From: Walter Harms <wharms@bfs.de>
To: "Christian König" <christian.koenig@amd.com>,
"Colin King" <colin.king@canonical.com>,
"Alex Deucher" <alexander.deucher@amd.com>,
"David Airlie" <airlied@linux.ie>,
"Daniel Vetter" <daniel@ffwll.ch>,
"Huang Rui" <ray.huang@amd.com>,
"Junwei Zhang" <Jerry.Zhang@amd.com>,
"amd-gfx@lists.freedesktop.org" <amd-gfx@lists.freedesktop.org>,
"dri-devel@lists.freedesktop.org"
<dri-devel@lists.freedesktop.org>
Cc: "kernel-janitors@vger.kernel.org"
<kernel-janitors@vger.kernel.org>,
"linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>
Subject: AW: [PATCH] drm/amdgpu: fix potential integer overflow on shift of a int
Date: Mon, 8 Feb 2021 11:05:01 +0000 [thread overview]
Message-ID: <3aed86cfb8014badbcbc4ee9f007976d@bfs.de> (raw)
In-Reply-To: <c6c99dba-aea9-304c-2246-e24632955479@amd.com>
i am curious:
what is the win to have a unsigned 64 bit integer in the first
place ?
re,
wh
________________________________________
Von: Christian König <christian.koenig@amd.com>
Gesendet: Montag, 8. Februar 2021 10:17:42
An: Colin King; Alex Deucher; David Airlie; Daniel Vetter; Huang Rui; Junwei Zhang; amd-gfx@lists.freedesktop.org; dri-devel@lists.freedesktop.org
Cc: kernel-janitors@vger.kernel.org; linux-kernel@vger.kernel.org
Betreff: Re: [PATCH] drm/amdgpu: fix potential integer overflow on shift of a int
Am 08.02.21 um 00:07 schrieb Colin King:
> From: Colin Ian King <colin.king@canonical.com>
>
> The left shift of int 32 bit integer constant 1 is evaluated using 32
> bit arithmetic and then assigned to an unsigned 64 bit integer. In the
> case where *frag is 32 or more this can lead to an oveflow. Avoid this
> by shifting 1ULL.
Well that can't happen. Take a look at the code in that function:
> max_frag = 31;
...
> if (*frag >= max_frag) {
> *frag = max_frag;
> *frag_end = end & ~((1ULL << max_frag) - 1);
> } else {
> *frag_end = start + (1 << *frag);
> }
But I'm fine with applying the patch if it silences your warning.
Regards,
Christian.
>
> Addresses-Coverity: ("Unintentional integer overflow")
> Fixes: dfcd99f6273e ("drm/amdgpu: meld together VM fragment and huge page handling")
> Signed-off-by: Colin Ian King <colin.king@canonical.com>
> ---
> drivers/gpu/drm/amd/amdgpu/amdgpu_vm.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_vm.c b/drivers/gpu/drm/amd/amdgpu/amdgpu_vm.c
> index 9d19078246c8..53a925600510 100644
> --- a/drivers/gpu/drm/amd/amdgpu/amdgpu_vm.c
> +++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_vm.c
> @@ -1412,7 +1412,7 @@ static void amdgpu_vm_fragment(struct amdgpu_vm_update_params *params,
> *frag = max_frag;
> *frag_end = end & ~((1ULL << max_frag) - 1);
> } else {
> - *frag_end = start + (1 << *frag);
> + *frag_end = start + (1ULL << *frag);
> }
> }
>
_______________________________________________
amd-gfx mailing list
amd-gfx@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/amd-gfx
WARNING: multiple messages have this Message-ID (diff)
From: Walter Harms <wharms@bfs.de>
To: "Christian König" <christian.koenig@amd.com>,
"Colin King" <colin.king@canonical.com>,
"Alex Deucher" <alexander.deucher@amd.com>,
"David Airlie" <airlied@linux.ie>,
"Daniel Vetter" <daniel@ffwll.ch>,
"Huang Rui" <ray.huang@amd.com>,
"Junwei Zhang" <Jerry.Zhang@amd.com>,
"amd-gfx@lists.freedesktop.org" <amd-gfx@lists.freedesktop.org>,
"dri-devel@lists.freedesktop.org"
<dri-devel@lists.freedesktop.org>
Cc: "kernel-janitors@vger.kernel.org"
<kernel-janitors@vger.kernel.org>,
"linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>
Subject: AW: [PATCH] drm/amdgpu: fix potential integer overflow on shift of a int
Date: Mon, 08 Feb 2021 11:05:01 +0000 [thread overview]
Message-ID: <3aed86cfb8014badbcbc4ee9f007976d@bfs.de> (raw)
In-Reply-To: <c6c99dba-aea9-304c-2246-e24632955479@amd.com>
i am curious:
what is the win to have a unsigned 64 bit integer in the first
place ?
re,
wh
________________________________________
Von: Christian König <christian.koenig@amd.com>
Gesendet: Montag, 8. Februar 2021 10:17:42
An: Colin King; Alex Deucher; David Airlie; Daniel Vetter; Huang Rui; Junwei Zhang; amd-gfx@lists.freedesktop.org; dri-devel@lists.freedesktop.org
Cc: kernel-janitors@vger.kernel.org; linux-kernel@vger.kernel.org
Betreff: Re: [PATCH] drm/amdgpu: fix potential integer overflow on shift of a int
Am 08.02.21 um 00:07 schrieb Colin King:
> From: Colin Ian King <colin.king@canonical.com>
>
> The left shift of int 32 bit integer constant 1 is evaluated using 32
> bit arithmetic and then assigned to an unsigned 64 bit integer. In the
> case where *frag is 32 or more this can lead to an oveflow. Avoid this
> by shifting 1ULL.
Well that can't happen. Take a look at the code in that function:
> max_frag = 31;
...
> if (*frag >= max_frag) {
> *frag = max_frag;
> *frag_end = end & ~((1ULL << max_frag) - 1);
> } else {
> *frag_end = start + (1 << *frag);
> }
But I'm fine with applying the patch if it silences your warning.
Regards,
Christian.
>
> Addresses-Coverity: ("Unintentional integer overflow")
> Fixes: dfcd99f6273e ("drm/amdgpu: meld together VM fragment and huge page handling")
> Signed-off-by: Colin Ian King <colin.king@canonical.com>
> ---
> drivers/gpu/drm/amd/amdgpu/amdgpu_vm.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_vm.c b/drivers/gpu/drm/amd/amdgpu/amdgpu_vm.c
> index 9d19078246c8..53a925600510 100644
> --- a/drivers/gpu/drm/amd/amdgpu/amdgpu_vm.c
> +++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_vm.c
> @@ -1412,7 +1412,7 @@ static void amdgpu_vm_fragment(struct amdgpu_vm_update_params *params,
> *frag = max_frag;
> *frag_end = end & ~((1ULL << max_frag) - 1);
> } else {
> - *frag_end = start + (1 << *frag);
> + *frag_end = start + (1ULL << *frag);
> }
> }
>
WARNING: multiple messages have this Message-ID (diff)
From: Walter Harms <wharms@bfs.de>
To: "Christian König" <christian.koenig@amd.com>,
"Colin King" <colin.king@canonical.com>,
"Alex Deucher" <alexander.deucher@amd.com>,
"David Airlie" <airlied@linux.ie>,
"Daniel Vetter" <daniel@ffwll.ch>,
"Huang Rui" <ray.huang@amd.com>,
"Junwei Zhang" <Jerry.Zhang@amd.com>,
"amd-gfx@lists.freedesktop.org" <amd-gfx@lists.freedesktop.org>,
"dri-devel@lists.freedesktop.org"
<dri-devel@lists.freedesktop.org>
Cc: "kernel-janitors@vger.kernel.org"
<kernel-janitors@vger.kernel.org>,
"linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>
Subject: AW: [PATCH] drm/amdgpu: fix potential integer overflow on shift of a int
Date: Mon, 8 Feb 2021 11:05:01 +0000 [thread overview]
Message-ID: <3aed86cfb8014badbcbc4ee9f007976d@bfs.de> (raw)
In-Reply-To: <c6c99dba-aea9-304c-2246-e24632955479@amd.com>
i am curious:
what is the win to have a unsigned 64 bit integer in the first
place ?
re,
wh
________________________________________
Von: Christian König <christian.koenig@amd.com>
Gesendet: Montag, 8. Februar 2021 10:17:42
An: Colin King; Alex Deucher; David Airlie; Daniel Vetter; Huang Rui; Junwei Zhang; amd-gfx@lists.freedesktop.org; dri-devel@lists.freedesktop.org
Cc: kernel-janitors@vger.kernel.org; linux-kernel@vger.kernel.org
Betreff: Re: [PATCH] drm/amdgpu: fix potential integer overflow on shift of a int
Am 08.02.21 um 00:07 schrieb Colin King:
> From: Colin Ian King <colin.king@canonical.com>
>
> The left shift of int 32 bit integer constant 1 is evaluated using 32
> bit arithmetic and then assigned to an unsigned 64 bit integer. In the
> case where *frag is 32 or more this can lead to an oveflow. Avoid this
> by shifting 1ULL.
Well that can't happen. Take a look at the code in that function:
> max_frag = 31;
...
> if (*frag >= max_frag) {
> *frag = max_frag;
> *frag_end = end & ~((1ULL << max_frag) - 1);
> } else {
> *frag_end = start + (1 << *frag);
> }
But I'm fine with applying the patch if it silences your warning.
Regards,
Christian.
>
> Addresses-Coverity: ("Unintentional integer overflow")
> Fixes: dfcd99f6273e ("drm/amdgpu: meld together VM fragment and huge page handling")
> Signed-off-by: Colin Ian King <colin.king@canonical.com>
> ---
> drivers/gpu/drm/amd/amdgpu/amdgpu_vm.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_vm.c b/drivers/gpu/drm/amd/amdgpu/amdgpu_vm.c
> index 9d19078246c8..53a925600510 100644
> --- a/drivers/gpu/drm/amd/amdgpu/amdgpu_vm.c
> +++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_vm.c
> @@ -1412,7 +1412,7 @@ static void amdgpu_vm_fragment(struct amdgpu_vm_update_params *params,
> *frag = max_frag;
> *frag_end = end & ~((1ULL << max_frag) - 1);
> } else {
> - *frag_end = start + (1 << *frag);
> + *frag_end = start + (1ULL << *frag);
> }
> }
>
_______________________________________________
dri-devel mailing list
dri-devel@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/dri-devel
WARNING: multiple messages have this Message-ID (diff)
From: Walter Harms <wharms@bfs.de>
To: "Christian König" <christian.koenig@amd.com>,
"Colin King" <colin.king@canonical.com>,
"Alex Deucher" <alexander.deucher@amd.com>,
"David Airlie" <airlied@linux.ie>,
"Daniel Vetter" <daniel@ffwll.ch>,
"Huang Rui" <ray.huang@amd.com>,
"Junwei Zhang" <Jerry.Zhang@amd.com>,
"amd-gfx@lists.freedesktop.org" <amd-gfx@lists.freedesktop.org>,
"dri-devel@lists.freedesktop.org"
<dri-devel@lists.freedesktop.org>
Cc: "kernel-janitors@vger.kernel.org"
<kernel-janitors@vger.kernel.org>,
"linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>
Subject: AW: [PATCH] drm/amdgpu: fix potential integer overflow on shift of a int
Date: Mon, 8 Feb 2021 11:05:01 +0000 [thread overview]
Message-ID: <3aed86cfb8014badbcbc4ee9f007976d@bfs.de> (raw)
In-Reply-To: <c6c99dba-aea9-304c-2246-e24632955479@amd.com>
i am curious:
what is the win to have a unsigned 64 bit integer in the first
place ?
re,
wh
________________________________________
Von: Christian König <christian.koenig@amd.com>
Gesendet: Montag, 8. Februar 2021 10:17:42
An: Colin King; Alex Deucher; David Airlie; Daniel Vetter; Huang Rui; Junwei Zhang; amd-gfx@lists.freedesktop.org; dri-devel@lists.freedesktop.org
Cc: kernel-janitors@vger.kernel.org; linux-kernel@vger.kernel.org
Betreff: Re: [PATCH] drm/amdgpu: fix potential integer overflow on shift of a int
Am 08.02.21 um 00:07 schrieb Colin King:
> From: Colin Ian King <colin.king@canonical.com>
>
> The left shift of int 32 bit integer constant 1 is evaluated using 32
> bit arithmetic and then assigned to an unsigned 64 bit integer. In the
> case where *frag is 32 or more this can lead to an oveflow. Avoid this
> by shifting 1ULL.
Well that can't happen. Take a look at the code in that function:
> max_frag = 31;
...
> if (*frag >= max_frag) {
> *frag = max_frag;
> *frag_end = end & ~((1ULL << max_frag) - 1);
> } else {
> *frag_end = start + (1 << *frag);
> }
But I'm fine with applying the patch if it silences your warning.
Regards,
Christian.
>
> Addresses-Coverity: ("Unintentional integer overflow")
> Fixes: dfcd99f6273e ("drm/amdgpu: meld together VM fragment and huge page handling")
> Signed-off-by: Colin Ian King <colin.king@canonical.com>
> ---
> drivers/gpu/drm/amd/amdgpu/amdgpu_vm.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_vm.c b/drivers/gpu/drm/amd/amdgpu/amdgpu_vm.c
> index 9d19078246c8..53a925600510 100644
> --- a/drivers/gpu/drm/amd/amdgpu/amdgpu_vm.c
> +++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_vm.c
> @@ -1412,7 +1412,7 @@ static void amdgpu_vm_fragment(struct amdgpu_vm_update_params *params,
> *frag = max_frag;
> *frag_end = end & ~((1ULL << max_frag) - 1);
> } else {
> - *frag_end = start + (1 << *frag);
> + *frag_end = start + (1ULL << *frag);
> }
> }
>
next prev parent reply other threads:[~2021-02-08 14:06 UTC|newest]
Thread overview: 20+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-02-07 23:07 [PATCH] drm/amdgpu: fix potential integer overflow on shift of a int Colin King
2021-02-07 23:07 ` Colin King
2021-02-07 23:07 ` Colin King
2021-02-07 23:07 ` Colin King
2021-02-08 9:17 ` Christian König
2021-02-08 9:17 ` Christian König
2021-02-08 9:17 ` Christian König
2021-02-08 9:17 ` Christian König
2021-02-08 11:05 ` Walter Harms [this message]
2021-02-08 11:05 ` AW: " Walter Harms
2021-02-08 11:05 ` Walter Harms
2021-02-08 11:05 ` Walter Harms
2021-02-08 12:14 ` Christian König
2021-02-08 12:14 ` Christian König
2021-02-08 12:14 ` Christian König
2021-02-08 12:14 ` Christian König
2021-02-08 15:55 ` AW: " Walter Harms
2021-02-08 15:55 ` Walter Harms
2021-02-08 15:55 ` Walter Harms
2021-02-08 15:55 ` Walter Harms
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=3aed86cfb8014badbcbc4ee9f007976d@bfs.de \
--to=wharms@bfs.de \
--cc=Jerry.Zhang@amd.com \
--cc=airlied@linux.ie \
--cc=alexander.deucher@amd.com \
--cc=amd-gfx@lists.freedesktop.org \
--cc=christian.koenig@amd.com \
--cc=colin.king@canonical.com \
--cc=daniel@ffwll.ch \
--cc=dri-devel@lists.freedesktop.org \
--cc=kernel-janitors@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=ray.huang@amd.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.