From: Tvrtko Ursulin <tursulin@ursulin.net> To: Intel-gfx@lists.freedesktop.org Cc: linux-kernel@vger.kernel.org, Tvrtko Ursulin <tvrtko.ursulin@intel.com>, Masahiro Yamada <yamada.masahiro@socionext.com> Subject: [PATCH 2/4] lib/scatterlist: Avoid potential scatterlist entry overflow Date: Fri, 11 Nov 2016 08:50:18 +0000 [thread overview] Message-ID: <1478854220-3255-3-git-send-email-tvrtko.ursulin@linux.intel.com> (raw) In-Reply-To: <1478854220-3255-1-git-send-email-tvrtko.ursulin@linux.intel.com> From: Tvrtko Ursulin <tvrtko.ursulin@intel.com> Since the scatterlist length field is an unsigned int, make sure that sg_alloc_table_from_pages does not overflow it while coallescing pages to a single entry. v2: Drop reference to future use. Use UINT_MAX. Signed-off-by: Tvrtko Ursulin <tvrtko.ursulin@intel.com> Cc: Masahiro Yamada <yamada.masahiro@socionext.com> Cc: linux-kernel@vger.kernel.org --- lib/scatterlist.c | 25 +++++++++++++++++++------ 1 file changed, 19 insertions(+), 6 deletions(-) diff --git a/lib/scatterlist.c b/lib/scatterlist.c index e05e7fc98892..de15f369b317 100644 --- a/lib/scatterlist.c +++ b/lib/scatterlist.c @@ -394,7 +394,8 @@ int sg_alloc_table_from_pages(struct sg_table *sgt, unsigned int offset, unsigned long size, gfp_t gfp_mask) { - unsigned int chunks; + const unsigned int max_segment = UINT_MAX; + unsigned int seg_len, chunks; unsigned int i; unsigned int cur_page; int ret; @@ -402,9 +403,16 @@ int sg_alloc_table_from_pages(struct sg_table *sgt, /* compute number of contiguous chunks */ chunks = 1; - for (i = 1; i < n_pages; ++i) - if (page_to_pfn(pages[i]) != page_to_pfn(pages[i - 1]) + 1) + seg_len = PAGE_SIZE; + for (i = 1; i < n_pages; ++i) { + if (seg_len >= max_segment || + page_to_pfn(pages[i]) != page_to_pfn(pages[i - 1]) + 1) { ++chunks; + seg_len = PAGE_SIZE; + } else { + seg_len += PAGE_SIZE; + } + } ret = sg_alloc_table(sgt, chunks, gfp_mask); if (unlikely(ret)) @@ -413,17 +421,22 @@ int sg_alloc_table_from_pages(struct sg_table *sgt, /* merging chunks and putting them into the scatterlist */ cur_page = 0; for_each_sg(sgt->sgl, s, sgt->orig_nents, i) { - unsigned long chunk_size; + unsigned int chunk_size; unsigned int j; /* look for the end of the current chunk */ + seg_len = PAGE_SIZE; for (j = cur_page + 1; j < n_pages; ++j) - if (page_to_pfn(pages[j]) != + if (seg_len >= max_segment || + page_to_pfn(pages[j]) != page_to_pfn(pages[j - 1]) + 1) break; + else + seg_len += PAGE_SIZE; chunk_size = ((j - cur_page) << PAGE_SHIFT) - offset; - sg_set_page(s, pages[cur_page], min(size, chunk_size), offset); + sg_set_page(s, pages[cur_page], + min_t(unsigned long, size, chunk_size), offset); size -= chunk_size; offset = 0; cur_page = j; -- 2.7.4
WARNING: multiple messages have this Message-ID (diff)
From: Tvrtko Ursulin <tursulin@ursulin.net> To: Intel-gfx@lists.freedesktop.org Cc: Masahiro Yamada <yamada.masahiro@socionext.com>, linux-kernel@vger.kernel.org Subject: [PATCH 2/4] lib/scatterlist: Avoid potential scatterlist entry overflow Date: Fri, 11 Nov 2016 08:50:18 +0000 [thread overview] Message-ID: <1478854220-3255-3-git-send-email-tvrtko.ursulin@linux.intel.com> (raw) In-Reply-To: <1478854220-3255-1-git-send-email-tvrtko.ursulin@linux.intel.com> From: Tvrtko Ursulin <tvrtko.ursulin@intel.com> Since the scatterlist length field is an unsigned int, make sure that sg_alloc_table_from_pages does not overflow it while coallescing pages to a single entry. v2: Drop reference to future use. Use UINT_MAX. Signed-off-by: Tvrtko Ursulin <tvrtko.ursulin@intel.com> Cc: Masahiro Yamada <yamada.masahiro@socionext.com> Cc: linux-kernel@vger.kernel.org --- lib/scatterlist.c | 25 +++++++++++++++++++------ 1 file changed, 19 insertions(+), 6 deletions(-) diff --git a/lib/scatterlist.c b/lib/scatterlist.c index e05e7fc98892..de15f369b317 100644 --- a/lib/scatterlist.c +++ b/lib/scatterlist.c @@ -394,7 +394,8 @@ int sg_alloc_table_from_pages(struct sg_table *sgt, unsigned int offset, unsigned long size, gfp_t gfp_mask) { - unsigned int chunks; + const unsigned int max_segment = UINT_MAX; + unsigned int seg_len, chunks; unsigned int i; unsigned int cur_page; int ret; @@ -402,9 +403,16 @@ int sg_alloc_table_from_pages(struct sg_table *sgt, /* compute number of contiguous chunks */ chunks = 1; - for (i = 1; i < n_pages; ++i) - if (page_to_pfn(pages[i]) != page_to_pfn(pages[i - 1]) + 1) + seg_len = PAGE_SIZE; + for (i = 1; i < n_pages; ++i) { + if (seg_len >= max_segment || + page_to_pfn(pages[i]) != page_to_pfn(pages[i - 1]) + 1) { ++chunks; + seg_len = PAGE_SIZE; + } else { + seg_len += PAGE_SIZE; + } + } ret = sg_alloc_table(sgt, chunks, gfp_mask); if (unlikely(ret)) @@ -413,17 +421,22 @@ int sg_alloc_table_from_pages(struct sg_table *sgt, /* merging chunks and putting them into the scatterlist */ cur_page = 0; for_each_sg(sgt->sgl, s, sgt->orig_nents, i) { - unsigned long chunk_size; + unsigned int chunk_size; unsigned int j; /* look for the end of the current chunk */ + seg_len = PAGE_SIZE; for (j = cur_page + 1; j < n_pages; ++j) - if (page_to_pfn(pages[j]) != + if (seg_len >= max_segment || + page_to_pfn(pages[j]) != page_to_pfn(pages[j - 1]) + 1) break; + else + seg_len += PAGE_SIZE; chunk_size = ((j - cur_page) << PAGE_SHIFT) - offset; - sg_set_page(s, pages[cur_page], min(size, chunk_size), offset); + sg_set_page(s, pages[cur_page], + min_t(unsigned long, size, chunk_size), offset); size -= chunk_size; offset = 0; cur_page = j; -- 2.7.4 _______________________________________________ Intel-gfx mailing list Intel-gfx@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/intel-gfx
next prev parent reply other threads:[~2016-11-11 8:50 UTC|newest] Thread overview: 46+ messages / expand[flat|nested] mbox.gz Atom feed top 2016-11-11 8:50 [PATCH 0/4] Compact userptr object backing store allocation Tvrtko Ursulin 2016-11-11 8:50 ` Tvrtko Ursulin 2016-11-11 8:50 ` [PATCH 1/4] lib/scatterlist: Fix offset type in sg_alloc_table_from_pages Tvrtko Ursulin 2016-11-11 8:50 ` Tvrtko Ursulin 2016-11-14 9:55 ` [Intel-gfx] " Chris Wilson 2016-11-14 9:55 ` Chris Wilson 2016-11-22 14:31 ` [Intel-gfx] " Mauro Carvalho Chehab 2016-11-22 14:31 ` Mauro Carvalho Chehab 2016-11-11 8:50 ` Tvrtko Ursulin [this message] 2016-11-11 8:50 ` [PATCH 2/4] lib/scatterlist: Avoid potential scatterlist entry overflow Tvrtko Ursulin 2016-11-11 10:19 ` [Intel-gfx] " Chris Wilson 2016-11-11 10:19 ` Chris Wilson 2016-11-11 8:50 ` [PATCH 3/4] lib/scatterlist: Introduce and export __sg_alloc_table_from_pages Tvrtko Ursulin 2016-11-11 8:50 ` Tvrtko Ursulin 2016-11-11 10:24 ` [Intel-gfx] " Chris Wilson 2016-11-11 12:35 ` [PATCH v2 " Tvrtko Ursulin 2016-11-11 14:17 ` [PATCH v3 " Tvrtko Ursulin 2016-11-11 14:17 ` Tvrtko Ursulin 2016-11-14 9:51 ` Chris Wilson 2016-11-14 9:51 ` Chris Wilson 2016-11-11 8:50 ` [PATCH 4/4] drm/i915: Use __sg_alloc_table_from_pages for userptr allocations Tvrtko Ursulin 2016-11-11 8:50 ` Tvrtko Ursulin 2016-11-11 8:59 ` [PATCH v3 " Tvrtko Ursulin 2016-11-11 8:59 ` Tvrtko Ursulin 2016-11-11 10:23 ` [PATCH " Chris Wilson 2016-11-11 10:23 ` Chris Wilson 2016-11-11 12:36 ` [PATCH v4 " Tvrtko Ursulin 2016-11-14 9:52 ` Chris Wilson 2016-11-14 9:52 ` Chris Wilson 2016-11-11 9:46 ` ✓ Fi.CI.BAT: success for Compact userptr object backing store allocation (rev2) Patchwork 2016-11-11 13:28 ` ✗ Fi.CI.BAT: failure for Compact userptr object backing store allocation (rev4) Patchwork 2016-11-11 15:15 ` ✓ Fi.CI.BAT: success for Compact userptr object backing store allocation (rev5) Patchwork 2016-11-14 11:45 ` [Intel-gfx] [PATCH 0/4] Compact userptr object backing store allocation Tvrtko Ursulin 2016-11-14 11:45 ` Tvrtko Ursulin 2016-11-28 10:23 ` [Intel-gfx] " Tvrtko Ursulin 2016-11-28 10:23 ` Tvrtko Ursulin 2017-01-11 9:00 [PATCH 1/4] lib/scatterlist: Fix offset type in sg_alloc_table_from_pages Tvrtko Ursulin 2017-01-11 9:00 ` [PATCH 2/4] lib/scatterlist: Avoid potential scatterlist entry overflow Tvrtko Ursulin 2017-01-11 9:00 ` Tvrtko Ursulin 2017-01-16 14:12 [PATCH 1/4] lib/scatterlist: Fix offset type in sg_alloc_table_from_pages Tvrtko Ursulin 2017-01-16 14:12 ` [PATCH 2/4] lib/scatterlist: Avoid potential scatterlist entry overflow Tvrtko Ursulin 2017-01-16 14:12 ` Tvrtko Ursulin 2017-03-07 8:58 ` Tvrtko Ursulin 2017-03-07 10:16 ` Tvrtko Ursulin 2017-05-04 15:54 [PATCH 1/4] lib/scatterlist: Fix offset type in sg_alloc_table_from_pages Tvrtko Ursulin 2017-05-04 15:54 ` [PATCH 2/4] lib/scatterlist: Avoid potential scatterlist entry overflow Tvrtko Ursulin 2017-05-04 15:54 ` Tvrtko Ursulin 2017-07-27 9:05 [PATCH 0/4] Userptr bo slab use optimization Tvrtko Ursulin 2017-07-27 9:05 ` [PATCH 2/4] lib/scatterlist: Avoid potential scatterlist entry overflow Tvrtko Ursulin 2017-07-27 9:05 ` Tvrtko Ursulin
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=1478854220-3255-3-git-send-email-tvrtko.ursulin@linux.intel.com \ --to=tursulin@ursulin.net \ --cc=Intel-gfx@lists.freedesktop.org \ --cc=linux-kernel@vger.kernel.org \ --cc=tvrtko.ursulin@intel.com \ --cc=yamada.masahiro@socionext.com \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: linkBe sure your reply has a Subject: header at the top and a blank line before the message body.
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.