From: Kristian Høgsberg <krh@bitplanet.net>
Date: Tue, 3 Mar 2015 00:19:52 +0000 (-0800)
Subject: i965: Fix uint64_t overflow in intel_client_wait_sync()
X-Git-Url: https://git.libre-soc.org/?a=commitdiff_plain;h=10c82c6c5fc415d323a5e9c6acdc6a4c85d6b712;p=mesa.git

i965: Fix uint64_t overflow in intel_client_wait_sync()

DRM_IOCTL_I915_GEM_WAIT takes an int64_t for the timeout value but
GL_ARB_sync takes an uint64_t.  Further, the ioctl used to wait
indefinitely when passed a negative timeout, but it's been broken and
now returns immediately in that case.  Thus, if an application passes
UINT64_MAX to wait forever, we overflow to -1LL and return immediately.
Work around this mess by clamping the wait timeout to INT64_MAX.

Signed-off-by: Kristian Høgsberg <krh@bitplanet.net>
Reviewed-by: Chad Versace <chad.versace@intel.com>
---

diff --git a/src/mesa/drivers/dri/i965/intel_syncobj.c b/src/mesa/drivers/dri/i965/intel_syncobj.c
index 9cde15298fe..e500fa04c51 100644
--- a/src/mesa/drivers/dri/i965/intel_syncobj.c
+++ b/src/mesa/drivers/dri/i965/intel_syncobj.c
@@ -84,6 +84,14 @@ static void intel_client_wait_sync(struct gl_context *ctx, struct gl_sync_object
 {
    struct intel_sync_object *sync = (struct intel_sync_object *)s;
 
+   /* DRM_IOCTL_I915_GEM_WAIT uses a signed 64 bit timeout and returns
+    * immediately for timeouts <= 0.  The best we can do is to clamp the
+    * timeout to INT64_MAX.  This limits the maximum timeout from 584 years to
+    * 292 years - likely not a big deal.
+    */
+   if (timeout > INT64_MAX)
+      timeout = INT64_MAX;
+
    if (sync->bo && drm_intel_gem_bo_wait(sync->bo, timeout) == 0) {
       s->StatusFlag = 1;
       drm_intel_bo_unreference(sync->bo);