From 520f8350364dc0f1cfcb82360f9e22400dd7887d Mon Sep 17 00:00:00 2001 From: Matthew Auld Date: Fri, 6 Mar 2020 09:47:35 +0000 Subject: drm/i915: properly sanity check batch_start_offset Check the edge case where batch_start_offset sits exactly on the batch size. v2: add new range_overflows variant to capture the special case where the size is permitted to be zero, like with batch_len. v3: other way around. the common case is the exclusive one which should just be >=, with that we then just need to convert the three odd ball cases that don't apply to use the new inclusive _end version. Testcase: igt/gem_exec_params/invalid-batch-start-offset Fixes: 0b5372727be3 ("drm/i915/cmdparser: Use cached vmappings") Signed-off-by: Matthew Auld Cc: Mika Kuoppala Cc: Chris Wilson Signed-off-by: Chris Wilson Link: https://patchwork.freedesktop.org/patch/msgid/20200306094735.258285-1-matthew.auld@intel.com --- drivers/gpu/drm/i915/i915_utils.h | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) (limited to 'drivers/gpu/drm/i915/i915_utils.h') diff --git a/drivers/gpu/drm/i915/i915_utils.h b/drivers/gpu/drm/i915/i915_utils.h index 024a9e224ff3..26f3a4a50b40 100644 --- a/drivers/gpu/drm/i915/i915_utils.h +++ b/drivers/gpu/drm/i915/i915_utils.h @@ -102,12 +102,24 @@ bool i915_error_injected(void); typeof(max) max__ = (max); \ (void)(&start__ == &size__); \ (void)(&start__ == &max__); \ - start__ > max__ || size__ > max__ - start__; \ + start__ >= max__ || size__ > max__ - start__; \ }) #define range_overflows_t(type, start, size, max) \ range_overflows((type)(start), (type)(size), (type)(max)) +#define range_overflows_end(start, size, max) ({ \ + typeof(start) start__ = (start); \ + typeof(size) size__ = (size); \ + typeof(max) max__ = (max); \ + (void)(&start__ == &size__); \ + (void)(&start__ == &max__); \ + start__ > max__ || size__ > max__ - start__; \ +}) + +#define range_overflows_end_t(type, start, size, max) \ + range_overflows_end((type)(start), (type)(size), (type)(max)) + /* Note we don't consider signbits :| */ #define overflows_type(x, T) \ (sizeof(x) > sizeof(T) && (x) >> BITS_PER_TYPE(T)) -- cgit