On Tue, Mar 31, 2020 at 01:42:02PM +0100, Chris Wilson wrote: > When we allocate space in the GGTT we may have to allocate a larger > region than will be populated by the object to accommodate fencing. Make > sure that this space beyond the end of the buffer points safely into > scratch space, in case the HW tries to access it anyway (e.g. fenced > access to the last tile row). > > Reported-by: Imre Deak <imre.deak@xxxxxxxxx> > References: https://gitlab.freedesktop.org/drm/intel/-/issues/1554 > Signed-off-by: Chris Wilson <chris@xxxxxxxxxxxxxxxxxx> > Cc: Matthew Auld <matthew.auld@xxxxxxxxx> > Cc: Imre Deak <imre.deak@xxxxxxxxx> > Cc: stable@xxxxxxxxxxxxxxx Thanks, Reviewed-by: Imre Deak <imre.deak@xxxxxxxxx> > --- > drivers/gpu/drm/i915/gt/intel_ggtt.c | 17 ++++++++++++----- > 1 file changed, 12 insertions(+), 5 deletions(-) > > diff --git a/drivers/gpu/drm/i915/gt/intel_ggtt.c b/drivers/gpu/drm/i915/gt/intel_ggtt.c > index d8944dabed55..ad56059651b8 100644 > --- a/drivers/gpu/drm/i915/gt/intel_ggtt.c > +++ b/drivers/gpu/drm/i915/gt/intel_ggtt.c > @@ -191,10 +191,11 @@ static void gen8_ggtt_insert_entries(struct i915_address_space *vm, > enum i915_cache_level level, > u32 flags) > { > + const gen8_pte_t pte_encode = gen8_ggtt_pte_encode(0, level, 0); > struct i915_ggtt *ggtt = i915_vm_to_ggtt(vm); > struct sgt_iter sgt_iter; > - gen8_pte_t __iomem *gtt_entries; > - const gen8_pte_t pte_encode = gen8_ggtt_pte_encode(0, level, 0); > + gen8_pte_t __iomem *gte; > + gen8_pte_t __iomem *end; > dma_addr_t addr; > > /* > @@ -202,10 +203,16 @@ static void gen8_ggtt_insert_entries(struct i915_address_space *vm, > * not to allow the user to override access to a read only page. > */ > > - gtt_entries = (gen8_pte_t __iomem *)ggtt->gsm; > - gtt_entries += vma->node.start / I915_GTT_PAGE_SIZE; > + gte = (gen8_pte_t __iomem *)ggtt->gsm; > + gte += vma->node.start / I915_GTT_PAGE_SIZE; > + end = gte + vma->node.size / I915_GTT_PAGE_SIZE; > for_each_sgt_daddr(addr, sgt_iter, vma->pages) > - gen8_set_pte(gtt_entries++, pte_encode | addr); > + gen8_set_pte(gte++, pte_encode | addr); > + GEM_BUG_ON(gte > end); > + > + /* Fill the allocated but "unused" space beyond the end of the buffer */ > + while (gte < end) > + gen8_set_pte(gte++, vm->scratch[0].encode); > > /* > * We want to flush the TLBs only after we're certain all the PTE > -- > 2.20.1 >