| Message ID | 20241215125355.938953-1-karprzy7@gmail.com (mailing list archive) |
|---|---|
| State | New |
| Headers | show |
| Series | [PATCHv3] drm: zynqmp_dp: Fix integer overflow in zynqmp_dp_rate_get() | expand |
Ho Karol, Thank you for the patch. On Sun, Dec 15, 2024 at 01:53:55PM +0100, Karol Przybylski wrote: > This patch fixes a potential integer overflow in the zynqmp_dp_rate_get() > > The issue comes up when the expression > drm_dp_bw_code_to_link_rate(dp->test.bw_code) * 10000 is evaluated using 32-bit > Now the constant is a compatible 64-bit type. > > Resolves coverity issues: CID 1636340 and CID 1635811 > > Cc: stable@vger.kernel.org > Fixes: 28edaacb821c6 ("drm: zynqmp_dp: Add debugfs interface for compliance testing") > Signed-off-by: Karol Przybylski <karprzy7@gmail.com> Reviewed-by: Laurent Pinchart <laurent.pinchart@ideasonboard.com> > --- > Changes from previous versions: > Added Fixes tag > Added Cc for stable kernel version > Fixed formatting > > drivers/gpu/drm/xlnx/zynqmp_dp.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/drivers/gpu/drm/xlnx/zynqmp_dp.c b/drivers/gpu/drm/xlnx/zynqmp_dp.c > index 25c5dc61ee88..56a261a40ea3 100644 > --- a/drivers/gpu/drm/xlnx/zynqmp_dp.c > +++ b/drivers/gpu/drm/xlnx/zynqmp_dp.c > @@ -2190,7 +2190,7 @@ static int zynqmp_dp_rate_get(void *data, u64 *val) > struct zynqmp_dp *dp = data; > > mutex_lock(&dp->lock); > - *val = drm_dp_bw_code_to_link_rate(dp->test.bw_code) * 10000; > + *val = drm_dp_bw_code_to_link_rate(dp->test.bw_code) * 10000ULL; > mutex_unlock(&dp->lock); > return 0; > }
Hi, On 15/12/2024 14:53, Karol Przybylski wrote: > This patch fixes a potential integer overflow in the zynqmp_dp_rate_get() > > The issue comes up when the expression > drm_dp_bw_code_to_link_rate(dp->test.bw_code) * 10000 is evaluated using 32-bit > Now the constant is a compatible 64-bit type. > > Resolves coverity issues: CID 1636340 and CID 1635811 > > Cc: stable@vger.kernel.org > Fixes: 28edaacb821c6 ("drm: zynqmp_dp: Add debugfs interface for compliance testing") > Signed-off-by: Karol Przybylski <karprzy7@gmail.com> > --- > Changes from previous versions: > Added Fixes tag > Added Cc for stable kernel version > Fixed formatting > > drivers/gpu/drm/xlnx/zynqmp_dp.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/drivers/gpu/drm/xlnx/zynqmp_dp.c b/drivers/gpu/drm/xlnx/zynqmp_dp.c > index 25c5dc61ee88..56a261a40ea3 100644 > --- a/drivers/gpu/drm/xlnx/zynqmp_dp.c > +++ b/drivers/gpu/drm/xlnx/zynqmp_dp.c > @@ -2190,7 +2190,7 @@ static int zynqmp_dp_rate_get(void *data, u64 *val) > struct zynqmp_dp *dp = data; > > mutex_lock(&dp->lock); > - *val = drm_dp_bw_code_to_link_rate(dp->test.bw_code) * 10000; > + *val = drm_dp_bw_code_to_link_rate(dp->test.bw_code) * 10000ULL; > mutex_unlock(&dp->lock); > return 0; > } Thanks, pushed to drm-misc-next. Tomi
diff --git a/drivers/gpu/drm/xlnx/zynqmp_dp.c b/drivers/gpu/drm/xlnx/zynqmp_dp.c index 25c5dc61ee88..56a261a40ea3 100644 --- a/drivers/gpu/drm/xlnx/zynqmp_dp.c +++ b/drivers/gpu/drm/xlnx/zynqmp_dp.c @@ -2190,7 +2190,7 @@ static int zynqmp_dp_rate_get(void *data, u64 *val) struct zynqmp_dp *dp = data; mutex_lock(&dp->lock); - *val = drm_dp_bw_code_to_link_rate(dp->test.bw_code) * 10000; + *val = drm_dp_bw_code_to_link_rate(dp->test.bw_code) * 10000ULL; mutex_unlock(&dp->lock); return 0; }
This patch fixes a potential integer overflow in the zynqmp_dp_rate_get() The issue comes up when the expression drm_dp_bw_code_to_link_rate(dp->test.bw_code) * 10000 is evaluated using 32-bit Now the constant is a compatible 64-bit type. Resolves coverity issues: CID 1636340 and CID 1635811 Cc: stable@vger.kernel.org Fixes: 28edaacb821c6 ("drm: zynqmp_dp: Add debugfs interface for compliance testing") Signed-off-by: Karol Przybylski <karprzy7@gmail.com> --- Changes from previous versions: Added Fixes tag Added Cc for stable kernel version Fixed formatting drivers/gpu/drm/xlnx/zynqmp_dp.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)