On Wed, Dec 28, 2022 at 04:25:27PM +0200, Gwan-gyeong Mun wrote: > This patch series fixes integer overflow or integer truncation issues in > page lookups, ttm place configuration and scatterlist creation, etc. > We need to check that we avoid integer overflows when looking up a page, > and so fix all the instances where we have mistakenly used a plain integer > instead of a more suitable long. > And there is an impedance mismatch between the scatterlist API using > unsigned int and our memory/page accounting in unsigned long. That is we > may try to create a scatterlist for a large object that overflows returning > a small table into which we try to fit very many pages. As the object size > is under the control of userspace, we have to be prudent and catch the > conversion errors. To catch the implicit truncation as we switch from > unsigned long into the scatterlist's unsigned int, we use improved > overflows_type check and report E2BIG prior to the operation. This is > already used in our create ioctls to indicate if the uABI request is simply > too large for the backing store. > And ttm place also has the same problem with scatterlist creation, > and we fix the integer truncation problem with the way approached by > scatterlist creation. > And It corrects the error code to return -E2BIG when creating gem objects > using ttm or shmem, if the size is too large in each case. > > Linux 6.2 rc1 merged into drm-tip. I resend the same patch series as the > previous version, except for one patch[1] included in Linux 6.2 rc1 from > the previous v15 patch series. v6.2-rc1 is on drm-tip through drm-intel-fixes and topic/core-for-CI. But if this series depends on a patch in the v6.2-rc1 we need to wait drm-next to backmerge it, then we backmerge drm-next into drm-intel-next and drm-intel-gt-next. Only then we can merge this series. > > There is no difference in the code from the previous version [2] that was > updated to v15 version. And it has already been confirmed by the CI results > of v15 that there is no regression caused by this patch series. > > [1] https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/commit/?id=4b21d25bf519c9487935a664886956bb18f04f6d > [2] https://patchwork.freedesktop.org/series/111963/ > > Chris Wilson (3): > drm/i915/gem: Typecheck page lookups > drm/i915: Check for integer truncation on scatterlist creation > drm/i915: Remove truncation warning for large objects > > Gwan-gyeong Mun (3): > drm/i915: Check for integer truncation on the configuration of ttm > place > drm/i915: Check if the size is too big while creating shmem file > drm/i915: Use error code as -E2BIG when the size of gem ttm object is > too large > > drivers/gpu/drm/i915/gem/i915_gem_internal.c | 7 +- > drivers/gpu/drm/i915/gem/i915_gem_object.c | 7 +- > drivers/gpu/drm/i915/gem/i915_gem_object.h | 303 +++++++++++++++--- > drivers/gpu/drm/i915/gem/i915_gem_pages.c | 27 +- > drivers/gpu/drm/i915/gem/i915_gem_phys.c | 4 + > drivers/gpu/drm/i915/gem/i915_gem_shmem.c | 23 +- > drivers/gpu/drm/i915/gem/i915_gem_ttm.c | 20 +- > drivers/gpu/drm/i915/gem/i915_gem_userptr.c | 6 +- > .../drm/i915/gem/selftests/huge_gem_object.c | 6 +- > .../gpu/drm/i915/gem/selftests/huge_pages.c | 8 + > .../drm/i915/gem/selftests/i915_gem_context.c | 12 +- > .../drm/i915/gem/selftests/i915_gem_mman.c | 8 +- > .../drm/i915/gem/selftests/i915_gem_object.c | 8 +- > drivers/gpu/drm/i915/gvt/dmabuf.c | 10 +- > drivers/gpu/drm/i915/i915_gem.c | 18 +- > drivers/gpu/drm/i915/i915_scatterlist.c | 9 + > drivers/gpu/drm/i915/i915_vma.c | 8 +- > drivers/gpu/drm/i915/intel_region_ttm.c | 14 + > drivers/gpu/drm/i915/selftests/i915_gem_gtt.c | 4 + > drivers/gpu/drm/i915/selftests/scatterlist.c | 4 + > 20 files changed, 420 insertions(+), 86 deletions(-) > > -- > 2.37.1 >