Hi Dan,
On 28/01/16 22:30, Dan Carpenter wrote:
Hello Tvrtko Ursulin,
The patch de1add360522: "drm/i915: Decouple execbuf uAPI from
internal implementation" from Jan 15, 2016, leads to the following
static checker warning:
drivers/gpu/drm/i915/i915_gem_execbuffer.c:1411 eb_select_ring()
warn: buffer overflow 'dev_priv->ring' 5 <= 16385
drivers/gpu/drm/i915/i915_gem_execbuffer.c
1397 if (user_ring_id == I915_EXEC_BSD && HAS_BSD2(dev_priv)) {
1398 unsigned int bsd_idx = args->flags & I915_EXEC_BSD_MASK;
1399
1400 if (bsd_idx == I915_EXEC_BSD_DEFAULT) {
1401 bsd_idx = gen8_dispatch_bsd_ring(dev_priv, file);
1402 } else if (bsd_idx >= I915_EXEC_BSD_RING1 &&
1403 bsd_idx <= I915_EXEC_BSD_RING2) {
1404 bsd_idx--;
^^^^^^^^^
This should probablye be "bsd_idx = (bsd_idx >> 13) - 1;" or something.
1405 } else {
1406 DRM_DEBUG("execbuf with unknown bsd ring: %u\n",
1407 bsd_idx);
1408 return -EINVAL;
1409 }
1410
1411 *ring = &dev_priv->ring[_VCS(bsd_idx)];
Otherwise we're way past the end of this array.
Yep, we have already found this and fixed it in "drm/i915: Fix VCS ring
selection after uapi decoupling".
Thanks for the report, it is very useful!
Regards,
Tvrtko
_______________________________________________
Intel-gfx mailing list
Intel-gfx@xxxxxxxxxxxxxxxxxxxxx
http://lists.freedesktop.org/mailman/listinfo/intel-gfx
