| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <pwwukfhijwywhz7tailrfamxdyz6jabo5ref64xr6upnkzcpel@flzvrcr3m3h5>
Date: Wed, 20 Nov 2024 14:16:09 +0200
From: Dmitry Baryshkov <dmitry.baryshkov@...aro.org>
To: Dheeraj Reddy Jonnalagadda <dheeraj.linuxdev@...il.com>
Cc: robdclark@...il.com, quic_abhinavk@...cinc.com,
linux-arm-msm@...r.kernel.org, sean@...rly.run, marijn.suijten@...ainline.org,
airlied@...il.com, simona@...ll.ch, quic_bjorande@...cinc.com,
quic_parellan@...cinc.com, quic_khsieh@...cinc.com, dri-devel@...ts.freedesktop.org,
freedreno@...ts.freedesktop.org, linux-kernel@...r.kernel.org, dianders@...omium.org
Subject: Re: [PATCH drm-next] drm/msm/dp: Fix potential division by zero issue
On Wed, Nov 20, 2024 at 05:24:20PM +0530, Dheeraj Reddy Jonnalagadda wrote:
> On Wed, Nov 20, 2024 at 01:02:32PM +0200, Dmitry Baryshkov wrote:
> > On Wed, Nov 20, 2024 at 10:34:51AM +0530, Dheeraj Reddy Jonnalagadda wrote:
> > > The variable pixel_div can remain zero due to an invalid rate input,
> >
> > No, it can not. Rate is set by the driver, which knowns which rates are
> > supported.
> >
> > > leading to a potential division by zero issue. This patch fixes it and
> > > the function now logs an error and returns early.
> >
> > See Documentation/process/submitting-patches.rst, look for "This patch"
> > string.
> >
> > >
> > > Additionally, this patch resolves trailing whitespace issues detected
> > > by checkpatch.pl in the same file.
> >
> > Additionally perform ... => separate commits.
> >
> > >
> > > Signed-off-by: Dheeraj Reddy Jonnalagadda <dheeraj.linuxdev@...il.com>
> > > ---
> > > drivers/gpu/drm/msm/dp/dp_catalog.c | 8 +++++---
> > > 1 file changed, 5 insertions(+), 3 deletions(-)
> > >
> > > diff --git a/drivers/gpu/drm/msm/dp/dp_catalog.c b/drivers/gpu/drm/msm/dp/dp_catalog.c
> > > index b4c8856fb25d..e170f70f1d42 100644
> > > --- a/drivers/gpu/drm/msm/dp/dp_catalog.c
> > > +++ b/drivers/gpu/drm/msm/dp/dp_catalog.c
> > > @@ -225,7 +225,7 @@ int msm_dp_catalog_aux_clear_hw_interrupts(struct msm_dp_catalog *msm_dp_catalog
> > > * This function reset AUX controller
> > > *
> > > * NOTE: reset AUX controller will also clear any pending HPD related interrupts
> > > - *
> > > + *
> > > */
> > > void msm_dp_catalog_aux_reset(struct msm_dp_catalog *msm_dp_catalog)
> > > {
> > > @@ -487,8 +487,10 @@ void msm_dp_catalog_ctrl_config_msa(struct msm_dp_catalog *msm_dp_catalog,
> > > pixel_div = 2;
> > > else if (rate == link_rate_hbr2)
> > > pixel_div = 4;
> > > - else
> > > + else {
> > > DRM_ERROR("Invalid pixel mux divider\n");
> > > + return;
> > > + }
> > >
> > > dispcc_input_rate = (rate * 10) / pixel_div;
> > >
> > > @@ -579,7 +581,7 @@ u32 msm_dp_catalog_hw_revision(const struct msm_dp_catalog *msm_dp_catalog)
> > > * This function reset the DP controller
> > > *
> > > * NOTE: reset DP controller will also clear any pending HPD related interrupts
> > > - *
> > > + *
> > > */
> > > void msm_dp_catalog_ctrl_reset(struct msm_dp_catalog *msm_dp_catalog)
> > > {
> > > --
> > > 2.34.1
> > >
> >
> > --
> > With best wishes
> > Dmitry
>
> Hello Dmitry,
>
> Thank you for the valuable feedback. Will update my commit messages
> accordingly. I wanted to seek clarification on the the divide by zero
> issue. Would pixel_dev not be zero upon hitting the else case as
> indicated below casuing a div by zero?
>
> u32 mvid, nvid, pixel_div = 0, dispcc_input_rate;
> u32 const nvid_fixed = DP_LINK_CONSTANT_N_VALUE;
>
> [..]
>
> if (rate == link_rate_hbr3)
> pixel_div = 6;
> else if (rate == 162000 || rate == 270000)
> pixel_div = 2;
> else if (rate == link_rate_hbr2)
> pixel_div = 4;
> else
> DRM_ERROR("Invalid pixel mux divider\n"); <<-- here
The 'rate' itself also comes from the driver and the calling functions
ensure that the value is correct.
>
> dispcc_input_rate = (rate * 10) / pixel_div;
>
> -Dheeraj
--
With best wishes
Dmitry
Powered by blists - more mailing lists