lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <20250308205406.4162-1-v.shevtsov@mt-integration.ru>
Date: Sun, 9 Mar 2025 01:54:00 +0500
From: Vitaliy Shevtsov <v.shevtsov@...integration.ru>
To: Dave Airlie <airlied@...hat.com>
CC: Vitaliy Shevtsov <v.shevtsov@...integration.ru>, Thomas Zimmermann
	<tzimmermann@...e.de>, Jocelyn Falempe <jfalempe@...hat.com>, Maarten
 Lankhorst <maarten.lankhorst@...ux.intel.com>, Maxime Ripard
	<mripard@...nel.org>, David Airlie <airlied@...il.com>, Simona Vetter
	<simona@...ll.ch>, Sam Ravnborg <sam@...nborg.org>,
	<dri-devel@...ts.freedesktop.org>, <linux-kernel@...r.kernel.org>,
	<lvc-project@...uxtesting.org>
Subject: [PATCH v2] drm/mgag200: fix division by zero in mgag200_g200_pixpllc_atomic_check()

There is a small chance to perform a division by zero. According to the
driver code, clock may have a value less than (p_clk_min >> 3). p_clk_min
itself may have a value up to 2032000 in case of a BIOS PINS version 5.

If this is the case, then f_vco gets the value greater than delta and the
condition (tmp_delta < delta) is always false because the variable computed
is always less than f_vco. This was tested with ref_clk = 27050 and 14318.

As a result variable m remains zero and then is used as a divisor.

Check if m is zero before performing a possibly unsafe division.

Found by Linux Verification Center (linuxtesting.org) with Svace.

Fixes: 877507bb954e ("drm/mgag200: Provide per-device callbacks for PIXPLLC")
Signed-off-by: Vitaliy Shevtsov <v.shevtsov@...integration.ru>
---
v2: Change the commit description to mention both ref_clk values 27050 and
    14318.

 drivers/gpu/drm/mgag200/mgag200_g200.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/drivers/gpu/drm/mgag200/mgag200_g200.c b/drivers/gpu/drm/mgag200/mgag200_g200.c
index f874e2949840..484b22930ce1 100644
--- a/drivers/gpu/drm/mgag200/mgag200_g200.c
+++ b/drivers/gpu/drm/mgag200/mgag200_g200.c
@@ -115,6 +115,10 @@ static int mgag200_g200_pixpllc_atomic_check(struct drm_crtc *crtc, struct drm_a
 			}
 		}
 	}
+
+	if (!m)
+		return -EINVAL;
+
 	f_vco = ref_clk * n / m;
 	if (f_vco < 100000)
 		s = 0;
-- 
2.48.1

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ