| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <e0ada957-ab34-4911-b189-e51160b44b80@suse.de>
Date: Mon, 5 Jan 2026 08:21:31 +0100
From: Thomas Zimmermann <tzimmermann@...e.de>
To: Dmitry Baryshkov <dmitry.baryshkov@....qualcomm.com>
Cc: Maarten Lankhorst <maarten.lankhorst@...ux.intel.com>,
Maxime Ripard <mripard@...nel.org>, David Airlie <airlied@...il.com>,
Simona Vetter <simona@...ll.ch>, Harry Wentland <harry.wentland@....com>,
Leo Li <sunpeng.li@....com>, Rodrigo Siqueira <siqueira@...lia.com>,
Alex Deucher <alexander.deucher@....com>,
Christian König <christian.koenig@....com>,
dri-devel@...ts.freedesktop.org, linux-kernel@...r.kernel.org,
amd-gfx@...ts.freedesktop.org
Subject: Re: [PATCH RESEND 2/3] drm/atomic: add max_size check to
drm_property_replace_blob_from_id()
Hi
Am 28.12.25 um 01:53 schrieb Dmitry Baryshkov:
> On Thu, Dec 11, 2025 at 08:46:26AM +0100, Thomas Zimmermann wrote:
>> Hi
>>
>> Am 10.12.25 um 20:42 schrieb Dmitry Baryshkov:
>>> The function drm_property_replace_blob_from_id() allows checking whether
>>> the blob size is equal to a predefined value. In case of variable-size
>>> properties (like the gamma / degamma LUTs) we might want to check for
>>> the blob size against the maximum, allowing properties of the size
>>> lesser than the max supported by the hardware. Extend the function in
>>> order to support such checks.
>>>
>>> Signed-off-by: Dmitry Baryshkov <dmitry.baryshkov@....qualcomm.com>
>>> ---
>>> drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_plane.c | 5 +++++
>>> drivers/gpu/drm/drm_atomic_uapi.c | 7 +++++--
>>> drivers/gpu/drm/drm_property.c | 11 +++++++++++
>>> include/drm/drm_property.h | 1 +
>>> 4 files changed, 22 insertions(+), 2 deletions(-)
>>>
>>> @@ -801,6 +803,15 @@ int drm_property_replace_blob_from_id(struct drm_device *dev,
>>> drm_property_blob_put(new_blob);
>>> return -EINVAL;
>>> }
>>> +
>>> + if (max_size > 0 &&
>>> + new_blob->length > max_size) {
>>> + drm_dbg_atomic(dev,
>>> + "[BLOB:%d] length %zu greater than max %zu\n",
>>> + new_blob->base.id, new_blob->length, max_size);
>>> + drm_property_blob_put(new_blob);
>>> + return -EINVAL;
>>> + }
>> I'd first test for max_size before testing for expected size.
>>
>> And shouldn't you also test for (max_size % expected_elem_size == 0)?
> No, why? We are testing the values passed from the userspace, not the
> kernel itself. E.g. we also don't have a test that (expected_size %
> expected_elem_size == 0).
Well, OK.
Best regards
Thomas
>
>> Best regards
>> Thomas
>>
>>> }
>>> *replaced |= drm_property_replace_blob(blob, new_blob);
>>> diff --git a/include/drm/drm_property.h b/include/drm/drm_property.h
>>> index 082f29156b3e..aa49b5a42bb5 100644
>>> --- a/include/drm/drm_property.h
>>> +++ b/include/drm/drm_property.h
>>> @@ -284,6 +284,7 @@ int drm_property_replace_blob_from_id(struct drm_device *dev,
>>> uint64_t blob_id,
>>> ssize_t expected_size,
>>> ssize_t expected_elem_size,
>>> + ssize_t max_size,
>>> bool *replaced);
>>> int drm_property_replace_global_blob(struct drm_device *dev,
>>> struct drm_property_blob **replace,
>>>
>> --
>> --
>> Thomas Zimmermann
>> Graphics Driver Developer
>> SUSE Software Solutions Germany GmbH
>> Frankenstr. 146, 90461 Nürnberg, Germany, www.suse.com
>> GF: Jochen Jaser, Andrew McDonald, Werner Knoblich, (HRB 36809, AG Nürnberg)
>>
>>
--
--
Thomas Zimmermann
Graphics Driver Developer
SUSE Software Solutions Germany GmbH
Frankenstr. 146, 90461 Nürnberg, Germany, www.suse.com
GF: Jochen Jaser, Andrew McDonald, Werner Knoblich, (HRB 36809, AG Nürnberg)
Powered by blists - more mailing lists