Re: [Intel-gfx] [PATCH] drm/i915/gt: handle null ptr at sg traversing

[Matthew Auld]

On 27/06/2022 18:35, Ramalingam C wrote:
When calculating the starting address for ccs data in smem scatterlist,
handle the NULL pointer returned from sg_next, incase of scatterlist
less than required size..

Do we have some more information on how we can hit this? Is this a 
programmer error? Do we have a testcase?


Signed-off-by: Ramalingam C <ramalinga...@intel.com>
---
  drivers/gpu/drm/i915/gt/intel_migrate.c | 13 ++++++++++---
  1 file changed, 10 insertions(+), 3 deletions(-)

diff --git a/drivers/gpu/drm/i915/gt/intel_migrate.c 
b/drivers/gpu/drm/i915/gt/intel_migrate.c
index 2c35324b5f68..c206fb4f4186 100644
--- a/drivers/gpu/drm/i915/gt/intel_migrate.c
+++ b/drivers/gpu/drm/i915/gt/intel_migrate.c
@@ -669,7 +669,7 @@ calculate_chunk_sz(struct drm_i915_private *i915, bool 
src_is_lmem,
        }
  }
  
-static void get_ccs_sg_sgt(struct sgt_dma *it, u32 bytes_to_cpy)
+static int get_ccs_sg_sgt(struct sgt_dma *it, u32 bytes_to_cpy)
  {
        u32 len;
  
@@ -684,9 +684,13 @@ static void get_ccs_sg_sgt(struct sgt_dma *it, u32 bytes_to_cpy)
                bytes_to_cpy -= len;
  
  		it->sg = __sg_next(it->sg);
+               if (!it->sg)
+                       return -EINVAL;
                it->dma = sg_dma_address(it->sg);
                it->max = it->dma + sg_dma_len(it->sg);
        } while (bytes_to_cpy);
+
+       return 0;
  }
  
  int
@@ -745,8 +749,11 @@ intel_context_migrate_copy(struct intel_context *ce,
                 * Need to fix it.
                 */
                ccs_bytes_to_cpy = src_sz != dst_sz ? GET_CCS_BYTES(i915, 
bytes_to_cpy) : 0;
-               if (ccs_bytes_to_cpy)
-                       get_ccs_sg_sgt(&it_ccs, bytes_to_cpy);
+               if (ccs_bytes_to_cpy) {
+                       err = get_ccs_sg_sgt(&it_ccs, bytes_to_cpy);
+                       if (err)
+                               return err;
+               }
        }
  
  	src_offset = 0;