[bug report] drm: Warn about negative sizes when calculating scale factor

Dan Carpenter Wed, 18 Oct 2023 07:17:57 -0700

drivers/gpu/drm/drm_rect.c
   134  static int drm_calc_scale(int src, int dst)
   135  {
   136          int scale = 0;
   137  
   138          if (WARN_ON(src < 0 || dst < 0))
                    ^^^^^^^^^^^^^^^^^^^^^^^^^^^
These days, with automated fuzz testing, this WARN_ON() is problematic.
WARN() is considered a kernel bug, and pr_warn() is the hip new way to
alert the user about issues.


It should probably pr_warn_once() because this is easy to trigger.
There is a kunit test which triggers it:
drivers/gpu/drm/tests/drm_rect_test.c

Reported-by: Linux Kernel Functional Testing <l...@linaro.org>

   139                  return -EINVAL;
   140  
   141          if (dst == 0)
   142                  return 0;
   143  
   144          if (src > (dst << 16))
   145                  return DIV_ROUND_UP(src, dst);
   146          else
   147                  scale = src / dst;
   148  
   149          return scale;
   150  }

The stack trace is:

[ 1297.757480] WARNING: CPU: 0 PID: 1555 at drivers/gpu/drm/drm_rect.c:138 
drm_rect_calc_hscale+0xcc/0xd8
[ 1297.758551] Modules linked in:
[ 1297.759247] CPU: 0 PID: 1555 Comm: kunit_try_catch Tainted: G    B           
 N 6.5.1-rc1 #1
[ 1297.760085] Hardware name: Generic DT based system
[ 1297.760619]  unwind_backtrace from show_stack+0x18/0x1c
[ 1297.761257]  show_stack from dump_stack_lvl+0x58/0x70
[ 1297.761936]  dump_stack_lvl from __warn+0xa8/0x180
[ 1297.762536]  __warn from warn_slowpath_fmt+0x110/0x1dc
[ 1297.762901]  warn_slowpath_fmt from drm_rect_calc_hscale+0xcc/0xd8
[ 1297.763241]  drm_rect_calc_hscale from drm_test_rect_calc_hscale+0xb0/0x150
[ 1297.763608]  drm_test_rect_calc_hscale from 
kunit_generic_run_threadfn_adapter+0x2c/0x48
[ 1297.764020]  kunit_generic_run_threadfn_adapter from kthread+0x184/0x1a8
[ 1297.764384]  kthread from ret_from_fork+0x14/0x2c
[ 1297.764812] Exception stack(0xfa41bfb0 to 0xfa41bff8)
[ 1297.765470] bfa0:                                     00000000 00000000 
00000000 00000000
[ 1297.767825] bfc0: 00000000 00000000 00000000 00000000 00000000 00000000 
00000000 00000000
[ 1297.768452] bfe0: 00000000 00000000 00000000 00000000 00000013 00000000
[ 1297.769652] ---[ end trace 0000000000000000 ]---

regards,
dan carpenter

[bug report] drm: Warn about negative sizes when calculating scale factor

Reply via email to