On Mon, 02 May 2022, Ramalingam C ramalingam.c@intel.com wrote:
While locating the start of ccs scatterlist in smem scatterlist, that has to be the size of lmem obj size + corresponding ccs data size, report bug if scatterlist terminate before that length.
v2: s/GEM_BUG_ON/BUG_ON with more commenting [Matt] v3: Converted GEM_BUG_ON into BUG_ON with more documentation [Matt]
Signed-off-by: Ramalingam C ramalingam.c@intel.com Reviewed-by: Matthew Auld matthew.auld@intel.com (v1)
drivers/gpu/drm/i915/gt/intel_migrate.c | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-)
diff --git a/drivers/gpu/drm/i915/gt/intel_migrate.c b/drivers/gpu/drm/i915/gt/intel_migrate.c index 9d552f30b627..168d17b6f48a 100644 --- a/drivers/gpu/drm/i915/gt/intel_migrate.c +++ b/drivers/gpu/drm/i915/gt/intel_migrate.c @@ -687,6 +687,16 @@ static void get_ccs_sg_sgt(struct sgt_dma *it, u32 bytes_to_cpy) bytes_to_cpy -= len;
it->sg = __sg_next(it->sg);
/** On Flat-CCS capable platform when we back the lmem pages with* smem pages we add extra pages at the end of the smem* scatterlist, to store the ccs data corresponding to the lmem* pages. get_ccs_sg_sgt() is called to get the pointer for the* start of the extra pages added at the end of smem scatterlist.* So scatterlist can't end at or before bytes_to_cpy.*/BUG_ON(!it->sg);
Why would you have to bring the entire kernel down in this case? Why not just let it oops on the NULL pointer dereference?
I'd prefer nuking *all* of the current BUG/BUG_ON in the driver, and not add any single one back.
BR, Jani.
it->dma = sg_dma_address(it->sg); it->max = it->dma + sg_dma_len(it->sg);} while (bytes_to_cpy); @@ -748,8 +758,10 @@ intel_context_migrate_copy(struct intel_context *ce, * Need to fix it. */ ccs_bytes_to_cpy = src_sz != dst_sz ? GET_CCS_BYTES(i915, bytes_to_cpy) : 0;
if (ccs_bytes_to_cpy)
if (ccs_bytes_to_cpy) {WARN_ON(abs(src_sz - dst_sz) < ccs_bytes_to_cpy); get_ccs_sg_sgt(&it_ccs, bytes_to_cpy);}}
src_offset = 0;