lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-Id: <20210121193414.482139-1-angelogioacchino.delregno@somainline.org>
Date:   Thu, 21 Jan 2021 20:34:14 +0100
From:   AngeloGioacchino Del Regno 
        <angelogioacchino.delregno@...ainline.org>
To:     maarten.lankhorst@...ux.intel.com
Cc:     mripard@...nel.org, tzimmermann@...e.de, airlied@...ux.ie,
        daniel@...ll.ch, dri-devel@...ts.freedesktop.org,
        linux-kernel@...r.kernel.org, konrad.dybcio@...ainline.org,
        marijn.suijten@...ainline.org,
        AngeloGioacchino Del Regno 
        <angelogioacchino.delregno@...ainline.org>
Subject: [PATCH] drm: drm_modes: Fix signed-integer-overflow UBSAN warning

During a UBSAN run on ARM64 MSM8998, kernel built with GCC 7.5.0,
a signed integer overflow was shown.
To solve this warning split the multiplication by assigning the
mode clock first to the "num" variable and then multiply: this
way was chosen because no explicit casting is required.

Solves the following warning:
[    2.028003] UBSAN: signed-integer-overflow in drivers/gpu/drm/drm_modes.c:765:20
[    2.028721] 2376000 * 1000 cannot be represented in type 'int'
[    2.029134] CPU: 6 PID: 62 Comm: kworker/6:1 Tainted: G        W         5.11.0-rc4-00115-g38e7d22724f4-dirty #8
[    2.029884] Hardware name: F(x)tec Pro1 (QX1000) (DT)
[    2.030583] Workqueue: events deferred_probe_work_func
[    2.031043] Call trace:
[    2.031419]  dump_backtrace+0x0/0x288
[    2.032144]  show_stack+0x14/0x60
[    2.032564]  dump_stack+0xd4/0x12c
[    2.032985]  ubsan_epilogue+0xc/0x50
[    2.033693]  handle_overflow+0xd0/0xf8
[    2.034092]  __ubsan_handle_mul_overflow+0x10/0x18
[    2.034493]  drm_mode_vrefresh+0xd8/0xf8
[    2.035181]  cea_mode_alternate_clock+0x18/0xb0
[    2.035592]  drm_match_cea_mode.part.26+0xa8/0x198
[    2.036004]  drm_match_cea_mode+0x14/0x28
[    2.036689]  drm_mode_validate_ycbcr420+0x14/0x78
[    2.037098]  drm_helper_probe_single_connector_modes+0x5fc/0x910
[    2.037815]  drm_client_modeset_probe+0x26c/0x16f8
[    2.038225]  __drm_fb_helper_initial_config_and_unlock+0x44/0x7b8
[    2.038931]  drm_fb_helper_initial_config+0x48/0x68
[    2.039337]  msm_fbdev_init+0x80/0xe0
[    2.039735]  msm_drm_bind+0x4d8/0x6d0

Signed-off-by: AngeloGioacchino Del Regno <angelogioacchino.delregno@...ainline.org>
---
 drivers/gpu/drm/drm_modes.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/drivers/gpu/drm/drm_modes.c b/drivers/gpu/drm/drm_modes.c
index 33fb2f05ce66..dd374c628cc5 100644
--- a/drivers/gpu/drm/drm_modes.c
+++ b/drivers/gpu/drm/drm_modes.c
@@ -762,7 +762,8 @@ int drm_mode_vrefresh(const struct drm_display_mode *mode)
 	if (mode->htotal == 0 || mode->vtotal == 0)
 		return 0;
 
-	num = mode->clock * 1000;
+	num = mode->clock;
+	num *= 1000;
 	den = mode->htotal * mode->vtotal;
 
 	if (mode->flags & DRM_MODE_FLAG_INTERLACE)
-- 
2.30.0

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ