On Tue, Jun 23, 2026 at 11:02:39AM +0200, Thomas Zimmermann wrote: > Hi > > Am 22.06.26 um 18:13 schrieb Thierry Reding: > > On Mon, Jun 22, 2026 at 03:19:39PM +0200, Thomas Zimmermann wrote: > > > The size of the mmap'ed framebuffer could be smaller than the minimum > > > required framebuffer size. Validate the resource size against the > > > framebuffer size. > > > > > > Buggy firmware that triggers this check should be fixed up with a quirk > > > on a case-by-case base. > > > > > > Signed-off-by: Thomas Zimmermann <[email protected]> > > > Suggested-by: Sashiko <[email protected]> > > > --- > > > drivers/gpu/drm/sysfb/simpledrm.c | 25 +++++++++++++++++++++++++ > > > 1 file changed, 25 insertions(+) > > > > > > diff --git a/drivers/gpu/drm/sysfb/simpledrm.c > > > b/drivers/gpu/drm/sysfb/simpledrm.c > > > index 76b9a3f5c4ef..a04f0c852ea4 100644 > > > --- a/drivers/gpu/drm/sysfb/simpledrm.c > > > +++ b/drivers/gpu/drm/sysfb/simpledrm.c > > > @@ -6,6 +6,7 @@ > > > #include <linux/of_address.h> > > > #include <linux/of_clk.h> > > > #include <linux/of_reserved_mem.h> > > > +#include <linux/overflow.h> > > > #include <linux/platform_data/simplefb.h> > > > #include <linux/platform_device.h> > > > #include <linux/pm.h> > > > @@ -624,6 +625,7 @@ static struct simpledrm_device > > > *simpledrm_device_create(struct drm_driver *drv, > > > u16 width_mm = 0, height_mm = 0; > > > struct device_node *panel_node; > > > const struct drm_format_info *format; > > > + u64 size; > > > struct resource *res, *mem = NULL; > > > struct drm_plane *primary_plane; > > > struct drm_crtc *crtc; > > > @@ -704,6 +706,15 @@ static struct simpledrm_device > > > *simpledrm_device_create(struct drm_driver *drv, > > > } > > > stride = pitch; > > > } > > > + if (check_mul_overflow(height, stride, &size)) { > > > + drm_err(dev, "framebuffer size exceeds maximum\n"); > > > + return ERR_PTR(-EINVAL); > > > + } > > > + size = ALIGN(size, PAGE_SIZE); > > > + if (size < PAGE_SIZE) { > > > + drm_err(dev, "framebuffer alignment exceeds maximum\n"); > > That error message doesn't make sense to me. Maybe "framebuffer > > alignment below minimum", or something along those lines? > > This tests that the align operation did not overflow size. The result would > then be 0. With the earlier patches limiting the height and stride and size > being of u64, it's not possible any longer, I think. But testing it doesn't > really cost us much. > > What do you think of "aligned framebuffer size exceeds maximum"?
Ah, I misunderstood what the code was doing. Yes, I think that message makes it a bit clearer what the error is. Thierry
signature.asc
Description: PGP signature
