| Message ID | Y91g081OauhQNxMe@ubun2204.myguest.virtualbox.org |
|---|---|
| State | New |
| Headers |
Return-Path: <linux-kernel-owner@vger.kernel.org>
Delivered-To: ouuuleilei@gmail.com
Received: by 2002:adf:eb09:0:0:0:0:0 with SMTP id s9csp1028265wrn;
Fri, 3 Feb 2023 11:50:13 -0800 (PST)
X-Google-Smtp-Source:
AK7set9i0T7JvcsHCXADyFVmAYPUZeGMs11h34lF1bBZUvUnX9FSWAgeSDPMqaDGu2WfKzugNdCq
X-Received: by 2002:a17:907:2130:b0:87d:f32b:4108 with SMTP id
qo16-20020a170907213000b0087df32b4108mr10895784ejb.42.1675453813502;
Fri, 03 Feb 2023 11:50:13 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1675453813; cv=none;
d=google.com; s=arc-20160816;
b=RCaUeiEu/FDI1S/LG/WlceJ1quYCNNRBewqsErUEA80KhdtlZOFTYGnLQKk6Dj3dPy
mBJSMgiITlriwL7gYRr3HASY++gPJUksMrZIFbwRh2YyrfavV1f4hh9KcVdb66wTiQmv
neO+hU/K7s7OFCghrsA+D2EdMPycuj0W9cOdn/RRWQwBpEGDU0HDGwihAu78RIkkv8tr
li8CwFTsqgm8pongE7KwXBpgKcr07sE1Wsbq0EwF7I2bQx0nfgW7Z73bxtfI5l7wF6Tr
ZNBPvvowIRiCo46Ah1nCruNsQYU25+7oH9J0ToRvzo7ebWLtcBf/XTPGGc1HyjSjJ5Hb
1Jwg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
s=arc-20160816;
h=list-id:precedence:content-disposition:mime-version:message-id
:subject:cc:to:from:date:dkim-signature;
bh=HLmNjh9oMyO8V/FtcQxIpBXI9efOJqRd6Mlc+eJ/FCs=;
b=Y+iRkAuBj7Fo58YLVTt/DCTakXZrZAj55Uws5FTdfhFMN18V5tPQ56Tz9Ugd6gn9rK
9mGZQ27Cm3gAzUluadRTyKS7sHalrjX7jvozZNe+b9kQsWGmtYRASJ2DFIUHNlgJipK3
CW/b6sSpRomEnSzD04mgetU2kTt0BKly2loex+tNYmnvSSHwmKYhOTCqabbA492jeaT/
eeLwhm4+gJYybRq2nvcDirwVmgOnymTdzEMfTM2BPL00lzPLi7+kWKQc1JFkercg4GKw
01mrApm6bmRUlXNIVAfBJn5wtRFSScqWmhW2JmGU4K06SKzK3Zp2H9okcACMEPF1WgZb
fdPA==
ARC-Authentication-Results: i=1; mx.google.com;
dkim=fail header.i=@mailo.com header.s=mailo header.b=ClxlJqIO;
spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org
designates 2620:137:e000::1:20 as permitted sender)
smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=mailo.com
Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20])
by mx.google.com with ESMTP id
eq2-20020a170907290200b0088d3821ecbbsi3303949ejc.561.2023.02.03.11.49.49;
Fri, 03 Feb 2023 11:50:13 -0800 (PST)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org
designates 2620:137:e000::1:20 as permitted sender)
client-ip=2620:137:e000::1:20;
Authentication-Results: mx.google.com;
dkim=fail header.i=@mailo.com header.s=mailo header.b=ClxlJqIO;
spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org
designates 2620:137:e000::1:20 as permitted sender)
smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=mailo.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
id S231229AbjBCTbD (ORCPT <rfc822;il.mystafa@gmail.com> + 99 others);
Fri, 3 Feb 2023 14:31:03 -0500
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:36586 "EHLO
lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
with ESMTP id S233255AbjBCTbA (ORCPT
<rfc822;linux-kernel@vger.kernel.org>);
Fri, 3 Feb 2023 14:31:00 -0500
Received: from msg-4.mailo.com (msg-4.mailo.com [213.182.54.15])
by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 45FD31C7D4
for <linux-kernel@vger.kernel.org>;
Fri, 3 Feb 2023 11:30:55 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=mailo.com; s=mailo;
t=1675452635; bh=bkktwzcTrVERotqO7zXpzdBHdLDyij1klnN7HWoIRu0=;
h=X-EA-Auth:Date:From:To:Cc:Subject:Message-ID:MIME-Version:
Content-Type;
b=ClxlJqIOzwlIRAUnCY67NIR/vPpRQkPIyBlu3fSnwYsSORbcB8Ex1Mtdx8fUybM73
fyCk31gT44NQCkcOukeY3W0yMnJ407D+w+14BMTfJYmxs/XEZCZpeQLyydOpY5oive
B4f+m4nbnskTPERLknxJHAC3mLgbK58g6Cxe8V7I=
Received: by b-4.in.mailobj.net [192.168.90.14] with ESMTP
via ip-206.mailobj.net [213.182.55.206]
Fri, 3 Feb 2023 20:30:35 +0100 (CET)
X-EA-Auth:
LCVZG3qeAH/AKO5KQB9nnONmJiWgMjCPXypOWNIGmFbWyTfyMJMpBn+0scKaJ0et5iR3gOQyGEt2Mud03HTaMyL0S0UPAtI1
Date: Sat, 4 Feb 2023 01:00:27 +0530
From: Deepak R Varma <drv@mailo.com>
To: Jani Nikula <jani.nikula@linux.intel.com>,
Joonas Lahtinen <joonas.lahtinen@linux.intel.com>,
Rodrigo Vivi <rodrigo.vivi@intel.com>,
Tvrtko Ursulin <tvrtko.ursulin@linux.intel.com>,
David Airlie <airlied@gmail.com>,
Daniel Vetter <daniel@ffwll.ch>,
intel-gfx@lists.freedesktop.org, dri-devel@lists.freedesktop.org,
linux-kernel@vger.kernel.org
Cc: Saurabh Singh Sengar <ssengar@microsoft.com>,
Praveen Kumar <kumarpraveen@linux.microsoft.com>,
Deepak R Varma <drv@mailo.com>
Subject: [PATCH] drm/i915/gt: Avoid redundant pointer validity check
Message-ID: <Y91g081OauhQNxMe@ubun2204.myguest.virtualbox.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED,
DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,SPF_HELO_NONE,SPF_PASS
autolearn=ham autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?=
X-GMAIL-THRID: =?utf-8?q?1756840658183346819?=
X-GMAIL-MSGID: =?utf-8?q?1756840658183346819?=
|
| Series |
drm/i915/gt: Avoid redundant pointer validity check
|
|
Commit Message
Deepak R Varma
Feb. 3, 2023, 7:30 p.m. UTC
The macro definition of gen6_for_all_pdes() expands to a for loop such
that it breaks when the page table is null. Hence there is no need to
again test validity of the page table entry pointers in the pde list.
This change is identified using itnull.cocci semantic patch.
Signed-off-by: Deepak R Varma <drv@mailo.com>
---
Please note: Proposed change is compile tested only.
drivers/gpu/drm/i915/gt/gen6_ppgtt.c | 5 ++---
1 file changed, 2 insertions(+), 3 deletions(-)
Comments
Hi, Adding Matt & Thomas as potential candidates to review. Regards, Tvrtko On 03/02/2023 19:30, Deepak R Varma wrote: > The macro definition of gen6_for_all_pdes() expands to a for loop such > that it breaks when the page table is null. Hence there is no need to > again test validity of the page table entry pointers in the pde list. > This change is identified using itnull.cocci semantic patch. > > Signed-off-by: Deepak R Varma <drv@mailo.com> > --- > Please note: Proposed change is compile tested only. > > drivers/gpu/drm/i915/gt/gen6_ppgtt.c | 5 ++--- > 1 file changed, 2 insertions(+), 3 deletions(-) > > diff --git a/drivers/gpu/drm/i915/gt/gen6_ppgtt.c b/drivers/gpu/drm/i915/gt/gen6_ppgtt.c > index 5aaacc53fa4c..787b9e6d9f59 100644 > --- a/drivers/gpu/drm/i915/gt/gen6_ppgtt.c > +++ b/drivers/gpu/drm/i915/gt/gen6_ppgtt.c > @@ -258,8 +258,7 @@ static void gen6_ppgtt_free_pd(struct gen6_ppgtt *ppgtt) > u32 pde; > > gen6_for_all_pdes(pt, pd, pde) > - if (pt) > - free_pt(&ppgtt->base.vm, pt); > + free_pt(&ppgtt->base.vm, pt); > } > > static void gen6_ppgtt_cleanup(struct i915_address_space *vm) > @@ -304,7 +303,7 @@ static void pd_vma_unbind(struct i915_address_space *vm, > > /* Free all no longer used page tables */ > gen6_for_all_pdes(pt, ppgtt->base.pd, pde) { > - if (!pt || atomic_read(&pt->used)) > + if (atomic_read(&pt->used)) > continue; > > free_pt(&ppgtt->base.vm, pt);
On 06/02/2023 09:45, Tvrtko Ursulin wrote: > > Hi, > > Adding Matt & Thomas as potential candidates to review. > > Regards, > > Tvrtko > > On 03/02/2023 19:30, Deepak R Varma wrote: >> The macro definition of gen6_for_all_pdes() expands to a for loop such >> that it breaks when the page table is null. Hence there is no need to >> again test validity of the page table entry pointers in the pde list. >> This change is identified using itnull.cocci semantic patch. >> >> Signed-off-by: Deepak R Varma <drv@mailo.com> >> --- >> Please note: Proposed change is compile tested only. >> >> drivers/gpu/drm/i915/gt/gen6_ppgtt.c | 5 ++--- >> 1 file changed, 2 insertions(+), 3 deletions(-) >> >> diff --git a/drivers/gpu/drm/i915/gt/gen6_ppgtt.c >> b/drivers/gpu/drm/i915/gt/gen6_ppgtt.c >> index 5aaacc53fa4c..787b9e6d9f59 100644 >> --- a/drivers/gpu/drm/i915/gt/gen6_ppgtt.c >> +++ b/drivers/gpu/drm/i915/gt/gen6_ppgtt.c >> @@ -258,8 +258,7 @@ static void gen6_ppgtt_free_pd(struct gen6_ppgtt >> *ppgtt) >> u32 pde; >> gen6_for_all_pdes(pt, pd, pde) >> - if (pt) >> - free_pt(&ppgtt->base.vm, pt); >> + free_pt(&ppgtt->base.vm, pt); >> } >> static void gen6_ppgtt_cleanup(struct i915_address_space *vm) >> @@ -304,7 +303,7 @@ static void pd_vma_unbind(struct >> i915_address_space *vm, >> /* Free all no longer used page tables */ >> gen6_for_all_pdes(pt, ppgtt->base.pd, pde) { >> - if (!pt || atomic_read(&pt->used)) >> + if (atomic_read(&pt->used)) Wow, I was really confused trying to remember how this all works. The gen6_for_all_pdes() does: (pt = i915_pt_entry(pd, iter), true) So NULL pt is expected, and does not 'break' here, since 'true' is always the value that decides whether to terminate the loop. So this patch would lead to NULL ptr deref, AFAICT. >> continue; >> free_pt(&ppgtt->base.vm, pt);
On Mon, Feb 06, 2023 at 10:33:13AM +0000, Matthew Auld wrote: > On 06/02/2023 09:45, Tvrtko Ursulin wrote: > > > > Hi, > > > > Adding Matt & Thomas as potential candidates to review. > > > > Regards, > > > > Tvrtko > > > > On 03/02/2023 19:30, Deepak R Varma wrote: > > > The macro definition of gen6_for_all_pdes() expands to a for loop such > > > that it breaks when the page table is null. Hence there is no need to > > > again test validity of the page table entry pointers in the pde list. > > > This change is identified using itnull.cocci semantic patch. > > > > > > Signed-off-by: Deepak R Varma <drv@mailo.com> > > > --- > > > Please note: Proposed change is compile tested only. > > > > > > drivers/gpu/drm/i915/gt/gen6_ppgtt.c | 5 ++--- > > > 1 file changed, 2 insertions(+), 3 deletions(-) > > > > > > diff --git a/drivers/gpu/drm/i915/gt/gen6_ppgtt.c > > > b/drivers/gpu/drm/i915/gt/gen6_ppgtt.c > > > index 5aaacc53fa4c..787b9e6d9f59 100644 > > > --- a/drivers/gpu/drm/i915/gt/gen6_ppgtt.c > > > +++ b/drivers/gpu/drm/i915/gt/gen6_ppgtt.c > > > @@ -258,8 +258,7 @@ static void gen6_ppgtt_free_pd(struct gen6_ppgtt > > > *ppgtt) > > > u32 pde; > > > gen6_for_all_pdes(pt, pd, pde) > > > - if (pt) > > > - free_pt(&ppgtt->base.vm, pt); > > > + free_pt(&ppgtt->base.vm, pt); > > > } > > > static void gen6_ppgtt_cleanup(struct i915_address_space *vm) > > > @@ -304,7 +303,7 @@ static void pd_vma_unbind(struct > > > i915_address_space *vm, > > > /* Free all no longer used page tables */ > > > gen6_for_all_pdes(pt, ppgtt->base.pd, pde) { > > > - if (!pt || atomic_read(&pt->used)) > > > + if (atomic_read(&pt->used)) > > Wow, I was really confused trying to remember how this all works. > > The gen6_for_all_pdes() does: > > (pt = i915_pt_entry(pd, iter), true) > > So NULL pt is expected, and does not 'break' here, since 'true' is always > the value that decides whether to terminate the loop. So this patch would > lead to NULL ptr deref, AFAICT. Hello Matt, I understand it now. I was misreading the true as part of the function argument. Could you please also comment if the implementation of gen6_ppgtt_free_pd() in the same file is safe? It doesn't appear to have an check on pt validity here. Thank you, deepak. > > > > > > continue; > > > free_pt(&ppgtt->base.vm, pt);
On Tue, Feb 07, 2023 at 12:12:18AM +0530, Deepak R Varma wrote: > On Mon, Feb 06, 2023 at 10:33:13AM +0000, Matthew Auld wrote: > > On 06/02/2023 09:45, Tvrtko Ursulin wrote: > > > > > > Hi, > > > > > > Adding Matt & Thomas as potential candidates to review. > > > > > > Regards, > > > > > > Tvrtko > > > > > > On 03/02/2023 19:30, Deepak R Varma wrote: > > > > The macro definition of gen6_for_all_pdes() expands to a for loop such > > > > that it breaks when the page table is null. Hence there is no need to > > > > again test validity of the page table entry pointers in the pde list. > > > > This change is identified using itnull.cocci semantic patch. > > > > > > > > Signed-off-by: Deepak R Varma <drv@mailo.com> > > > > --- > > > > Please note: Proposed change is compile tested only. > > > > > > > > drivers/gpu/drm/i915/gt/gen6_ppgtt.c | 5 ++--- > > > > 1 file changed, 2 insertions(+), 3 deletions(-) > > > > > > > > diff --git a/drivers/gpu/drm/i915/gt/gen6_ppgtt.c > > > > b/drivers/gpu/drm/i915/gt/gen6_ppgtt.c > > > > index 5aaacc53fa4c..787b9e6d9f59 100644 > > > > --- a/drivers/gpu/drm/i915/gt/gen6_ppgtt.c > > > > +++ b/drivers/gpu/drm/i915/gt/gen6_ppgtt.c > > > > @@ -258,8 +258,7 @@ static void gen6_ppgtt_free_pd(struct gen6_ppgtt > > > > *ppgtt) > > > > u32 pde; > > > > gen6_for_all_pdes(pt, pd, pde) > > > > - if (pt) > > > > - free_pt(&ppgtt->base.vm, pt); > > > > + free_pt(&ppgtt->base.vm, pt); > > > > } > > > > static void gen6_ppgtt_cleanup(struct i915_address_space *vm) > > > > @@ -304,7 +303,7 @@ static void pd_vma_unbind(struct > > > > i915_address_space *vm, > > > > /* Free all no longer used page tables */ > > > > gen6_for_all_pdes(pt, ppgtt->base.pd, pde) { > > > > - if (!pt || atomic_read(&pt->used)) > > > > + if (atomic_read(&pt->used)) > > > > Wow, I was really confused trying to remember how this all works. > > > > The gen6_for_all_pdes() does: > > > > (pt = i915_pt_entry(pd, iter), true) > > > > So NULL pt is expected, and does not 'break' here, since 'true' is always > > the value that decides whether to terminate the loop. So this patch would > > lead to NULL ptr deref, AFAICT. > > Hello Matt, > I understand it now. I was misreading the true as part of the function argument. > Could you please also comment if the implementation of gen6_ppgtt_free_pd() in > the same file is safe? It doesn't appear to have an check on pt validity here. Please ignore the question. I understand it now. My apologies for inconvenience. The patch is invalid and can be dropped. deepak. > > Thank you, > deepak. > > > > > > > > > > > continue; > > > > free_pt(&ppgtt->base.vm, pt);
diff --git a/drivers/gpu/drm/i915/gt/gen6_ppgtt.c b/drivers/gpu/drm/i915/gt/gen6_ppgtt.c index 5aaacc53fa4c..787b9e6d9f59 100644 --- a/drivers/gpu/drm/i915/gt/gen6_ppgtt.c +++ b/drivers/gpu/drm/i915/gt/gen6_ppgtt.c @@ -258,8 +258,7 @@ static void gen6_ppgtt_free_pd(struct gen6_ppgtt *ppgtt) u32 pde; gen6_for_all_pdes(pt, pd, pde) - if (pt) - free_pt(&ppgtt->base.vm, pt); + free_pt(&ppgtt->base.vm, pt); } static void gen6_ppgtt_cleanup(struct i915_address_space *vm) @@ -304,7 +303,7 @@ static void pd_vma_unbind(struct i915_address_space *vm, /* Free all no longer used page tables */ gen6_for_all_pdes(pt, ppgtt->base.pd, pde) { - if (!pt || atomic_read(&pt->used)) + if (atomic_read(&pt->used)) continue; free_pt(&ppgtt->base.vm, pt);