Re: [PATCH] drm/i915/backlight: Return immediately when scale() finds invalid parameters

public inbox for linux-kernel@vger.kernel.org
 help / color / mirror / Atom feed

From: Jani Nikula <jani.nikula@linux.intel.com>
To: Guenter Roeck <linux@roeck-us.net>
Cc: Rodrigo Vivi <rodrigo.vivi@intel.com>,
	Joonas Lahtinen <joonas.lahtinen@linux.intel.com>,
	Tvrtko Ursulin <tursulin@ursulin.net>,
	David Airlie <airlied@gmail.com>, Simona Vetter <simona@ffwll.ch>,
	intel-gfx@lists.freedesktop.org, intel-xe@lists.freedesktop.org,
	dri-devel@lists.freedesktop.org, linux-kernel@vger.kernel.org,
	Guenter Roeck <linux@roeck-us.net>,
	Linus Torvalds <torvalds@linux-foundation.org>,
	David Laight <david.laight.linux@gmail.com>,
	Andy Shevchenko <andriy.shevchenko@linux.intel.com>
Subject: Re: [PATCH] drm/i915/backlight: Return immediately when scale() finds invalid parameters
Date: Tue, 21 Jan 2025 10:03:00 +0200	[thread overview]
Message-ID: <87o700ppaj.fsf@intel.com> (raw)
In-Reply-To: <20250121061746.2730572-1-linux@roeck-us.net>

On Mon, 20 Jan 2025, Guenter Roeck <linux@roeck-us.net> wrote:
> The scale() functions detects invalid parameters, but continues
> its calculations anyway. This causes bad results if negative values
> are used for unsigned operations. Worst case, a division by 0 error
> will be seen if source_min == source_max.
>
> On top of that, after v6.13, the sequence of WARN_ON() followed by clamp()
> may result in a build error with gcc 13.x.
>
> drivers/gpu/drm/i915/display/intel_backlight.c: In function 'scale':
> include/linux/compiler_types.h:542:45: error:
> 	call to '__compiletime_assert_415' declared with attribute error:
> 	clamp() low limit source_min greater than high limit source_max
>
> This happens if the compiler decides to rearrange the code as follows.
>
>         if (source_min > source_max) {
>                 WARN(..);
>                 /* Do the clamp() knowing that source_min > source_max */
>                 source_val = clamp(source_val, source_min, source_max);
>         } else {
>                 /* Do the clamp knowing that source_min <= source_max */
>                 source_val = clamp(source_val, source_min, source_max);
>         }
>
> Fix the problem by evaluating the return values from WARN_ON and returning
> immediately after a warning. While at it, fix divide by zero error seen
> if source_min == source_max.

Thanks for the effort in tracking this down.

> Analyzed-by: Linus Torvalds <torvalds@linux-foundation.org>
> Suggested-by: Linus Torvalds <torvalds@linux-foundation.org>
> Suggested-by: David Laight <david.laight.linux@gmail.com>
> Cc: David Laight <david.laight.linux@gmail.com>
> Cc: Jani Nikula <jani.nikula@linux.intel.com>
> Cc: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
> Signed-off-by: Guenter Roeck <linux@roeck-us.net>
> ---
>  drivers/gpu/drm/i915/display/intel_backlight.c | 7 +++++--
>  1 file changed, 5 insertions(+), 2 deletions(-)
>
> diff --git a/drivers/gpu/drm/i915/display/intel_backlight.c b/drivers/gpu/drm/i915/display/intel_backlight.c
> index 3f81a726cc7d..ad49bd4a1c12 100644
> --- a/drivers/gpu/drm/i915/display/intel_backlight.c
> +++ b/drivers/gpu/drm/i915/display/intel_backlight.c
> @@ -40,8 +40,11 @@ static u32 scale(u32 source_val,
>  {
>  	u64 target_val;
>  
> -	WARN_ON(source_min > source_max);
> -	WARN_ON(target_min > target_max);
> +	if (WARN_ON(target_min > target_max))
> +		return target_min;
> +
> +	if (WARN_ON(source_min > source_max) || source_min == source_max)
> +		return target_min + (target_max - target_min) / 2;

There's really no need to be this fancy, though. Years down the line
someone's going to think that mean value calculation is something we
need to preserve, but we don't. I'd just return target_max everywhere.
And source_min == source_max could be a warn too.


BR,
Jani.


>  
>  	/* defensive */
>  	source_val = clamp(source_val, source_min, source_max);

-- 
Jani Nikula, Intel

     prev parent reply	other threads:[~2025-01-21  8:03 UTC|newest]

Thread overview: 2+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2025-01-21  6:17 [PATCH] drm/i915/backlight: Return immediately when scale() finds invalid parameters Guenter Roeck
2025-01-21  8:03 ` Jani Nikula [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=87o700ppaj.fsf@intel.com \
    --to=jani.nikula@linux.intel.com \
    --cc=airlied@gmail.com \
    --cc=andriy.shevchenko@linux.intel.com \
    --cc=david.laight.linux@gmail.com \
    --cc=dri-devel@lists.freedesktop.org \
    --cc=intel-gfx@lists.freedesktop.org \
    --cc=intel-xe@lists.freedesktop.org \
    --cc=joonas.lahtinen@linux.intel.com \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux@roeck-us.net \
    --cc=rodrigo.vivi@intel.com \
    --cc=simona@ffwll.ch \
    --cc=torvalds@linux-foundation.org \
    --cc=tursulin@ursulin.net \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox