From: Sebastian Brzezinka <sebastian.brzezinka@intel.com>
To: Krzysztof Karas <krzysztof.karas@intel.com>,
<intel-gfx@lists.freedesktop.org>
Cc: Danilo Krummrich <dakr@redhat.com>,
Andi Shyti <andi.shyti@linux.intel.com>,
Krzysztof Niemiec <krzysztof.niemiec@intel.com>
Subject: Re: [PATCH 4/6] drm: Avoid suspicious operations in drm_fb_dma_get_gem_addr()
Date: Mon, 8 Sep 2025 11:25:47 +0000 [thread overview]
Message-ID: <DCNDRCE1CJC3.1WB11BZ0Z6XSM@intel.com> (raw)
In-Reply-To: <f47461f76315069590390f3dd9fa115d293187a7.1756995162.git.krzysztof.karas@intel.com>
Hi Krzysztof
On Mon Sep 8, 2025 at 9:25 AM UTC, Krzysztof Karas wrote:
> There are two unsafe scenarios in that function:
> 1) drm_format_info_block_width/height() may return 0 and cause
> division by 0 down the line. Return early if any of these values
> are 0.
> 2) dma_addr calculations are carried out using 32-bit
> arithmetic, which could cause a truncation of the values
> before they are extended to 64 bits. Cast one of the operands
> to dma_addr_t, so 64-bit arithmetic is used.
>
> Fixes: 8c30eecc6769 ("drm/gem: rename struct drm_gem_dma_object.{paddr => dma_addr}")
> Cc: Danilo Krummrich <dakr@redhat.com>
> Cc: <stable@vger.kernel.org> # v6.1+
> Signed-off-by: Krzysztof Karas <krzysztof.karas@intel.com>
> ---
LGTM it could probably be split into two patches, but the changes are pretty small
and it doesn’t really bother me. drm_format_info_block_h/w can both potentially return 0,
so it's good to verify their return values.
Reviewed-by: Sebastian Brzezinka <sebastian.brzezinka@intel.com>
--
Best regards,
Sebastian
next prev parent reply other threads:[~2025-09-08 11:25 UTC|newest]
Thread overview: 19+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-09-08 9:22 [PATCH 0/6] drm: Miscellaneous fixes in drm code Krzysztof Karas
2025-09-08 9:23 ` [PATCH 1/6] drm/i915/gem: Avoid accessing uninitialized context in emit_rpcs_query() Krzysztof Karas
2025-09-08 10:54 ` Andi Shyti
2025-09-08 11:02 ` Sebastian Brzezinka
2025-09-08 9:23 ` [PATCH 2/6] drm/i915: Add default case for the switch in igt_smoke_tiling() Krzysztof Karas
2025-09-08 11:03 ` Andi Shyti
2025-09-09 6:16 ` Krzysztof Karas
2025-09-08 9:24 ` [PATCH 3/6] drm: Remove drm_modeset_backoff() return code Krzysztof Karas
2025-09-08 11:06 ` Andi Shyti
2025-09-09 6:11 ` Krzysztof Karas
2025-09-08 9:25 ` [PATCH 4/6] drm: Avoid suspicious operations in drm_fb_dma_get_gem_addr() Krzysztof Karas
2025-09-08 11:25 ` Sebastian Brzezinka [this message]
2025-09-08 9:26 ` [PATCH 5/6] drm: Do not attempt to round_up() zeros in drm_suballoc_try_alloc() Krzysztof Karas
2025-09-08 9:27 ` [PATCH 6/6] drm: Avoid undefined behavior on u16 multiplication Krzysztof Karas
2025-09-08 9:44 ` Jani Nikula
2025-09-08 11:39 ` Jani Nikula
2025-09-09 6:07 ` Krzysztof Karas
2025-09-08 9:39 ` [PATCH 0/6] drm: Miscellaneous fixes in drm code Jani Nikula
2025-09-08 17:48 ` ✗ i915.CI.BAT: failure for " Patchwork
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=DCNDRCE1CJC3.1WB11BZ0Z6XSM@intel.com \
--to=sebastian.brzezinka@intel.com \
--cc=andi.shyti@linux.intel.com \
--cc=dakr@redhat.com \
--cc=intel-gfx@lists.freedesktop.org \
--cc=krzysztof.karas@intel.com \
--cc=krzysztof.niemiec@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.