drm/i915: check execbuffer for validity earlier to save on work.

Commit Message

Owain Ainsworth March 11, 2010, 9:43 p.m. UTC

None

Patch

diff --git a/drivers/gpu/drm/i915/i915_gem.c b/drivers/gpu/drm/i915/i915_gem.c
index e52a277..c4e89e8 100644
--- a/drivers/gpu/drm/i915/i915_gem.c
+++ b/drivers/gpu/drm/i915/i915_gem.c
@@ -3653,23 +3653,6 @@  err:
 	return ret;
 }
 
-static int
-i915_gem_check_execbuffer (struct drm_i915_gem_execbuffer2 *exec,
-			   uint64_t exec_offset)
-{
-	uint32_t exec_start, exec_len;
-
-	exec_start = (uint32_t) exec_offset + exec->batch_start_offset;
-	exec_len = (uint32_t) exec->batch_len;
-
-	if ((exec_start | exec_len) & 0x7)
-		return -EINVAL;
-
-	if (!exec_start)
-		return -EINVAL;
-
-	return 0;
-}
 
 static int
 i915_gem_wait_for_pending_flip(struct drm_device *dev,
@@ -3727,6 +3710,13 @@  i915_gem_do_execbuffer(struct drm_device *dev, void *data,
 	DRM_INFO("buffers_ptr %d buffer_count %d len %08x\n",
 		  (int) args->buffers_ptr, args->buffer_count, args->batch_len);
 #endif
+	/*
+	 * check for valid execbuffer offset. We can do this early because
+	 * bound objects are always page aligned, so only the start offset
+	 * matters.
+	 */
+	if ((args->batch_start_offset | args->batch_len) & 0x7)
+		return -EINVAL;
 
 	if (args->buffer_count < 1) {
 		DRM_ERROR("execbuf with %d buffers\n", args->buffer_count);
@@ -3875,6 +3865,11 @@  i915_gem_do_execbuffer(struct drm_device *dev, void *data,
 		ret = -EINVAL;
 		goto err;
 	}
+	if (args->batch_len > batch_obj->size) {
+		DRM_ERROR("batchbuffer shorter than program length\n");
+		ret = EINVAL;
+		goto err;
+	}
 	batch_obj->pending_read_domains |= I915_GEM_DOMAIN_COMMAND;
 
 	/* Sanity check the batch buffer, prior to moving objects */