[PATCH AUTOSEL 6.17] fbdev: core: Fix ubsan warning in pixel_to_pat

patches.lists.linux.dev archive mirror
 help / color / mirror / Atom feed

From: Sasha Levin <sashal@kernel.org>
To: patches@lists.linux.dev, stable@vger.kernel.org
Cc: Zsolt Kajtar <soci@c64.rulez.org>, Helge Deller <deller@gmx.de>,
	Sasha Levin <sashal@kernel.org>,
	simona@ffwll.ch
Subject: [PATCH AUTOSEL 6.17] fbdev: core: Fix ubsan warning in pixel_to_pat
Date: Sun, 26 Oct 2025 10:48:48 -0400	[thread overview]
Message-ID: <20251026144958.26750-10-sashal@kernel.org> (raw)
In-Reply-To: <20251026144958.26750-1-sashal@kernel.org>

From: Zsolt Kajtar <soci@c64.rulez.org>

[ Upstream commit aad1d99beaaf132e2024a52727c24894cdf9474a ]

It could be triggered on 32 bit big endian machines at 32 bpp in the
pattern realignment. In this case just return early as the result is
an identity.

Signed-off-by: Zsolt Kajtar <soci@c64.rulez.org>
Signed-off-by: Helge Deller <deller@gmx.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---

LLM Generated explanations, may be completely bogus:

YES
- Returning early in the default branch
  (`drivers/video/fbdev/core/fb_fillrect.h:94`) keeps `pixel_to_pat()`
  from reaching the big-endian realignment block at
  `drivers/video/fbdev/core/fb_fillrect.h:97-99`, eliminating the
  undefined `pattern >> bpp` shift that UBSAN reports when `bpp ==
  BITS_PER_LONG` (e.g., 32 bpp on 32-bit BE). The skipped logic was an
  identity operation in that case, so correctness is preserved.
- The old undefined shift was triggered during ordinary rectangle fills
  (`drivers/video/fbdev/core/fb_fillrect.h:266`) on big-endian
  framebuffers, causing sanitizer aborts and risking miscompilation even
  without UBSAN, so this is a real bug fix with direct user impact.
- The change is tightly scoped, has no dependencies, and leaves little-
  endian paths and sub-word `bpp` handling untouched, keeping regression
  risk very low while restoring defined behavior.

Next steps: 1. If feasible, rebuild a BE configuration with UBSAN to
confirm the warning is gone.

 drivers/video/fbdev/core/fb_fillrect.h | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/drivers/video/fbdev/core/fb_fillrect.h b/drivers/video/fbdev/core/fb_fillrect.h
index 66042e534de77..f366670a53af8 100644
--- a/drivers/video/fbdev/core/fb_fillrect.h
+++ b/drivers/video/fbdev/core/fb_fillrect.h
@@ -92,8 +92,7 @@ static unsigned long pixel_to_pat(int bpp, u32 color)
 		pattern = pattern | pattern << bpp;
 		break;
 	default:
-		pattern = color;
-		break;
+		return color;
 	}
 #ifndef __LITTLE_ENDIAN
 	pattern <<= (BITS_PER_LONG % bpp);
-- 
2.51.0

next prev parent reply	other threads:[~2025-10-26 14:50 UTC|newest]

Thread overview: 47+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2025-10-26 14:48 [PATCH AUTOSEL 6.17-5.4] ACPI: property: Return present device nodes only on fwnode interface Sasha Levin
2025-10-26 14:48 ` [PATCH AUTOSEL 6.17-5.4] ceph: add checking of wait_for_completion_killable() return value Sasha Levin
2025-10-26 14:48 ` [PATCH AUTOSEL 6.17-5.4] 9p: sysfs_init: don't hardcode error to ENOMEM Sasha Levin
2025-10-26 14:48 ` [PATCH AUTOSEL 6.17-5.10] um: Fix help message for ssl-non-raw Sasha Levin
2025-10-26 14:48 ` [PATCH AUTOSEL 6.17] clk: thead: th1520-ap: set all AXI clocks to CLK_IS_CRITICAL Sasha Levin
2025-10-26 14:48 ` [PATCH AUTOSEL 6.17-6.1] NTB: epf: Allow arbitrary BAR mapping Sasha Levin
2025-10-26 14:48 ` [PATCH AUTOSEL 6.17] rtc: zynqmp: Restore alarm functionality after kexec transition Sasha Levin
2025-10-26 14:48 ` [PATCH AUTOSEL 6.17] hyperv: Add missing field to hv_output_map_device_interrupt Sasha Levin
2025-10-26 14:48 ` [PATCH AUTOSEL 6.17-5.4] fbdev: Add bounds checking in bit_putcs to fix vmalloc-out-of-bounds Sasha Levin
2025-10-26 14:48 ` Sasha Levin [this message]
2025-10-26 14:48 ` [PATCH AUTOSEL 6.17-5.10] ASoC: meson: aiu-encoder-i2s: fix bit clock polarity Sasha Levin
2025-10-26 14:48 ` [PATCH AUTOSEL 6.17-5.4] fs/hpfs: Fix error code for new_inode() failure in mkdir/create/mknod/symlink Sasha Levin
2025-10-26 14:48 ` [PATCH AUTOSEL 6.17] drm/amdgpu: Report individual reset error Sasha Levin
2025-10-26 14:48 ` [PATCH AUTOSEL 6.17-5.15] clk: ti: am33xx: keep WKUP_DEBUGSS_CLKCTRL enabled Sasha Levin
2025-10-26 14:48 ` [PATCH AUTOSEL 6.17] clk: at91: add ACR in all PLL settings Sasha Levin
2025-10-26 14:48 ` [PATCH AUTOSEL 6.17-6.12] clk: scmi: Add duty cycle ops only when duty cycle is supported Sasha Levin
2025-10-26 14:48 ` [PATCH AUTOSEL 6.17-5.10] ARM: at91: pm: save and restore ACR during PLL disable/enable Sasha Levin
2025-10-26 14:48 ` [PATCH AUTOSEL 6.17-6.6] rtc: pcf2127: fix watchdog interrupt mask on pcf2131 Sasha Levin
2025-10-26 14:48 ` [PATCH AUTOSEL 6.17-5.15] clk: at91: clk-master: Add check for divide by 3 Sasha Levin
2025-10-26 14:48 ` [PATCH AUTOSEL 6.17-5.15] rtc: pcf2127: clear minute/second interrupt Sasha Levin
2025-10-26 14:48 ` [PATCH AUTOSEL 6.17-6.12] clk: at91: sam9x7: Add peripheral clock id for pmecc Sasha Levin
2025-10-26 14:49 ` [PATCH AUTOSEL 6.17-5.4] 9p: fix /sys/fs/9p/caches overwriting itself Sasha Levin
2025-10-26 14:49 ` [PATCH AUTOSEL 6.17-6.12] 9p/trans_fd: p9_fd_request: kick rx thread if EPOLLIN Sasha Levin
2025-10-26 14:49 ` [PATCH AUTOSEL 6.17] clk: samsung: exynos990: Add missing USB clock registers to HSI0 Sasha Levin
2025-10-26 14:49 ` [PATCH AUTOSEL 6.17] clocksource: hyper-v: Skip unnecessary checks for the root partition Sasha Levin
2025-10-26 14:49 ` [PATCH AUTOSEL 6.17-6.12] ceph: fix multifs mds auth caps issue Sasha Levin
2025-10-26 14:49 ` [PATCH AUTOSEL 6.17-6.12] LoongArch: Handle new atomic instructions for probes Sasha Levin
2025-10-26 14:49 ` [PATCH AUTOSEL 6.17-6.6] ceph: refactor wake_up_bit() pattern of calling Sasha Levin
2025-10-26 14:49 ` [PATCH AUTOSEL 6.17-6.12] drm/amdkfd: Fix mmap write lock not release Sasha Levin
2025-10-26 14:49 ` [PATCH AUTOSEL 6.17-6.12] ceph: fix potential race condition in ceph_ioctl_lazyio() Sasha Levin
2025-10-26 14:49 ` [PATCH AUTOSEL 6.17-6.12] clk: qcom: gcc-ipq6018: rework nss_port5 clock to multiple conf Sasha Levin
2025-10-26 14:49 ` [PATCH AUTOSEL 6.17-6.1] clk: at91: clk-sam9x60-pll: force write to PLL_UPDT register Sasha Levin
2025-10-26 14:49 ` [PATCH AUTOSEL 6.17-5.4] tools bitmap: Add missing asm-generic/bitsperlong.h include Sasha Levin
2025-10-26 14:49 ` [PATCH AUTOSEL 6.17] ALSA: hda/realtek: Add quirk for ASUS ROG Zephyrus Duo Sasha Levin
2025-10-26 14:49 ` [PATCH AUTOSEL 6.17-6.1] kbuild: uapi: Strip comments before size type check Sasha Levin
2025-10-26 14:49 ` [PATCH AUTOSEL 6.17-6.1] tools: lib: thermal: don't preserve owner in install Sasha Levin
2025-10-26 14:49 ` [PATCH AUTOSEL 6.17-6.1] scsi: ufs: core: Include UTP error in INT_FATAL_ERRORS Sasha Levin
2025-10-26 14:49 ` [PATCH AUTOSEL 6.17-6.1] clk: sunxi-ng: sun6i-rtc: Add A523 specifics Sasha Levin
2025-10-26 14:49 ` [PATCH AUTOSEL 6.17-6.12] clk: scmi: migrate round_rate() to determine_rate() Sasha Levin
2025-10-26 23:16   ` Brian Masney
2025-10-28 17:47     ` Sasha Levin
2025-10-26 14:49 ` [PATCH AUTOSEL 6.17-6.12] clk: clocking-wizard: Fix output clock register offset for Versal platforms Sasha Levin
2025-10-26 14:49 ` [PATCH AUTOSEL 6.17] ASoC: rt722: add settings for rt722VB Sasha Levin
2025-10-26 14:49 ` [PATCH AUTOSEL 6.17-5.15] cpufreq: tegra186: Initialize all cores to max frequencies Sasha Levin
2025-10-26 14:49 ` [PATCH AUTOSEL 6.17-6.1] tools: lib: thermal: use pkg-config to locate libnl3 Sasha Levin
2025-10-26 14:49 ` [PATCH AUTOSEL 6.17] clk: renesas: rzv2h: Re-assert reset on deassert timeout Sasha Levin
2025-10-26 14:49 ` [PATCH AUTOSEL 6.17-6.12] net: wwan: t7xx: add support for HP DRMR-H01 Sasha Levin

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:66042e534de7 dfblob:f366670a53af )
 OR (
bs:"[PATCH AUTOSEL 6.17] fbdev: core: Fix ubsan warning in pixel_to_pat" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20251026144958.26750-10-sashal@kernel.org \
    --to=sashal@kernel.org \
    --cc=deller@gmx.de \
    --cc=patches@lists.linux.dev \
    --cc=simona@ffwll.ch \
    --cc=soci@c64.rulez.org \
    --cc=stable@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).