Re: [PATCH v3 1/3] drm/i915/gt: BUG_ON unexpected NULL at scatterlist walking

Jani Nikula <jani.nikula@xxxxxxxxxxxxxxx> · Mon, 02 May 2022 19:45:35 +0300

On Mon, 02 May 2022, Ramalingam C <ramalingam.c@xxxxxxxxx> wrote:
> While locating the start of ccs scatterlist in smem scatterlist, that has
> to be the size of lmem obj size + corresponding ccs data size, report bug
> if scatterlist terminate before that length.
>
> v2:
>   s/GEM_BUG_ON/BUG_ON with more commenting [Matt]
> v3:
>   Converted GEM_BUG_ON into BUG_ON with more documentation [Matt]
>
> Signed-off-by: Ramalingam C <ramalingam.c@xxxxxxxxx>
> Reviewed-by: Matthew Auld <matthew.auld@xxxxxxxxx> (v1)
> ---
>  drivers/gpu/drm/i915/gt/intel_migrate.c | 14 +++++++++++++-
>  1 file changed, 13 insertions(+), 1 deletion(-)
>
> diff --git a/drivers/gpu/drm/i915/gt/intel_migrate.c b/drivers/gpu/drm/i915/gt/intel_migrate.c
> index 9d552f30b627..168d17b6f48a 100644
> --- a/drivers/gpu/drm/i915/gt/intel_migrate.c
> +++ b/drivers/gpu/drm/i915/gt/intel_migrate.c
> @@ -687,6 +687,16 @@ static void get_ccs_sg_sgt(struct sgt_dma *it, u32 bytes_to_cpy)
>  		bytes_to_cpy -= len;
>  
>  		it->sg = __sg_next(it->sg);
> +
> +		/*
> +		 * On Flat-CCS capable platform when we back the lmem pages with
> +		 * smem pages we add extra pages at the end of the smem
> +		 * scatterlist, to store the ccs data corresponding to the lmem
> +		 * pages. get_ccs_sg_sgt() is called to get the pointer for the
> +		 * start of the extra pages added at the end of smem scatterlist.
> +		 * So scatterlist can't end at or before bytes_to_cpy.
> +		 */
> +		BUG_ON(!it->sg);

Why would you have to bring the entire kernel down in this case? Why not
just let it oops on the NULL pointer dereference?

I'd prefer nuking *all* of the current BUG/BUG_ON in the driver, and not
add any single one back.

BR,
Jani.

>  		it->dma = sg_dma_address(it->sg);
>  		it->max = it->dma + sg_dma_len(it->sg);
>  	} while (bytes_to_cpy);
> @@ -748,8 +758,10 @@ intel_context_migrate_copy(struct intel_context *ce,
>  		 * Need to fix it.
>  		 */
>  		ccs_bytes_to_cpy = src_sz != dst_sz ? GET_CCS_BYTES(i915, bytes_to_cpy) : 0;
> -		if (ccs_bytes_to_cpy)
> +		if (ccs_bytes_to_cpy) {
> +			WARN_ON(abs(src_sz - dst_sz) < ccs_bytes_to_cpy);
>  			get_ccs_sg_sgt(&it_ccs, bytes_to_cpy);
> +		}
>  	}
>  
>  	src_offset = 0;

-- 
Jani Nikula, Intel Open Source Graphics Center