Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S966752AbbDVQps (ORCPT <rfc822;w@1wt.eu>);
	Wed, 22 Apr 2015 12:45:48 -0400
Received: from mga03.intel.com ([134.134.136.65]:11355 "EHLO mga03.intel.com"
	rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
	id S966100AbbDVQpm (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
	Wed, 22 Apr 2015 12:45:42 -0400
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="5.11,624,1422950400"; 
   d="scan'208";a="699262970"
From: Mika Kuoppala <mika.kuoppala@linux.intel.com>
To: torvalds@linux-foundation.org, daniel.vetter@intel.com,
        jani.nikula@linux.intel.com, airlied@linux.ie, ben@bwidawsk.net
Cc: intel-gfx@lists.freedesktop.org, linux-kernel@vger.kernel.org,
        Chris Wilson <chris@chris-wilson.co.uk>,
        Michel Thierry <michel.thierry@intel.com>
Subject: [PATCH] drm/i915: Add checks to i915_bind_vma
Date: Wed, 22 Apr 2015 19:45:11 +0300
Message-Id: <1429721111-22845-1-git-send-email-mika.kuoppala@intel.com>
X-Mailer: git-send-email 1.9.1
In-Reply-To: <CA+55aFyTY1i9PtRH4DqSKWcpQog+EzXKftirHh_2-17k41szhQ@mail.gmail.com>
References: <CA+55aFyTY1i9PtRH4DqSKWcpQog+EzXKftirHh_2-17k41szhQ@mail.gmail.com>
Sender: linux-kernel-owner@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
Content-Length: 1852
Lines: 52

The current aliasing ppgtt implementation allocates
the page table structures on driver initialization
for the entire vm address space. Earlier the page tables
were allocated as array of struct pages, but introduction
of dynamic allocation of page structures changed the page
tables to be inside a page directory.

We have a detailed bug report where traversing of tables and
deferencing page_table[pte]->page oopses. This indicates that
our pre allocation of page tables has failed or that we get
corrupt vma which does not fit inside the vm area and throws
pte > 511.

Add more checks to catch the latter. Warn and bail out if
we get vma which is out of bounds for binding.

v2: Check vma node early (Chris)

Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Chris Wilson <chris@chris-wilson.co.uk>
Cc: Michel Thierry <michel.thierry@intel.com>
Signed-off-by: Mika Kuoppala <mika.kuoppala@intel.com>
---
 drivers/gpu/drm/i915/i915_gem_gtt.c | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/drivers/gpu/drm/i915/i915_gem_gtt.c b/drivers/gpu/drm/i915/i915_gem_gtt.c
index 0239fbf..2ffa8f6 100644
--- a/drivers/gpu/drm/i915/i915_gem_gtt.c
+++ b/drivers/gpu/drm/i915/i915_gem_gtt.c
@@ -2746,6 +2746,13 @@ i915_get_ggtt_vma_pages(struct i915_vma *vma)
 int i915_vma_bind(struct i915_vma *vma, enum i915_cache_level cache_level,
 		  u32 flags)
 {
+
+	if (WARN_ON(!drm_mm_node_allocated(&vma->node)))
+		return -EINVAL;
+
+	if (WARN_ON(vma->node.start > vma->vm->total - vma->node.size))
+		return -EINVAL;
+
 	if (i915_is_ggtt(vma->vm)) {
 		int ret = i915_get_ggtt_vma_pages(vma);
 
-- 
1.9.1

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/