Re: [PATCH v3 4/5] drm/panthor: Fix an off-by-one in the heap context retrieval logic

2024-05-02 Thread Boris Brezillon 
On Thu, 2 May 2024 16:52:24 +0100
Steven Price  wrote:

> On 02/05/2024 16:40, Boris Brezillon wrote:
> > The heap ID is used to index the heap context pool, and allocating
> > in the [1:MAX_HEAPS_PER_POOL] leads to an off-by-one. This was
> > originally to avoid returning a zero heap handle, but given the handle
> > is formed with (vm_id << 16) | heap_id, with vm_id > 0, we already can't
> > end up with a valid heap handle that's zero.
> > 
> > v3:
> > - Allocate in the [0:MAX_HEAPS_PER_POOL-1] range
> > 
> > v2:
> > - New patch
> > 
> > Fixes: 9cca48fa4f89 ("drm/panthor: Add the heap logical block")
> > Reported-by: Eric Smith 
> > Signed-off-by: Boris Brezillon 
> > Tested-by: Eric Smith   
> 
> Don't we also need to change the xa_init_flags() in
> panthor_heap_pool_create()?

Uh, we should, indeed.

> 
> Steve
> 
> > ---
> >  drivers/gpu/drm/panthor/panthor_heap.c | 3 ++-
> >  1 file changed, 2 insertions(+), 1 deletion(-)
> > 
> > diff --git a/drivers/gpu/drm/panthor/panthor_heap.c 
> > b/drivers/gpu/drm/panthor/panthor_heap.c
> > index 683bb94761bc..252332f5390f 100644
> > --- a/drivers/gpu/drm/panthor/panthor_heap.c
> > +++ b/drivers/gpu/drm/panthor/panthor_heap.c
> > @@ -323,7 +323,8 @@ int panthor_heap_create(struct panthor_heap_pool *pool,
> > if (!pool->vm) {
> > ret = -EINVAL;
> > } else {
> > -   ret = xa_alloc(>xa, , heap, XA_LIMIT(1, 
> > MAX_HEAPS_PER_POOL), GFP_KERNEL);
> > +   ret = xa_alloc(>xa, , heap,
> > +  XA_LIMIT(0, MAX_HEAPS_PER_POOL - 1), GFP_KERNEL);
> > if (!ret) {
> > void *gpu_ctx = panthor_get_heap_ctx(pool, id);
> >
>

Re: [PATCH v3 4/5] drm/panthor: Fix an off-by-one in the heap context retrieval logic

2024-05-02 Thread Steven Price 
On 02/05/2024 16:40, Boris Brezillon wrote:
> The heap ID is used to index the heap context pool, and allocating
> in the [1:MAX_HEAPS_PER_POOL] leads to an off-by-one. This was
> originally to avoid returning a zero heap handle, but given the handle
> is formed with (vm_id << 16) | heap_id, with vm_id > 0, we already can't
> end up with a valid heap handle that's zero.
> 
> v3:
> - Allocate in the [0:MAX_HEAPS_PER_POOL-1] range
> 
> v2:
> - New patch
> 
> Fixes: 9cca48fa4f89 ("drm/panthor: Add the heap logical block")
> Reported-by: Eric Smith 
> Signed-off-by: Boris Brezillon 
> Tested-by: Eric Smith 

Don't we also need to change the xa_init_flags() in
panthor_heap_pool_create()?

Steve

> ---
>  drivers/gpu/drm/panthor/panthor_heap.c | 3 ++-
>  1 file changed, 2 insertions(+), 1 deletion(-)
> 
> diff --git a/drivers/gpu/drm/panthor/panthor_heap.c 
> b/drivers/gpu/drm/panthor/panthor_heap.c
> index 683bb94761bc..252332f5390f 100644
> --- a/drivers/gpu/drm/panthor/panthor_heap.c
> +++ b/drivers/gpu/drm/panthor/panthor_heap.c
> @@ -323,7 +323,8 @@ int panthor_heap_create(struct panthor_heap_pool *pool,
>   if (!pool->vm) {
>   ret = -EINVAL;
>   } else {
> - ret = xa_alloc(>xa, , heap, XA_LIMIT(1, 
> MAX_HEAPS_PER_POOL), GFP_KERNEL);
> + ret = xa_alloc(>xa, , heap,
> +XA_LIMIT(0, MAX_HEAPS_PER_POOL - 1), GFP_KERNEL);
>   if (!ret) {
>   void *gpu_ctx = panthor_get_heap_ctx(pool, id);
>