Quoting Matthew Auld (2021-01-20 10:47:14)
> Sanity check the object size before allocating a new gem object.
>
> Fixes: 97d553963250 ("drm/i915/region: convert object_create into object_init")
> Signed-off-by: Matthew Auld <matthew.auld@xxxxxxxxx>
> ---
> drivers/gpu/drm/i915/gem/i915_gem_region.c | 8 ++++----
> 1 file changed, 4 insertions(+), 4 deletions(-)
>
> diff --git a/drivers/gpu/drm/i915/gem/i915_gem_region.c b/drivers/gpu/drm/i915/gem/i915_gem_region.c
> index 4834a0b272f4..3e3dad22a683 100644
> --- a/drivers/gpu/drm/i915/gem/i915_gem_region.c
> +++ b/drivers/gpu/drm/i915/gem/i915_gem_region.c
> @@ -161,10 +161,6 @@ i915_gem_object_create_region(struct intel_memory_region *mem,
> GEM_BUG_ON(!size);
> GEM_BUG_ON(!IS_ALIGNED(size, I915_GTT_MIN_ALIGNMENT));
>
> - obj = i915_gem_object_alloc();
> - if (!obj)
> - return ERR_PTR(-ENOMEM);
> -
> /*
> * XXX: There is a prevalence of the assumption that we fit the
> * object's page count inside a 32bit _signed_ variable. Let's document
> @@ -178,6 +174,10 @@ i915_gem_object_create_region(struct intel_memory_region *mem,
> if (overflows_type(size, obj->base.size))
> return ERR_PTR(-E2BIG);
>
> + obj = i915_gem_object_alloc();
> + if (!obj)
> + return ERR_PTR(-ENOMEM);
My bad, I should have checked. It does remind me we really should drop
the INT_MAX << PAGE_SHIFT rejection at some point.
Ok, that was the only slip all the others have their parameter checking
before the alloc, with the few error paths that are after the alloc
doing cleanup.
Reviewed-by: Chris Wilson <chris@xxxxxxxxxxxxxxxxxx>
-Chris
_______________________________________________
Intel-gfx mailing list
Intel-gfx@xxxxxxxxxxxxxxxxxxxxx
https://lists.freedesktop.org/mailman/listinfo/intel-gfx
