data size, report bug
if scatterlist terminate before that length.

v2:
  s/GEM_BUG_ON/BUG_ON with more commenting [Matt]
v3:
  Converted GEM_BUG_ON into BUG_ON with more documentation [Matt]

Signed-off-by: Ramalingam C 
Reviewed-by: Matthew Auld  (v1)
---
 drivers/gpu/drm/i915/gt/intel_migrate.c | 14 +-
 1 file changed, 13 insertions(+), 1 deletion(-)

diff --git a/drivers/gpu/drm/i915/gt/intel_migrate.c 
b/drivers/gpu/drm/i915/gt/intel_migrate.c
index 9d552f30b627..168d17b6f48a 100644
--- a/drivers/gpu/drm/i915/gt/intel_migrate.c
+++ b/drivers/gpu/drm/i915/gt/intel_migrate.c
@@ -687,6 +687,16 @@ static void get_ccs_sg_sgt(struct sgt_dma *it, u32 
bytes_to_cpy)
bytes_to_cpy -= len;
 
it->sg = __sg_next(it->sg);
+
+   /*
+* On Flat-CCS capable platform when we back the lmem pages with
+* smem pages we add extra pages at the end of the smem
+* scatterlist, to store the ccs data corresponding to the lmem
+* pages. get_ccs_sg_sgt() is called to get the pointer for the
+* start of the extra pages added at the end of smem 
scatterlist.
+* So scatterlist can't end at or before bytes_to_cpy.
+*/
+   BUG_ON(!it->sg);
it->dma = sg_dma_address(it->sg);
it->max = it->dma + sg_dma_len(it->sg);
} while (bytes_to_cpy);
@@ -748,8 +758,10 @@ intel_context_migrate_copy(struct intel_context *ce,
 * Need to fix it.
 */
ccs_bytes_to_cpy = src_sz != dst_sz ? GET_CCS_BYTES(i915, 
bytes_to_cpy) : 0;
-   if (ccs_bytes_to_cpy)
+   if (ccs_bytes_to_cpy) {
+   WARN_ON(abs(src_sz - dst_sz) < ccs_bytes_to_cpy);
get_ccs_sg_sgt(_ccs, bytes_to_cpy);
+   }
}
 
src_offset = 0;
-- 
2.20.1