35095f7529
Op 24-07-13 17:55, Dan Carpenter schreef:
> Hello Maarten Lankhorst,
>
> This is a semi-automatic email about new static checker warnings.
>
> The patch 0108bc808107: "drm/nouveau: do not allow negative sizes for
> now" from Jul 7, 2013, leads to the following Smatch complaint:
>
> drivers/gpu/drm/nouveau/nouveau_bo.c:222 nouveau_bo_new()
> warn: variable dereferenced before check 'drm->client.base.vm' (see line 201)
>
> drivers/gpu/drm/nouveau/nouveau_bo.c
> 200 int type = ttm_bo_type_device;
> 201 int max_size = INT_MAX & ~((1 << drm->client.base.vm->vmm->lpg_shift) - 1);
> ^^^^^^^^^^^^^^^^^^^
> New dereference.
>
> 202
> 203 if (size <= 0 || size > max_size) {
> 204 nv_warn(drm, "skipped size %x\n", (u32)size);
> 205 return -EINVAL;
> 206 }
> 207
> 208 if (sg)
> 209 type = ttm_bo_type_sg;
> 210
> 211 nvbo = kzalloc(sizeof(struct nouveau_bo), GFP_KERNEL);
> 212 if (!nvbo)
> 213 return -ENOMEM;
> 214 INIT_LIST_HEAD(&nvbo->head);
> 215 INIT_LIST_HEAD(&nvbo->entry);
> 216 INIT_LIST_HEAD(&nvbo->vma_list);
> 217 nvbo->tile_mode = tile_mode;
> 218 nvbo->tile_flags = tile_flags;
> 219 nvbo->bo.bdev = &drm->ttm.bdev;
> 220
> 221 nvbo->page_shift = 12;
> 222 if (drm->client.base.vm) {
> ^^^^^^^^^^^^^^^^^^^
> Old check.
>
> 223 if (!(flags & TTM_PL_FLAG_TT) && size > 256 * 1024)
> 224 nvbo->page_shift = drm->client.base.vm->vmm->lpg_shift;
>
> regards,
> dan carpenter
8<-----
Commit 0108bc808107: "drm/nouveau: do not allow negative sizes for now" broke
older nvidia gpu's that lack a vm. Add an explicit check to handle this.
Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
Reported-by: konrad wilk <konrad.wilk@oracle.com>
Signed-off-by: Maarten Lankhorst <maarten.lankhorst@canonical.com>
Signed-off-by: Ben Skeggs <bskeggs@redhat.com>
************************************************************
* For the very latest on DRI development, please see: *
* http://dri.freedesktop.org/ *
************************************************************
The Direct Rendering Manager (drm) is a device-independent kernel-level
device driver that provides support for the XFree86 Direct Rendering
Infrastructure (DRI).
The DRM supports the Direct Rendering Infrastructure (DRI) in four major
ways:
1. The DRM provides synchronized access to the graphics hardware via
the use of an optimized two-tiered lock.
2. The DRM enforces the DRI security policy for access to the graphics
hardware by only allowing authenticated X11 clients access to
restricted regions of memory.
3. The DRM provides a generic DMA engine, complete with multiple
queues and the ability to detect the need for an OpenGL context
switch.
4. The DRM is extensible via the use of small device-specific modules
that rely extensively on the API exported by the DRM module.
Documentation on the DRI is available from:
http://dri.freedesktop.org/wiki/Documentation
http://sourceforge.net/project/showfiles.php?group_id=387
http://dri.sourceforge.net/doc/
For specific information about kernel-level support, see:
The Direct Rendering Manager, Kernel Support for the Direct Rendering
Infrastructure
http://dri.sourceforge.net/doc/drm_low_level.html
Hardware Locking for the Direct Rendering Infrastructure
http://dri.sourceforge.net/doc/hardware_locking_low_level.html
A Security Analysis of the Direct Rendering Infrastructure
http://dri.sourceforge.net/doc/security_low_level.html