From: jsg <jsg@openbsd.org>
Date: Wed, 22 Jun 2022 22:55:56 +0000 (+0000)
Subject: drm/i915/reset: Fix error_state_read ptr + offset use
X-Git-Url: http://artulab.com/gitweb/?a=commitdiff_plain;h=e515aa0ebcaa7d2f9683074b1d8d52d86f12b13d;p=openbsd

drm/i915/reset: Fix error_state_read ptr + offset use

From Alan Previn
f4c5eba87675a07a6c28cdaca7366aeb4258ec78 in linux 5.15.y/5.15.49
c9b576d0c7bf55aeae1a736da7974fa202c4394d in mainline linux
---

diff --git a/sys/dev/pci/drm/i915/i915_sysfs.c b/sys/dev/pci/drm/i915/i915_sysfs.c
index 99dbbc53ac7..9e50d6cfd23 100644
--- a/sys/dev/pci/drm/i915/i915_sysfs.c
+++ b/sys/dev/pci/drm/i915/i915_sysfs.c
@@ -447,7 +447,14 @@ static ssize_t error_state_read(struct file *filp, struct kobject *kobj,
 	struct device *kdev = kobj_to_dev(kobj);
 	struct drm_i915_private *i915 = kdev_minor_to_i915(kdev);
 	struct i915_gpu_coredump *gpu;
-	ssize_t ret;
+	ssize_t ret = 0;
+
+	/*
+	 * FIXME: Concurrent clients triggering resets and reading + clearing
+	 * dumps can cause inconsistent sysfs reads when a user calls in with a
+	 * non-zero offset to complete a prior partial read but the
+	 * gpu_coredump has been cleared or replaced.
+	 */
 
 	gpu = i915_first_error_state(i915);
 	if (IS_ERR(gpu)) {
@@ -459,8 +466,10 @@ static ssize_t error_state_read(struct file *filp, struct kobject *kobj,
 		const char *str = "No error state collected\n";
 		size_t len = strlen(str);
 
-		ret = min_t(size_t, count, len - off);
-		memcpy(buf, str + off, ret);
+		if (off < len) {
+			ret = min_t(size_t, count, len - off);
+			memcpy(buf, str + off, ret);
+		}
 	}
 
 	return ret;