Matthew Auld <matthew.auld@xxxxxxxxx> writes:
> Check the edge case where batch_start_offset sits exactly on the batch
> size.
>
> Testcase: igt/gem_exec_params/invalid-batch-start-offset
> Fixes: 0b5372727be3 ("drm/i915/cmdparser: Use cached vmappings")
> Signed-off-by: Matthew Auld <matthew.auld@xxxxxxxxx>
> Cc: Chris Wilson <chris@xxxxxxxxxxxxxxxxxx>
> ---
> drivers/gpu/drm/i915/gem/i915_gem_execbuffer.c | 3 ++-
> 1 file changed, 2 insertions(+), 1 deletion(-)
>
> diff --git a/drivers/gpu/drm/i915/gem/i915_gem_execbuffer.c b/drivers/gpu/drm/i915/gem/i915_gem_execbuffer.c
> index 7bb27f382af7..5247de18a3d0 100644
> --- a/drivers/gpu/drm/i915/gem/i915_gem_execbuffer.c
> +++ b/drivers/gpu/drm/i915/gem/i915_gem_execbuffer.c
> @@ -2714,7 +2714,8 @@ i915_gem_do_execbuffer(struct drm_device *dev,
> goto err_vma;
> }
>
> - if (range_overflows_t(u64,
> + if (eb.batch_start_offset == eb.batch->vma->size ||
> + range_overflows_t(u64,
> eb.batch_start_offset, eb.batch_len,
Can we sanitize the batch_len apriori?
Not that this would not work,
Reviewed-by: Mika Kuoppala <mika.kuoppala@xxxxxxxxxxxxxxx>
> eb.batch->vma->size)) {
> drm_dbg(&i915->drm, "Attempting to use out-of-bounds batch\n");
> --
> 2.20.1
>
> _______________________________________________
> Intel-gfx mailing list
> Intel-gfx@xxxxxxxxxxxxxxxxxxxxx
> https://lists.freedesktop.org/mailman/listinfo/intel-gfx
_______________________________________________
Intel-gfx mailing list
Intel-gfx@xxxxxxxxxxxxxxxxxxxxx
https://lists.freedesktop.org/mailman/listinfo/intel-gfx
