subject:"Re\: \[Freedreno\] \[PATCH 1\/2\] drm\/msm\: Avoid div\-by\-zero in dpu_crtc_atomic

Re: [Freedreno] [PATCH 1/2] drm/msm: Avoid div-by-zero in dpu_crtc_atomic_check()

2020-09-02 Thread Sai Prakash Ranjan


On 2020-09-02 03:29, Stephen Boyd wrote:

The cstate->num_mixers member is only set to a non-zero value once
dpu_encoder_virt_mode_set() is called, but the atomic check function 
can
be called by userspace before that. Let's avoid the div-by-zero here 
and

inside _dpu_crtc_setup_lm_bounds() by skipping this part of the atomic
check if dpu_encoder_virt_mode_set() hasn't been called yet. This fixes
an UBSAN warning:

 UBSAN: Undefined behaviour in 
drivers/gpu/drm/msm/disp/dpu1/dpu_crtc.c:860:31

 division by zero
 CPU: 7 PID: 409 Comm: frecon Tainted: G S5.4.31 #128
 Hardware name: Google Trogdor (rev0) (DT)
 Call trace:
  dump_backtrace+0x0/0x14c
  show_stack+0x20/0x2c
  dump_stack+0xa0/0xd8
  __ubsan_handle_divrem_overflow+0xec/0x110
  dpu_crtc_atomic_check+0x97c/0x9d4
  drm_atomic_helper_check_planes+0x160/0x1c8
  drm_atomic_helper_check+0x54/0xbc
  drm_atomic_check_only+0x6a8/0x880
  drm_atomic_commit+0x20/0x5c
  drm_atomic_helper_set_config+0x98/0xa0
  drm_mode_setcrtc+0x308/0x5dc
  drm_ioctl_kernel+0x9c/0x114
  drm_ioctl+0x2ac/0x4b0
  drm_compat_ioctl+0xe8/0x13c
  __arm64_compat_sys_ioctl+0x184/0x324
  el0_svc_common+0xa4/0x154
  el0_svc_compat_handler+0x

Cc: Abhinav Kumar 
Cc: Jeykumar Sankaran 
Cc: Jordan Crouse 
Cc: Sean Paul 
Fixes: 25fdd5933e4c ("drm/msm: Add SDM845 DPU support")
Signed-off-by: Stephen Boyd 
---


Tested-by: Sai Prakash Ranjan 

--
QUALCOMM INDIA, on behalf of Qualcomm Innovation Center, Inc. is a 
member

of Code Aurora Forum, hosted by The Linux Foundation
___
Freedreno mailing list
Freedreno@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/freedreno

Re: [Freedreno] [PATCH 1/2] drm/msm: Avoid div-by-zero in dpu_crtc_atomic_check()

2020-09-01 Thread abhinavk


On 2020-09-01 14:59, Stephen Boyd wrote:

The cstate->num_mixers member is only set to a non-zero value once
dpu_encoder_virt_mode_set() is called, but the atomic check function 
can
be called by userspace before that. Let's avoid the div-by-zero here 
and

inside _dpu_crtc_setup_lm_bounds() by skipping this part of the atomic
check if dpu_encoder_virt_mode_set() hasn't been called yet. This fixes
an UBSAN warning:

 UBSAN: Undefined behaviour in 
drivers/gpu/drm/msm/disp/dpu1/dpu_crtc.c:860:31

 division by zero
 CPU: 7 PID: 409 Comm: frecon Tainted: G S5.4.31 #128
 Hardware name: Google Trogdor (rev0) (DT)
 Call trace:
  dump_backtrace+0x0/0x14c
  show_stack+0x20/0x2c
  dump_stack+0xa0/0xd8
  __ubsan_handle_divrem_overflow+0xec/0x110
  dpu_crtc_atomic_check+0x97c/0x9d4
  drm_atomic_helper_check_planes+0x160/0x1c8
  drm_atomic_helper_check+0x54/0xbc
  drm_atomic_check_only+0x6a8/0x880
  drm_atomic_commit+0x20/0x5c
  drm_atomic_helper_set_config+0x98/0xa0
  drm_mode_setcrtc+0x308/0x5dc
  drm_ioctl_kernel+0x9c/0x114
  drm_ioctl+0x2ac/0x4b0
  drm_compat_ioctl+0xe8/0x13c
  __arm64_compat_sys_ioctl+0x184/0x324
  el0_svc_common+0xa4/0x154
  el0_svc_compat_handler+0x

Cc: Abhinav Kumar 
Cc: Jeykumar Sankaran 
Cc: Jordan Crouse 
Cc: Sean Paul 
Fixes: 25fdd5933e4c ("drm/msm: Add SDM845 DPU support")
Signed-off-by: Stephen Boyd 

Reviewed-by: Abhinav Kumar 

---
 drivers/gpu/drm/msm/disp/dpu1/dpu_crtc.c | 8 +---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/drivers/gpu/drm/msm/disp/dpu1/dpu_crtc.c
b/drivers/gpu/drm/msm/disp/dpu1/dpu_crtc.c
index f272a8d0f95b..74294b5ed93f 100644
--- a/drivers/gpu/drm/msm/disp/dpu1/dpu_crtc.c
+++ b/drivers/gpu/drm/msm/disp/dpu1/dpu_crtc.c
@@ -881,7 +881,7 @@ static int dpu_crtc_atomic_check(struct drm_crtc 
*crtc,

struct drm_plane *plane;
struct drm_display_mode *mode;

-   int cnt = 0, rc = 0, mixer_width, i, z_pos;
+   int cnt = 0, rc = 0, mixer_width = 0, i, z_pos;

struct dpu_multirect_plane_states multirect_plane[DPU_STAGE_MAX * 2];
int multirect_count = 0;
@@ -914,9 +914,11 @@ static int dpu_crtc_atomic_check(struct drm_crtc 
*crtc,


memset(pipe_staged, 0, sizeof(pipe_staged));

-   mixer_width = mode->hdisplay / cstate->num_mixers;
+   if (cstate->num_mixers) {
+   mixer_width = mode->hdisplay / cstate->num_mixers;

-   _dpu_crtc_setup_lm_bounds(crtc, state);
+   _dpu_crtc_setup_lm_bounds(crtc, state);
+   }

crtc_rect.x2 = mode->hdisplay;
crtc_rect.y2 = mode->vdisplay;

___
Freedreno mailing list
Freedreno@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/freedreno

Re: [Freedreno] [PATCH 1/2] drm/msm: Avoid div-by-zero in dpu_crtc_atomic_check()

Re: [Freedreno] [PATCH 1/2] drm/msm: Avoid div-by-zero in dpu_crtc_atomic_check()

2 matches

Site Navigation

Mail list logo

Footer information