lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <Zva3CAewBl8NBL91@intel.com>
Date: Fri, 27 Sep 2024 16:45:44 +0300
From: Ville Syrjälä <ville.syrjala@...ux.intel.com>
To: Jani Nikula <jani.nikula@...ux.intel.com>
Cc: Alessandro Zanni <alessandro.zanni87@...il.com>, rodrigo.vivi@...el.com,
	joonas.lahtinen@...ux.intel.com, tursulin@...ulin.net,
	airlied@...il.com, simona@...ll.ch, intel-gfx@...ts.freedesktop.org,
	intel-xe@...ts.freedesktop.org, dri-devel@...ts.freedesktop.org,
	linux-kernel@...r.kernel.org, skhan@...uxfoundation.org,
	anupnewsmail@...il.com
Subject: Re: [PATCH] gpu: drm: i915: display: Avoid null values
 intel_plane_atomic_check_with_state

On Fri, Sep 27, 2024 at 04:14:17PM +0300, Jani Nikula wrote:
> On Fri, 27 Sep 2024, Ville Syrjälä <ville.syrjala@...ux.intel.com> wrote:
> > On Fri, Sep 27, 2024 at 11:20:32AM +0300, Jani Nikula wrote:
> >> On Fri, 27 Sep 2024, Alessandro Zanni <alessandro.zanni87@...il.com> wrote:
> >> > This fix solves multiple Smatch errors:
> >> >
> >> > drivers/gpu/drm/i915/display/intel_atomic_plane.c:660
> >> > intel_plane_atomic_check_with_state() error:
> >> > we previously assumed 'fb' could be null (see line 648)
> >> >
> >> > drivers/gpu/drm/i915/display/intel_atomic_plane.c:664
> >> > intel_plane_atomic_check_with_state()
> >> > error: we previously assumed 'fb' could be null (see line 659)
> >> >
> >> > drivers/gpu/drm/i915/display/intel_atomic_plane.c:671
> >> > intel_plane_atomic_check_with_state()
> >> > error: we previously assumed 'fb' could be null (see line 663)
> >> >
> >> > We should check first if fb is not null before to access its properties.
> >> 
> >> new_plane_state->uapi.visible && !fb should not be possible, but it's
> >> probably too hard for smatch to figure out. It's not exactly trivial for
> >> humans to figure out either.
> >> 
> >> I'm thinking something like below to help both.
> >> 
> >> Ville, thoughts?
> >> 
> >> 
> >> BR,
> >> Jani.
> >> 
> >> 
> >> diff --git a/drivers/gpu/drm/i915/display/intel_atomic_plane.c b/drivers/gpu/drm/i915/display/intel_atomic_plane.c
> >> index 3505a5b52eb9..d9da47aed55d 100644
> >> --- a/drivers/gpu/drm/i915/display/intel_atomic_plane.c
> >> +++ b/drivers/gpu/drm/i915/display/intel_atomic_plane.c
> >> @@ -629,6 +629,9 @@ int intel_plane_atomic_check_with_state(const struct intel_crtc_state *old_crtc_
> >>  	if (ret)
> >>  		return ret;
> >>  
> >> +	if (drm_WARN_ON(display->drm, new_plane_state->uapi.visible && !fb))
> >> +		return -EINVAL;
> >> +
> >
> > We have probably 100 places that would need this. So it's going
> > to be extremely ugly.
> >
> > One approach I could maybe tolerate is something like
> > intel_plane_is_visible(plane_state) 
> > {
> > 	if (drm_WARN_ON(visible && !fb))
> > 		return false;
> >
> > 	return plane_state->visible;
> > }
> >
> > + s/plane_state->visible/intel_plane_is_visible(plane_state)/
> >
> > But is that going to help these obtuse tools?
> 
> That does help people, which is more important. :)
> 
> I think the problem is first checking if fb is NULL, and then
> dereferencing it anyway.
> 
> visible always means fb != NULL, but I forget, is the reverse true? Can
> we have fb != NULL and !visible? I mean could we change the fb check to
> visible check?

No, the reverse does not hold. A plane can be invisible
while still having a valid fb. Eg. the plane could be
positioned completely offscreen, or the entire crtc may
be inactive (DPMS off).

And whenever we have an fb we want to do all the check to make sure
it satisfies all the requirements, whether the plane is visible or
not. Otherwise we could end up confusing userspace with something
like this:

1. Usespace assigns some unsupported fb to the plane
   but positions the plane offscreen -> success
2. Userspace moves the plane to somewhere onscreen -> fail

-- 
Ville Syrjälä
Intel

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ