ホーム エクスプローラ ヘルプ
サインイン
GfA
/
linux_kernel
5
0
フォーク 0
ファイル 課題 0 プルリクエスト 0 Wiki
ソースを参照

drm/i915: Assert that the request->tail fits within the ring

In addition to being qword-aligned, the RING_TAIL offset must be within
the ring!

Signed-off-by: Chris Wilson <chris@chris-wilson.co.uk>
Link: http://patchwork.freedesktop.org/patch/msgid/20170327130009.4678-2-chris@chris-wilson.co.uk
Reviewed-by: Mika Kuoppala <mika.kuoppala@intel.com>
Chris Wilson 8 年 前
450362d3fe
コミット
a91fdf1293
2 ファイル変更7 行追加0 行削除
分割表示 差分情報を表示
  1. 4 0
      drivers/gpu/drm/i915/intel_lrc.c
  2. 3 0
      drivers/gpu/drm/i915/intel_ringbuffer.c

+ 4 - 0
drivers/gpu/drm/i915/intel_lrc.c
ファイルの表示 

@@ -327,6 +327,7 @@ static u64 execlists_update_context(struct drm_i915_gem_request *rq)
 
 	u32 *reg_state = ce->lrc_reg_state;
 
 
 	GEM_BUG_ON(!IS_ALIGNED(rq->tail, 8));
 
+	GEM_BUG_ON(rq->tail >= rq->ring->size);
 
 	reg_state[CTX_RING_TAIL+1] = rq->tail;
 
 
 	/* True 32b PPGTT with dynamic page allocation: update PDP
 
@@ -1282,6 +1283,7 @@ static void reset_common_ring(struct intel_engine_cs *engine,
 
 		intel_ring_wrap(request->ring,
 
 				request->wa_tail - WA_TAIL_DWORDS*sizeof(u32));
 
 	GEM_BUG_ON(!IS_ALIGNED(request->tail, 8));
 
+	GEM_BUG_ON(request->tail >= request->ring->size);
 
 }
 
 
 static int intel_logical_ring_emit_pdps(struct drm_i915_gem_request *req)
 
@@ -1493,6 +1495,7 @@ static void gen8_emit_breadcrumb(struct drm_i915_gem_request *request, u32 *cs)
 
 	*cs++ = MI_NOOP;
 
 	request->tail = intel_ring_offset(request, cs);
 
 	GEM_BUG_ON(!IS_ALIGNED(request->tail, 8));
 
+	GEM_BUG_ON(request->tail >= request->ring->size);
 
 
 	gen8_emit_wa_tail(request, cs);
 
 }
 
@@ -1521,6 +1524,7 @@ static void gen8_emit_breadcrumb_render(struct drm_i915_gem_request *request,
 
 	*cs++ = MI_NOOP;
 
 	request->tail = intel_ring_offset(request, cs);
 
 	GEM_BUG_ON(!IS_ALIGNED(request->tail, 8));
 
+	GEM_BUG_ON(request->tail >= request->ring->size);
 
 
 	gen8_emit_wa_tail(request, cs);
 
 }

+ 3 - 0
drivers/gpu/drm/i915/intel_ringbuffer.c
ファイルの表示 

@@ -775,6 +775,7 @@ static void i9xx_submit_request(struct drm_i915_gem_request *request)
 
 	i915_gem_request_submit(request);
 
 
 	GEM_BUG_ON(!IS_ALIGNED(request->tail, 8));
 
+	GEM_BUG_ON(request->tail >= request->ring->size);
 
 	I915_WRITE_TAIL(request->engine, request->tail);
 
 }
 
 
@@ -787,6 +788,7 @@ static void i9xx_emit_breadcrumb(struct drm_i915_gem_request *req, u32 *cs)
 
 
 	req->tail = intel_ring_offset(req, cs);
 
 	GEM_BUG_ON(!IS_ALIGNED(req->tail, 8));
 
+	GEM_BUG_ON(req->tail >= req->ring->size);
 
 }
 
 
 static const int i9xx_emit_breadcrumb_sz = 4;
 
@@ -826,6 +828,7 @@ static void gen8_render_emit_breadcrumb(struct drm_i915_gem_request *req,
 
 
 	req->tail = intel_ring_offset(req, cs);
 
 	GEM_BUG_ON(!IS_ALIGNED(req->tail, 8));
 
+	GEM_BUG_ON(req->tail >= req->ring->size);
 
 }
 
 
 static const int gen8_render_emit_breadcrumb_sz = 8;