Re: [Intel-gfx] [PATCH] drm/i915: Make sure fb gtt offsets stay within 32bits

Thu, 20 Sep 2018 13:07:56 -0700 

Quoting Ville Syrjala (2018-09-20 20:10:18)
> From: Ville Syrjälä <ville.syrj...@linux.intel.com>
> 
> Let's try to make sure the fb offset computations never hit
> an integer overflow by making sure the entire fb stays
> below 32bits. framebuffer_check() in the core already does
> the same check, but as it doesn't know about tiling some things
> can slip through. Repeat the check in the driver with tiling
> taken into account.
> 
> Signed-off-by: Ville Syrjälä <ville.syrj...@linux.intel.com>
> ---
>  drivers/gpu/drm/i915/intel_display.c | 18 +++++++++++++++++-
>  1 file changed, 17 insertions(+), 1 deletion(-)
> 
> diff --git a/drivers/gpu/drm/i915/intel_display.c 
> b/drivers/gpu/drm/i915/intel_display.c
> index e642b7717106..67259c719ffe 100644
> --- a/drivers/gpu/drm/i915/intel_display.c
> +++ b/drivers/gpu/drm/i915/intel_display.c
> @@ -2400,10 +2400,26 @@ static int intel_fb_offset_to_xy(int *x, int *y,
>                                  int color_plane)
>  {
>         struct drm_i915_private *dev_priv = to_i915(fb->dev);
> +       unsigned int height;
>  
>         if (fb->modifier != DRM_FORMAT_MOD_LINEAR &&
> -           fb->offsets[color_plane] % intel_tile_size(dev_priv))
> +           fb->offsets[color_plane] % intel_tile_size(dev_priv)) {
> +               DRM_DEBUG_KMS("Misaligned offset 0x%08x for color plane %d\n",
> +                             fb->offsets[color_plane], color_plane);
>                 return -EINVAL;
> +       }
> +
> +       height = drm_framebuffer_plane_height(fb->height, fb, color_plane);
> +       height = ALIGN(height, intel_tile_height(fb, color_plane));
> +
> +       /* Catch potential overflows early */
> +       if (mul_u32_u32(height, fb->pitches[color_plane]) +

if (add_overflows(mul_u32_u32(height, fb->pitches[color_plane]),
                  fb->offsets[color_plane],
                  U32_MAX) {
?

> +           fb->offsets[color_plane] > UINT_MAX) {
> +               DRM_DEBUG_KMS("Bad offset 0x%08x or pitch %d for color plane 
> %d\n",
> +                             fb->offsets[color_plane], 
> fb->pitches[color_plane],
> +                             color_plane);
> +               return -ERANGE;
> +       }
>  
>         *x = 0;
>         *y = 0;
> -- 
> 2.16.4
> 
> _______________________________________________
> Intel-gfx mailing list
> Intel-gfx@lists.freedesktop.org
> https://lists.freedesktop.org/mailman/listinfo/intel-gfx
_______________________________________________
Intel-gfx mailing list
Intel-gfx@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/intel-gfx

Reply via email to