| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <Zva3CAewBl8NBL91@intel.com>
Date: Fri, 27 Sep 2024 16:45:44 +0300
From: Ville Syrjälä <ville.syrjala@...ux.intel.com>
To: Jani Nikula <jani.nikula@...ux.intel.com>
Cc: Alessandro Zanni <alessandro.zanni87@...il.com>, rodrigo.vivi@...el.com,
joonas.lahtinen@...ux.intel.com, tursulin@...ulin.net,
airlied@...il.com, simona@...ll.ch, intel-gfx@...ts.freedesktop.org,
intel-xe@...ts.freedesktop.org, dri-devel@...ts.freedesktop.org,
linux-kernel@...r.kernel.org, skhan@...uxfoundation.org,
anupnewsmail@...il.com
Subject: Re: [PATCH] gpu: drm: i915: display: Avoid null values
intel_plane_atomic_check_with_state
On Fri, Sep 27, 2024 at 04:14:17PM +0300, Jani Nikula wrote:
> On Fri, 27 Sep 2024, Ville Syrjälä <ville.syrjala@...ux.intel.com> wrote:
> > On Fri, Sep 27, 2024 at 11:20:32AM +0300, Jani Nikula wrote:
> >> On Fri, 27 Sep 2024, Alessandro Zanni <alessandro.zanni87@...il.com> wrote:
> >> > This fix solves multiple Smatch errors:
> >> >
> >> > drivers/gpu/drm/i915/display/intel_atomic_plane.c:660
> >> > intel_plane_atomic_check_with_state() error:
> >> > we previously assumed 'fb' could be null (see line 648)
> >> >
> >> > drivers/gpu/drm/i915/display/intel_atomic_plane.c:664
> >> > intel_plane_atomic_check_with_state()
> >> > error: we previously assumed 'fb' could be null (see line 659)
> >> >
> >> > drivers/gpu/drm/i915/display/intel_atomic_plane.c:671
> >> > intel_plane_atomic_check_with_state()
> >> > error: we previously assumed 'fb' could be null (see line 663)
> >> >
> >> > We should check first if fb is not null before to access its properties.
> >>
> >> new_plane_state->uapi.visible && !fb should not be possible, but it's
> >> probably too hard for smatch to figure out. It's not exactly trivial for
> >> humans to figure out either.
> >>
> >> I'm thinking something like below to help both.
> >>
> >> Ville, thoughts?
> >>
> >>
> >> BR,
> >> Jani.
> >>
> >>
> >> diff --git a/drivers/gpu/drm/i915/display/intel_atomic_plane.c b/drivers/gpu/drm/i915/display/intel_atomic_plane.c
> >> index 3505a5b52eb9..d9da47aed55d 100644
> >> --- a/drivers/gpu/drm/i915/display/intel_atomic_plane.c
> >> +++ b/drivers/gpu/drm/i915/display/intel_atomic_plane.c
> >> @@ -629,6 +629,9 @@ int intel_plane_atomic_check_with_state(const struct intel_crtc_state *old_crtc_
> >> if (ret)
> >> return ret;
> >>
> >> + if (drm_WARN_ON(display->drm, new_plane_state->uapi.visible && !fb))
> >> + return -EINVAL;
> >> +
> >
> > We have probably 100 places that would need this. So it's going
> > to be extremely ugly.
> >
> > One approach I could maybe tolerate is something like
> > intel_plane_is_visible(plane_state)
> > {
> > if (drm_WARN_ON(visible && !fb))
> > return false;
> >
> > return plane_state->visible;
> > }
> >
> > + s/plane_state->visible/intel_plane_is_visible(plane_state)/
> >
> > But is that going to help these obtuse tools?
>
> That does help people, which is more important. :)
>
> I think the problem is first checking if fb is NULL, and then
> dereferencing it anyway.
>
> visible always means fb != NULL, but I forget, is the reverse true? Can
> we have fb != NULL and !visible? I mean could we change the fb check to
> visible check?
No, the reverse does not hold. A plane can be invisible
while still having a valid fb. Eg. the plane could be
positioned completely offscreen, or the entire crtc may
be inactive (DPMS off).
And whenever we have an fb we want to do all the check to make sure
it satisfies all the requirements, whether the plane is visible or
not. Otherwise we could end up confusing userspace with something
like this:
1. Usespace assigns some unsupported fb to the plane
but positions the plane offscreen -> success
2. Userspace moves the plane to somewhere onscreen -> fail
--
Ville Syrjälä
Intel
Powered by blists - more mailing lists