linuxkpi: Fix __sg_alloc_table_from_pages loop
ClosedPublic
Actions

Authored by ashafer_badland.io on Apr 17 2023, 8:17 PM.

Details

Reviewers

bz
manu
dumbbell
• hselasky

Group Reviewers

linuxkpi

Commits

rG3f686532c9b4: linuxkpi: Fix __sg_alloc_table_from_pages loop

Summary

Commit 3e0856b63fe0e375a0951e05c2ef98bb2ebd9421 updated
__sg_alloc_table_from_pages to use the same API as linux, but modified
the loop condition when going over the pages in a sg list. Part of the
change included moving the sg_next call out of the for loop and into the
body, which causes an off by one error when traversing the list. Since
sg_next is called before the loop body it will skip the first element
and read one past the last element.

This caused panics when running PRIME with nvidia-drm as the off-by-one
issue causes a NULL dereference.

Diff Detail

Repository

rG FreeBSD src repository

Lint

Lint Not Applicable

Unit

Tests Not Applicable

Event Timeline

ashafer_badland.io created this revision.Apr 17 2023, 8:17 PM

Herald added subscribers: linuxkpi, emaste, imp. · View Herald TranscriptApr 17 2023, 8:17 PM

ashafer_badland.io requested review of this revision.Apr 17 2023, 8:17 PM

Harbormaster completed remote builds in B50974: Diff 120507.Apr 17 2023, 8:17 PM

Good catch and likely something which may have been bugging me as well on other work.

sys/compat/linuxkpi/common/include/linux/scatterlist.h
382	I wonder at the same time why we switched from using for_each_sg() in first place as that would have avoided the problem, but I am probably too tired to see that...

This revision is now accepted and ready to land.Apr 17 2023, 8:36 PM

manu accepted this revision.Apr 18 2023, 5:50 AM

Looks good!

ashafer_badland.io added inline comments.Apr 18 2023, 2:17 PM

sys/compat/linuxkpi/common/include/linux/scatterlist.h
382	I think the intention was to add a check of the value of s, but I thought it looked doable to do that while still using for_each_sg(). I'm not 100% sure either.