drm/i915/fb: Check that the clear color fits within the BO

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

Make sure the user supplied offset[] for the clear color plane
fits within the actual BO. Note that we use tile units to track
the size here. All the other color/aux planes are already
being checked correctly.

Cc: Sagar Ghuge <sagar.ghuge@intel.com>
Cc: Nanley Chery <nanley.g.chery@intel.com>
Cc: Xi Ruoyao <xry111@xry111.site>
Signed-off-by: Ville Syrjälä <ville.syrjala@linux.intel.com>
Link: https://patchwork.freedesktop.org/patch/msgid/20241129065014.8363-4-ville.syrjala@linux.intel.com
Reviewed-by: José Roberto de Souza <jose.souza@intel.com>

Ville Syrjälä 1 year ago b9ec6793 0bd39e30

+10

1 changed file

expand all

drivers

gpu

drm

i915

display

intel_fb.c

+10

drivers/gpu/drm/i915/display/intel_fb.c

··· 1694 1694 * arithmetic related to alignment and offset calculation. 1695 1695 */ 1696 1696 if (is_gen12_ccs_cc_plane(&fb->base, i)) { 1697 + unsigned int end; 1698 + 1697 1699 if (!IS_ALIGNED(fb->base.offsets[i], 64)) { 1698 1700 drm_dbg_kms(&i915->drm, 1699 1701 "fb misaligned clear color plane %d offset (0x%x)\n", ··· 1703 1701 return -EINVAL; 1704 1702 } 1705 1703 1704 + if (check_add_overflow(fb->base.offsets[i], 64, &end)) { 1705 + drm_dbg_kms(&i915->drm, 1706 + "fb bad clear color plane %d offset (0x%x)\n", 1707 + i, fb->base.offsets[i]); 1708 + return -EINVAL; 1709 + } 1710 + 1711 + max_size = max(max_size, DIV_ROUND_UP(end, tile_size)); 1706 1712 continue; 1707 1713 } 1708 1714