On 25/04/2022 17:24, Ramalingam C wrote:
While locating the start of ccs scatterlist in smem scatterlist, that has
to be the size of lmem obj size + corresponding ccs data size. Report bug
if scatterlist terminate before that length.
Signed-off-by: Ramalingam C <ramalinga...@intel.com>
---
drivers/gpu/drm/i915/gt/intel_migrate.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/drivers/gpu/drm/i915/gt/intel_migrate.c
b/drivers/gpu/drm/i915/gt/intel_migrate.c
index 9d552f30b627..29d761da02c4 100644
--- a/drivers/gpu/drm/i915/gt/intel_migrate.c
+++ b/drivers/gpu/drm/i915/gt/intel_migrate.c
@@ -687,6 +687,12 @@ static void get_ccs_sg_sgt(struct sgt_dma *it, u32
bytes_to_cpy)
bytes_to_cpy -= len;
it->sg = __sg_next(it->sg);
+
+ /*
+ * scatterlist supposed to be the size of
+ * bytes_to_cpy + GET_CCS_BYTES(bytes_to_copy).
+ */
+ GEM_BUG_ON(!it->sg);
It will crash and burn anyway, with the below NULL deref. Not sure if
BUG_ON() is really much better, but I guess with the additional comment,
Reviewed-by: Matthew Auld <matthew.a...@intel.com>
it->dma = sg_dma_address(it->sg);
it->max = it->dma + sg_dma_len(it->sg);
} while (bytes_to_cpy);
