On 27/06/2022 18:35, Ramalingam C wrote:
When calculating the starting address for ccs data in smem scatterlist,
handle the NULL pointer returned from sg_next, incase of scatterlist
less than required size..
Do we have some more information on how we can hit this? Is this a
programmer error? Do we have a testcase?
Signed-off-by: Ramalingam C <ramalingam.c@xxxxxxxxx>
---
drivers/gpu/drm/i915/gt/intel_migrate.c | 13 ++++++++++---
1 file changed, 10 insertions(+), 3 deletions(-)
diff --git a/drivers/gpu/drm/i915/gt/intel_migrate.c b/drivers/gpu/drm/i915/gt/intel_migrate.c
index 2c35324b5f68..c206fb4f4186 100644
--- a/drivers/gpu/drm/i915/gt/intel_migrate.c
+++ b/drivers/gpu/drm/i915/gt/intel_migrate.c
@@ -669,7 +669,7 @@ calculate_chunk_sz(struct drm_i915_private *i915, bool src_is_lmem,
}
}
-static void get_ccs_sg_sgt(struct sgt_dma *it, u32 bytes_to_cpy)
+static int get_ccs_sg_sgt(struct sgt_dma *it, u32 bytes_to_cpy)
{
u32 len;
@@ -684,9 +684,13 @@ static void get_ccs_sg_sgt(struct sgt_dma *it, u32 bytes_to_cpy)
bytes_to_cpy -= len;
it->sg = __sg_next(it->sg);
+ if (!it->sg)
+ return -EINVAL;
it->dma = sg_dma_address(it->sg);
it->max = it->dma + sg_dma_len(it->sg);
} while (bytes_to_cpy);
+
+ return 0;
}
int
@@ -745,8 +749,11 @@ intel_context_migrate_copy(struct intel_context *ce,
* Need to fix it.
*/
ccs_bytes_to_cpy = src_sz != dst_sz ? GET_CCS_BYTES(i915, bytes_to_cpy) : 0;
- if (ccs_bytes_to_cpy)
- get_ccs_sg_sgt(&it_ccs, bytes_to_cpy);
+ if (ccs_bytes_to_cpy) {
+ err = get_ccs_sg_sgt(&it_ccs, bytes_to_cpy);
+ if (err)
+ return err;
+ }
}
src_offset = 0;