On Fri, Aug 04, 2017 at 06:13:42PM +0100, Chris Wilson wrote:
> Quoting Michal Wajdeczko (2017-08-04 17:27:09)
> > static inline const char *guc_ct_buffer_type_to_str(u32 type)
> > @@ -600,13 +609,76 @@ static int guc_handle_response(struct intel_guc *guc,
> > const u32 *data)
> > static int guc_handle_request(struct intel_guc *guc, const u32 *data)
> > {
> > u32 header = data[0];
> > + u32 len = ct_header_get_len(header) + 1; /* total len with header */
> > + struct ct_incoming_request *request;
> > + unsigned long flags;
> >
> > GEM_BUG_ON(ct_header_is_response(header));
> > /* data layout beyond header is request specific */
> >
> > + request = kmalloc(sizeof(*request), GFP_ATOMIC);
> > + if (unlikely(!request)) {
> > + DRM_ERROR("CT: dropping request %*phn\n", 4*len, data);
> > + return 0; /* XXX: -ENOMEM ? */
> > + }
> > +
> > + GEM_BUG_ON(len > GUC_CT_MSG_LEN_MASK + 1);
>
> This is incoming from the guc, if we can validate it, do so. Keep
> GEM_BUG_ON() for programming errors and absolute catastrophe.
Sorry, this check is leftover from earlier design.
Now it will be always satisfied as len can't be encoded beyond given mask ;)
I can change it into more appropriate runtime check against our buffer size:
if (4*len > sizeof(request->data)) ...
or into compile time check (with assumption then len can't larger than mask)
BUILD_BUG_ON(sizeof(request->data) < 4*(GUC_MSG_LEN_MASK+1));
or both
-Michal
_______________________________________________
Intel-gfx mailing list
Intel-gfx@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/intel-gfx
