Hi, > -----Original Message----- > From: Saarinen, Jani > Sent: Monday, 1 June 2026 22.24 > To: 'Thomas Zimmermann' <[email protected]>; Jani Nikula > <[email protected]>; Dave Airlie <[email protected]>; Simona > Vetter <[email protected]> > Cc: Joonas Lahtinen <[email protected]>; Tvrtko Ursulin > <[email protected]>; Vivi, Rodrigo <[email protected]>; Maarten > Lankhorst <[email protected]>; Maxime Ripard > <[email protected]>; Brost, Matthew <[email protected]>; Thomas > Hellström <[email protected]>; Oded Gabbay > <[email protected]>; [email protected]; intel- > [email protected]; [email protected]; dim- > [email protected] > Subject: RE: [PULL] drm-misc-fixes > > Hi, > > -----Original Message----- > > From: Intel-gfx <[email protected]> On Behalf Of > > Thomas Zimmermann > > Sent: Monday, 1 June 2026 20.27 > > To: Jani Nikula <[email protected]>; Dave Airlie > > <[email protected]>; Simona Vetter <[email protected]> > > Cc: Joonas Lahtinen <[email protected]>; Tvrtko Ursulin > > <[email protected]>; Vivi, Rodrigo <[email protected]>; > > Maarten Lankhorst <[email protected]>; Maxime Ripard > > <[email protected]>; Brost, Matthew <[email protected]>; > Thomas > > Hellström <[email protected]>; Oded Gabbay > > <[email protected]>; [email protected]; intel- > > [email protected]; [email protected]; dim- > > [email protected] > > Subject: Re: [PULL] drm-misc-fixes > > > > Hi > > > > Am 01.06.26 um 17:49 schrieb Jani Nikula: > > > On Mon, 01 Jun 2026, Jani Nikula <[email protected]> wrote: > > >> On Mon, 01 Jun 2026, Jani Nikula <[email protected]> wrote: > > >>> On Fri, 29 May 2026, Thomas Zimmermann <[email protected]> > > wrote: > > >>>> Rajat Gupta (1): > > >>>> drm: prevent integer overflows in dumb buffer creation > > >>>> helpers > > >>> Looks like this commit 5ab62dd3687b ("drm: prevent integer > > >>> overflows in dumb buffer creation helpers") regressed in our CI, > > >>> awaiting confirmation. > > > > That CI report is where? > > See eg. https://intel-gfx-ci.01.org/tree/drm-tip/index.html?testfilter=kms_big > that is https://gitlab.freedesktop.org/drm/i915/kernel/-/issues/16308 > > and > second one: https://intel-gfx-ci.01.org/tree/drm- > tip/igt@[email protected] > that is https://gitlab.freedesktop.org/drm/i915/kernel/-/issues/16296 > > there is also comment from Chaitanya now already "issue is not seen after > reverting and test "igt@vgem_basic@create" is passing > > commit 5ab62dd3687bcc2cc542b99385aabac5c996db6f > Author: Rajat Gupta <[email protected]> > Date: Wed May 20 22:11:21 2026 -0700 > > drm: prevent integer overflows in dumb buffer creation helpers" This proves revert is working (https://patchwork.freedesktop.org/series/167686/#rev1) : https://intel-gfx-ci.01.org/tree/drm-tip/Patchwork_167686v1/index.html?testfilter=vgem%7Cbig_fb
> > Br > Jani > > > >> The IGT test kms_big_fb uses max width and height from > > >> GetResources, and > > >> i915 and xe use max_width 16384 and max_height 16384 in mode config. > > >> > > >> The regressing commit adds random hard limits not based on anything: > > >> > > >> + /* Reject unreasonable inputs early. Dumb buffers are for > > >> software > > >> + * rendering; nothing legitimate needs more than 8192x8192 > > >> + at > > 32bpp. > > >> + * This prevents overflows in downstream alignment helpers. > > >> + */ > > >> + if (args->width >= 8192 || args->height >= 8192 || args->bpp > > > >> 32) > > >> + return -EINVAL; > > >> > > >> This is now in v7.1-rc6. Please revert ASAP. > > > Ah, missed this clue in the pull request: > > > > > > On Fri, 29 May 2026, Thomas Zimmermann <[email protected]> > > wrote: > > >> here is this week's PR from drm-misc-fixes. There's one > > >> cross-subsys commit to the dma-buf code. Commit 5ab62dd3687b ("drm: > > >> prevent integer overflows in dumb buffer creation helpers") has not > > >> Link tag because it went through the security list. > > > We have the whole review and CI processes in place to catch silly > > > mistakes, and then we proceed to shoot ourselves in the foot and > > > bypass all of that because "security", and expedite the regressions > > > everywhere. I'll bet this will be in stable kernels in no time too. > > > This is stupid. > > > > Indeed. But that's how this fix got in. > > > > It fixes a possible overflow elsewhere and using dumb buffers with > > higher values that given here is questionable. Instead of outright > > reverting this, let's first look what actually broke. > > > > Best regards > > Thomas > > > > > > > > Please also read [1] with its recent updates. > > > > > > > > > BR, > > > Jani. > > > > > > > > > [1] > > > https://docs.kernel.org/process/security-bugs.html#what-qualifies-as > > > -a > > > -security-bug > > > > > > > > >> > > >> BR, > > >> Jani. > > >> > > >> > > >>> No matter what, it's immediately suspect because AFAICT it was not > > >>> posted on the lists, and the commit doesn't have a Link: trailer > > >>> pointing at the patch. > > >>> > > >>> This is not how we're supposed to roll. What's going on? > > >>> > > >>> > > >>> BR, > > >>> Jani. > > > > -- > > -- > > Thomas Zimmermann > > Graphics Driver Developer > > SUSE Software Solutions Germany GmbH > > Frankenstr. 146, 90461 Nürnberg, Germany, www.suse.com > > GF: Jochen Jaser, Andrew McDonald, Werner Knoblich, (HRB 36809, AG > > Nürnberg) > >
