From: "Alex Bennée" <alex.bennee@linaro.org>
To: Dmitry Osipenko <dmitry.osipenko@collabora.com>
Cc: Peter Maydell <peter.maydell@linaro.org>,
qemu-devel@nongnu.org,
Robert Beckett <bob.beckett@collabora.com>,
Antonio Caggiano <antonio.caggiano@collabora.com>,
Xenia Ragiadakou <xenia.ragiadakou@amd.com>,
Huang Rui <ray.huang@amd.com>,
"Michael S. Tsirkin" <mst@redhat.com>
Subject: Re: [PULL 11/13] virtio-gpu: Handle resource blob commands
Date: Fri, 01 Nov 2024 17:17:18 +0000 [thread overview]
Message-ID: <87froaho0x.fsf@draig.linaro.org> (raw)
In-Reply-To: <73bc5cb8-0540-47cd-8a1e-aed8bf772d3a@collabora.com> (Dmitry Osipenko's message of "Fri, 1 Nov 2024 19:04:14 +0300")
Dmitry Osipenko <dmitry.osipenko@collabora.com> writes:
> On 11/1/24 18:35, Peter Maydell wrote:
>> On Tue, 29 Oct 2024 at 12:11, Alex Bennée <alex.bennee@linaro.org> wrote:
>>>
>>> From: Robert Beckett <bob.beckett@collabora.com>
>>>
>>> Support BLOB resources creation, mapping, unmapping and set-scanout by
>>> calling the new stable virglrenderer 0.10 interface. Only enabled when
>>> available and via the blob config. E.g. -device virtio-vga-gl,blob=true
>>>
>>> Signed-off-by: Antonio Caggiano <antonio.caggiano@collabora.com>
>>> Signed-off-by: Robert Beckett <bob.beckett@collabora.com> # added set_scanout_blob
>>> Signed-off-by: Xenia Ragiadakou <xenia.ragiadakou@amd.com>
>>> Signed-off-by: Huang Rui <ray.huang@amd.com>
>>> Signed-off-by: Dmitry Osipenko <dmitry.osipenko@collabora.com>
>>> Message-Id: <20241024210311.118220-12-dmitry.osipenko@collabora.com>
>>> Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
>>
>> Hi; Coverity points out some possible issues with this commit:
>>
>>
>>> + fb.bytes_pp = DIV_ROUND_UP(PIXMAN_FORMAT_BPP(fb.format), 8);
>>> + fb.width = ss.width;
>>> + fb.height = ss.height;
>>> + fb.stride = ss.strides[0];
>>> + fb.offset = ss.offsets[0] + ss.r.x * fb.bytes_pp + ss.r.y * fb.stride;
>>> +
>>> + fbend = fb.offset;
>>> + fbend += fb.stride * (ss.r.height - 1);
>>> + fbend += fb.bytes_pp * ss.r.width;
>>
>> Here 'fbend' is a uint64_t, but fb.stride, fb.bytes_pp,
>> ss.r.height and ss.r.width are all uint32_t. So these
>> multiplications will be done as 32x32->32 before being
>> added to fbend, potentially overflowing. This probably
>> isn't what was intended.
>>
>> (This is Coverity CID 1564769, 1564770.)
>>
>> The calculation of fb.offset also might overflow, but
>> Coverity doesn't spot that because fb.offset is uint32_t
>> and so the whole calculation is 32-bit all the way through
>> without a late-32-to-64 extension.
>
> Will make patch to silence this Coverity warning. AFAICT, there are
> other ways to cause integer overflows in that code, though I assume it
> all should be harmless. Thanks!
Ahh I'm happy for you to do it as you are more familiar with the code.
Note the duplicated code.
--
Alex Bennée
Virtualisation Tech Lead @ Linaro
next prev parent reply other threads:[~2024-11-01 17:17 UTC|newest]
Thread overview: 22+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-10-29 12:10 [PULL 00/13] virtio-gpu vulkan support Alex Bennée
2024-10-29 12:10 ` [PULL 01/13] virtio-gpu: Use trace events for tracking number of in-flight fences Alex Bennée
2024-10-29 12:10 ` [PULL 02/13] virtio-gpu: Move fence_poll timer to VirtIOGPUGL Alex Bennée
2024-10-29 12:10 ` [PULL 03/13] virtio-gpu: Move print_stats " Alex Bennée
2024-10-29 12:10 ` [PULL 04/13] virtio-gpu: Handle virtio_gpu_virgl_init() failure Alex Bennée
2024-10-29 12:10 ` [PULL 05/13] virtio-gpu: Unrealize GL device Alex Bennée
2024-10-29 12:10 ` [PULL 06/13] virtio-gpu: Use pkgconfig version to decide which virgl features are available Alex Bennée
2024-10-29 12:10 ` [PULL 07/13] virtio-gpu: Support context-init feature with virglrenderer Alex Bennée
2024-10-29 12:10 ` [PULL 08/13] virtio-gpu: Don't require udmabuf when blobs and virgl are enabled Alex Bennée
2024-10-29 12:10 ` [PULL 09/13] virtio-gpu: Add virgl resource management Alex Bennée
2024-10-29 12:10 ` [PULL 10/13] virtio-gpu: Support suspension of commands processing Alex Bennée
2024-10-29 12:10 ` [PULL 11/13] virtio-gpu: Handle resource blob commands Alex Bennée
2024-11-01 15:35 ` Peter Maydell
2024-11-01 16:04 ` Dmitry Osipenko
2024-11-01 17:17 ` Alex Bennée [this message]
2024-11-01 17:16 ` Alex Bennée
2024-11-01 18:23 ` Dmitry Osipenko
2024-11-04 11:48 ` Alex Bennée
2024-11-04 13:50 ` BALATON Zoltan
2024-10-29 12:10 ` [PULL 12/13] virtio-gpu: Register capsets dynamically Alex Bennée
2024-10-29 12:10 ` [PULL 13/13] virtio-gpu: Support Venus context Alex Bennée
2024-10-31 11:29 ` [PULL 00/13] virtio-gpu vulkan support Peter Maydell
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87froaho0x.fsf@draig.linaro.org \
--to=alex.bennee@linaro.org \
--cc=antonio.caggiano@collabora.com \
--cc=bob.beckett@collabora.com \
--cc=dmitry.osipenko@collabora.com \
--cc=mst@redhat.com \
--cc=peter.maydell@linaro.org \
--cc=qemu-devel@nongnu.org \
--cc=ray.huang@amd.com \
--cc=xenia.ragiadakou@amd.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).