• Thomas Hellström's avatar
    drm/xe/pt: Allow for stricter type- and range checking · 157261c5
    Thomas Hellström authored
    Distinguish between xe_pt and the xe_pt_dir subclass when
    allocating and freeing. Also use a fixed-size array for the
    xe_pt_dir page entries to make life easier for dynamic range-
    checkers. Finally rename the page-directory child pointer array
    to "children".
    
    While no functional change, this fixes ubsan splats similar to:
    
    [   51.463021] ------------[ cut here ]------------
    [   51.463022] UBSAN: array-index-out-of-bounds in drivers/gpu/drm/xe/xe_pt.c:47:9
    [   51.463023] index 0 is out of range for type 'xe_ptw *[*]'
    [   51.463024] CPU: 5 PID: 2778 Comm: xe_vm Tainted: G     U             6.8.0-rc1+ #218
    [   51.463026] Hardware name: ASUS System Product Name/PRIME B560M-A AC, BIOS 2001 02/01/2023
    [   51.463027] Call Trace:
    [   51.463028]  <TASK>
    [   51.463029]  dump_stack_lvl+0x47/0x60
    [   51.463030]  __ubsan_handle_out_of_bounds+0x95/0xd0
    [   51.463032]  xe_pt_destroy+0xa5/0x150 [xe]
    [   51.463088]  __xe_pt_unbind_vma+0x36c/0x9b0 [xe]
    [   51.463144]  xe_vm_unbind+0xd8/0x580 [xe]
    [   51.463204]  ? drm_exec_prepare_obj+0x3f/0x60 [drm_exec]
    [   51.463208]  __xe_vma_op_execute+0x5da/0x910 [xe]
    [   51.463268]  ? __drm_gpuvm_sm_unmap+0x1cb/0x220 [drm_gpuvm]
    [   51.463272]  ? radix_tree_node_alloc.constprop.0+0x89/0xc0
    [   51.463275]  ? drm_gpuva_it_remove+0x1f3/0x2a0 [drm_gpuvm]
    [   51.463279]  ? drm_gpuva_remove+0x2f/0xc0 [drm_gpuvm]
    [   51.463283]  xe_vm_bind_ioctl+0x1a55/0x20b0 [xe]
    [   51.463344]  ? __pfx_xe_vm_bind_ioctl+0x10/0x10 [xe]
    [   51.463414]  drm_ioctl_kernel+0xb6/0x120
    [   51.463416]  drm_ioctl+0x287/0x4e0
    [   51.463418]  ? __pfx_xe_vm_bind_ioctl+0x10/0x10 [xe]
    [   51.463481]  __x64_sys_ioctl+0x94/0xd0
    [   51.463484]  do_syscall_64+0x86/0x170
    [   51.463486]  ? syscall_exit_to_user_mode+0x7d/0x200
    [   51.463488]  ? do_syscall_64+0x96/0x170
    [   51.463490]  ? do_syscall_64+0x96/0x170
    [   51.463492]  entry_SYSCALL_64_after_hwframe+0x6e/0x76
    [   51.463494] RIP: 0033:0x7f246bfe817d
    [   51.463498] Code: 04 25 28 00 00 00 48 89 45 c8 31 c0 48 8d 45 10 c7 45 b0 10 00 00 00 48 89 45 b8 48 8d 45 d0 48 89 45 c0 b8 10 00 00 00 0f 05 <89> c2 3d 00 f0 ff ff 77 1a 48 8b 45 c8 64 48 2b 04 25 28 00 00 00
    [   51.463501] RSP: 002b:00007ffc1bd19ad0 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
    [   51.463502] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007f246bfe817d
    [   51.463504] RDX: 00007ffc1bd19b60 RSI: 0000000040886445 RDI: 0000000000000003
    [   51.463505] RBP: 00007ffc1bd19b20 R08: 0000000000000000 R09: 0000000000000000
    [   51.463506] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffc1bd19b60
    [   51.463508] R13: 0000000040886445 R14: 0000000000000003 R15: 0000000000010000
    [   51.463510]  </TASK>
    [   51.463517] ---[ end trace ]---
    
    v2
    - Fix kerneldoc warning (Matthew Brost)
    
    Fixes: dd08ebf6 ("drm/xe: Introduce a new DRM driver for Intel GPUs")
    Cc: Rodrigo Vivi <rodrigo.vivi@intel.com>
    Cc: Matthew Brost <matthew.brost@intel.com>
    Signed-off-by: default avatarThomas Hellström <thomas.hellstrom@linux.intel.com>
    Reviewed-by: default avatarMatthew Brost <matthew.brost@intel.com>
    Link: https://patchwork.freedesktop.org/patch/msgid/20240209112655.4872-1-thomas.hellstrom@linux.intel.com
    157261c5
xe_pt_walk.c 5.13 KB