From: "Alex Bennée" <alex.bennee@linaro.org>
To: Dmitry Osipenko <dmitry.osipenko@collabora.com>
Cc: Peter Maydell <peter.maydell@linaro.org>,
qemu-devel@nongnu.org,
Robert Beckett <bob.beckett@collabora.com>,
Antonio Caggiano <antonio.caggiano@collabora.com>,
Xenia Ragiadakou <xenia.ragiadakou@amd.com>,
Huang Rui <ray.huang@amd.com>,
"Michael S. Tsirkin" <mst@redhat.com>
Subject: Re: [PULL 11/13] virtio-gpu: Handle resource blob commands
Date: Fri, 01 Nov 2024 17:17:18 +0000 [thread overview]
Message-ID: <87froaho0x.fsf@draig.linaro.org> (raw)
In-Reply-To: <73bc5cb8-0540-47cd-8a1e-aed8bf772d3a@collabora.com> (Dmitry Osipenko's message of "Fri, 1 Nov 2024 19:04:14 +0300")
Dmitry Osipenko <dmitry.osipenko@collabora.com> writes:
> On 11/1/24 18:35, Peter Maydell wrote:
>> On Tue, 29 Oct 2024 at 12:11, Alex Bennée <alex.bennee@linaro.org> wrote:
>>>
>>> From: Robert Beckett <bob.beckett@collabora.com>
>>>
>>> Support BLOB resources creation, mapping, unmapping and set-scanout by
>>> calling the new stable virglrenderer 0.10 interface. Only enabled when
>>> available and via the blob config. E.g. -device virtio-vga-gl,blob=true
>>>
>>> Signed-off-by: Antonio Caggiano <antonio.caggiano@collabora.com>
>>> Signed-off-by: Robert Beckett <bob.beckett@collabora.com> # added set_scanout_blob
>>> Signed-off-by: Xenia Ragiadakou <xenia.ragiadakou@amd.com>
>>> Signed-off-by: Huang Rui <ray.huang@amd.com>
>>> Signed-off-by: Dmitry Osipenko <dmitry.osipenko@collabora.com>
>>> Message-Id: <20241024210311.118220-12-dmitry.osipenko@collabora.com>
>>> Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
>>
>> Hi; Coverity points out some possible issues with this commit:
>>
>>
>>> + fb.bytes_pp = DIV_ROUND_UP(PIXMAN_FORMAT_BPP(fb.format), 8);
>>> + fb.width = ss.width;
>>> + fb.height = ss.height;
>>> + fb.stride = ss.strides[0];
>>> + fb.offset = ss.offsets[0] + ss.r.x * fb.bytes_pp + ss.r.y * fb.stride;
>>> +
>>> + fbend = fb.offset;
>>> + fbend += fb.stride * (ss.r.height - 1);
>>> + fbend += fb.bytes_pp * ss.r.width;
>>
>> Here 'fbend' is a uint64_t, but fb.stride, fb.bytes_pp,
>> ss.r.height and ss.r.width are all uint32_t. So these
>> multiplications will be done as 32x32->32 before being
>> added to fbend, potentially overflowing. This probably
>> isn't what was intended.
>>
>> (This is Coverity CID 1564769, 1564770.)
>>
>> The calculation of fb.offset also might overflow, but
>> Coverity doesn't spot that because fb.offset is uint32_t
>> and so the whole calculation is 32-bit all the way through
>> without a late-32-to-64 extension.
>
> Will make patch to silence this Coverity warning. AFAICT, there are
> other ways to cause integer overflows in that code, though I assume it
> all should be harmless. Thanks!
Ahh I'm happy for you to do it as you are more familiar with the code.
Note the duplicated code.
--
Alex Bennée
Virtualisation Tech Lead @ Linaro
next prev parent reply other threads:[~2024-11-01 17:17 UTC|newest]
Thread overview: 22+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-10-29 12:10 [PULL 00/13] virtio-gpu vulkan support Alex Bennée
2024-10-29 12:10 ` [PULL 01/13] virtio-gpu: Use trace events for tracking number of in-flight fences Alex Bennée
2024-10-29 12:10 ` [PULL 02/13] virtio-gpu: Move fence_poll timer to VirtIOGPUGL Alex Bennée
2024-10-29 12:10 ` [PULL 03/13] virtio-gpu: Move print_stats " Alex Bennée
2024-10-29 12:10 ` [PULL 04/13] virtio-gpu: Handle virtio_gpu_virgl_init() failure Alex Bennée
2024-10-29 12:10 ` [PULL 05/13] virtio-gpu: Unrealize GL device Alex Bennée
2024-10-29 12:10 ` [PULL 06/13] virtio-gpu: Use pkgconfig version to decide which virgl features are available Alex Bennée
2024-10-29 12:10 ` [PULL 07/13] virtio-gpu: Support context-init feature with virglrenderer Alex Bennée
2024-10-29 12:10 ` [PULL 08/13] virtio-gpu: Don't require udmabuf when blobs and virgl are enabled Alex Bennée
2024-10-29 12:10 ` [PULL 09/13] virtio-gpu: Add virgl resource management Alex Bennée
2024-10-29 12:10 ` [PULL 10/13] virtio-gpu: Support suspension of commands processing Alex Bennée
2024-10-29 12:10 ` [PULL 11/13] virtio-gpu: Handle resource blob commands Alex Bennée
2024-11-01 15:35 ` Peter Maydell
2024-11-01 16:04 ` Dmitry Osipenko
2024-11-01 17:17 ` Alex Bennée [this message]
2024-11-01 17:16 ` Alex Bennée
2024-11-01 18:23 ` Dmitry Osipenko
2024-11-04 11:48 ` Alex Bennée
2024-11-04 13:50 ` BALATON Zoltan
2024-10-29 12:10 ` [PULL 12/13] virtio-gpu: Register capsets dynamically Alex Bennée
2024-10-29 12:10 ` [PULL 13/13] virtio-gpu: Support Venus context Alex Bennée
2024-10-31 11:29 ` [PULL 00/13] virtio-gpu vulkan support Peter Maydell
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87froaho0x.fsf@draig.linaro.org \
--to=alex.bennee@linaro.org \
--cc=antonio.caggiano@collabora.com \
--cc=bob.beckett@collabora.com \
--cc=dmitry.osipenko@collabora.com \
--cc=mst@redhat.com \
--cc=peter.maydell@linaro.org \
--cc=qemu-devel@nongnu.org \
--cc=ray.huang@amd.com \
--cc=xenia.ragiadakou@amd.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.