drm/i915: Fix use of uninitialized var in 40a5f0de
authorFlorian Mickler <florian@mickler.org>
Mon, 6 Apr 2009 20:55:41 +0000 (22:55 +0200)
committerEric Anholt <eric@anholt.net>
Wed, 8 Apr 2009 17:18:19 +0000 (10:18 -0700)
i915_gem_put_relocs_to_user returned an uninitialized value which
got returned to userspace. This caused libdrm in my setup to never
get out of a do{}while() loop retrying i915_gem_execbuffer.

result was hanging X, overheating of cpu and 2-3gb of logfile-spam.

This patch adresses the issue by
 1. initializing vars in this file where necessary
 2. correcting wrongly interpreted return values of copy_[from/to]_user

Signed-off-by: Florian Mickler <florian@mickler.org>
[anholt: cleanups of unnecessary changes, consistency in APIs]
Signed-off-by: Eric Anholt <eric@anholt.net>
drivers/gpu/drm/i915/i915_gem.c

index 33ab07b0d7122eda4d46180ec15452122f5fa97f..6f7d0e27036f7f01b90e5a835b7084a2aa257028 100644 (file)
@@ -141,15 +141,18 @@ fast_shmem_read(struct page **pages,
                int length)
 {
        char __iomem *vaddr;
-       int ret;
+       int unwritten;
 
        vaddr = kmap_atomic(pages[page_base >> PAGE_SHIFT], KM_USER0);
        if (vaddr == NULL)
                return -ENOMEM;
-       ret = __copy_to_user_inatomic(data, vaddr + page_offset, length);
+       unwritten = __copy_to_user_inatomic(data, vaddr + page_offset, length);
        kunmap_atomic(vaddr, KM_USER0);
 
-       return ret;
+       if (unwritten)
+               return -EFAULT;
+
+       return 0;
 }
 
 static inline int
@@ -3000,13 +3003,13 @@ i915_gem_get_relocs_from_user(struct drm_i915_gem_exec_object *exec_list,
                        drm_free(*relocs, reloc_count * sizeof(**relocs),
                                 DRM_MEM_DRIVER);
                        *relocs = NULL;
-                       return ret;
+                       return -EFAULT;
                }
 
                reloc_index += exec_list[i].relocation_count;
        }
 
-       return ret;
+       return 0;
 }
 
 static int
@@ -3015,23 +3018,28 @@ i915_gem_put_relocs_to_user(struct drm_i915_gem_exec_object *exec_list,
                            struct drm_i915_gem_relocation_entry *relocs)
 {
        uint32_t reloc_count = 0, i;
-       int ret;
+       int ret = 0;
 
        for (i = 0; i < buffer_count; i++) {
                struct drm_i915_gem_relocation_entry __user *user_relocs;
+               int unwritten;
 
                user_relocs = (void __user *)(uintptr_t)exec_list[i].relocs_ptr;
 
-               if (ret == 0) {
-                       ret = copy_to_user(user_relocs,
-                                          &relocs[reloc_count],
-                                          exec_list[i].relocation_count *
-                                          sizeof(*relocs));
+               unwritten = copy_to_user(user_relocs,
+                                        &relocs[reloc_count],
+                                        exec_list[i].relocation_count *
+                                        sizeof(*relocs));
+
+               if (unwritten) {
+                       ret = -EFAULT;
+                       goto err;
                }
 
                reloc_count += exec_list[i].relocation_count;
        }
 
+err:
        drm_free(relocs, reloc_count * sizeof(*relocs), DRM_MEM_DRIVER);
 
        return ret;
@@ -3306,10 +3314,12 @@ err:
                                   (uintptr_t) args->buffers_ptr,
                                   exec_list,
                                   sizeof(*exec_list) * args->buffer_count);
-               if (ret)
+               if (ret) {
+                       ret = -EFAULT;
                        DRM_ERROR("failed to copy %d exec entries "
                                  "back to user (%d)\n",
                                  args->buffer_count, ret);
+               }
        }
 
        /* Copy the updated relocations out regardless of current error