Received: by 2002:ad5:474a:0:0:0:0:0 with SMTP id i10csp3285500imu;
        Fri, 18 Jan 2019 07:52:45 -0800 (PST)
X-Google-Smtp-Source: ALg8bN7sysezhM+Vww6J+q1jS2vE2CgsPImXH7CH01ZiM5rCfFUfmQhpjWghcwKAcOM1ZXkr86ie
X-Received: by 2002:a63:6bc1:: with SMTP id g184mr18556705pgc.25.1547826765500;
        Fri, 18 Jan 2019 07:52:45 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1547826765; cv=none;
        d=google.com; s=arc-20160816;
        b=qC2q/XrLATjL99htEkzL+uwiYvBtyZRRK3onO82gA2IoKDVeq1afck08kNsaXY1lNI
         ljgmU2W3v8X25+lgileIPZmWK+SwBNKLCBXLI5ltlSKbPxBQvuwDD/cZpBmiL8ok1vTV
         m0o00EGiEJ8Wvwoa+mzcmTYtaJU7juqSeDQKu9S5QALkmLuauyOkiRERbk39AdAfuejA
         rN/EauWUiUzVfHXd3VJrxZJ7MRFYX8mPHkqr/mwLMp/azf2DlRjLyVnmAp4wHb4TUtZt
         ANtQpesjyA67CZXSaObMn3yC2ueyM2ysFCqMYjdfHKpgnyFbQVKfHkS9D3lQWBKwi7va
         dZGQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:user-agent:in-reply-to
         :content-disposition:mime-version:references:mail-followup-to
         :message-id:subject:cc:to:from:date:dkim-signature;
        bh=rgTxmlMSyHnluttuc05ssLLj+B545sn7EqCNp+Qi0sU=;
        b=U5X7oD64vkN6teh8+qi26CVLnOmCXRz2RD+5Zpet1EoqV3TgV6KR8OAa7ijKcFzrmC
         727AI8vL7VBHORQUjWzvhAVGtN0OIMFJPOkTFn7BaonEtN+fUPUaip6hS62vw4ek7MVt
         g+DHS7aWgn0y6+s8Vm/AMcVX2LiTNIKdhPevINdDkPWY/ztHjgJfxOqnLHUkM6dRxdeP
         3Ltx4Ck88AxUTherKpzw8jidswWxqGWcvPniHdRswKpTy2pFMIKF+Mr3HvqLhoEcnupq
         2rzaCYGFuWYyTrTrrRT3B5g5nz9WcNTH57OXTzFJrO+vDSf7/b7LcRe/PJzHEtSurZoQ
         Y1FQ==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=fail header.i=@ffwll.ch header.s=google header.b=RFhBogEE;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id k18si4893490pfd.241.2019.01.18.07.52.29;
        Fri, 18 Jan 2019 07:52:45 -0800 (PST)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       dkim=fail header.i=@ffwll.ch header.s=google header.b=RFhBogEE;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1727850AbfARPtu (ORCPT <rfc822;thunderbird.krnldev@gmail.com>
        + 99 others); Fri, 18 Jan 2019 10:49:50 -0500
Received: from mail-ed1-f67.google.com ([209.85.208.67]:43251 "EHLO
        mail-ed1-f67.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1726902AbfARPtu (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Fri, 18 Jan 2019 10:49:50 -0500
Received: by mail-ed1-f67.google.com with SMTP id f9so11450971eds.10
        for <linux-kernel@vger.kernel.org>; Fri, 18 Jan 2019 07:49:48 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=ffwll.ch; s=google;
        h=sender:date:from:to:cc:subject:message-id:mail-followup-to
         :references:mime-version:content-disposition:in-reply-to:user-agent;
        bh=rgTxmlMSyHnluttuc05ssLLj+B545sn7EqCNp+Qi0sU=;
        b=RFhBogEEddfzLsMIXlgNPuZXt5KsVcRapklqs4asQJfkET4BI2HOBkXwsluGQ+zE8d
         2pLM8ARFDiEOKaL5bevKAFDhbYwq1lvLMNVSBvVt9DCdyhZv1KW/XsPjc1kXScJHKtcy
         VUGPYXx6aJKyxzzjCiPm3cFSMEdSMidqHDLpg=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:sender:date:from:to:cc:subject:message-id
         :mail-followup-to:references:mime-version:content-disposition
         :in-reply-to:user-agent;
        bh=rgTxmlMSyHnluttuc05ssLLj+B545sn7EqCNp+Qi0sU=;
        b=Wp2H3wBUcxsfJByKTELhsBKCFNBzq4ovgNHTza/r+Duttvow+gPD2i5WJ55Fr+h2YD
         4feUNIA+rKMenjbfjJJCMomfxDIvix9BLRB+NJLIOrUNewKI+X15tWsuMYs/3s82UzqB
         0CqvIU2zWUgxIGynlx1Ed2ONv6Tqaql0XXoqAbZrtJ53NLjmPg6/V6HEqT+QfO93NQ9K
         3+FXHU4VSeoaUZ7+OBxK8h5EojhvFmUXVAK6wVAosetApHyTPM/H/+8TxwJRStqBk4fT
         7mZOLli4/bFxpRkT39R54uOk53HZGtHh99MOZi6OKW8ixlcYb575PRg9n1WuzgotQA9F
         78sw==
X-Gm-Message-State: AJcUukcqA1aC3VSqim0QX9tMFG0wZKDg5cdyF459tziYFu+5mFfCNWAp
        Sd4eUEv2d+NAHkKiES39G532aQ==
X-Received: by 2002:a50:e045:: with SMTP id g5mr16737411edl.152.1547826587777;
        Fri, 18 Jan 2019 07:49:47 -0800 (PST)
Received: from phenom.ffwll.local ([2a02:168:569e:0:3106:d637:d723:e855])
        by smtp.gmail.com with ESMTPSA id v20sm7194012edm.29.2019.01.18.07.49.46
        (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256);
        Fri, 18 Jan 2019 07:49:46 -0800 (PST)
Date:   Fri, 18 Jan 2019 16:49:44 +0100
From:   Daniel Vetter <daniel@ffwll.ch>
To:     Gerd Hoffmann <kraxel@redhat.com>
Cc:     dri-devel@lists.freedesktop.org, Dave Airlie <airlied@redhat.com>,
        David Airlie <airlied@linux.ie>,
        Daniel Vetter <daniel@ffwll.ch>,
        "open list:DRM DRIVER FOR QXL VIRTUAL GPU" 
        <virtualization@lists.linux-foundation.org>,
        "open list:DRM DRIVER FOR QXL VIRTUAL GPU" 
        <spice-devel@lists.freedesktop.org>,
        open list <linux-kernel@vger.kernel.org>
Subject: Re: [PATCH v3 23/23] drm/qxl: add overflow checks to
 qxl_mode_dumb_create()
Message-ID: <20190118154944.GH3271@phenom.ffwll.local>
Mail-Followup-To: Gerd Hoffmann <kraxel@redhat.com>,
        dri-devel@lists.freedesktop.org, Dave Airlie <airlied@redhat.com>,
        David Airlie <airlied@linux.ie>,
        "open list:DRM DRIVER FOR QXL VIRTUAL GPU" <virtualization@lists.linux-foundation.org>,
        "open list:DRM DRIVER FOR QXL VIRTUAL GPU" <spice-devel@lists.freedesktop.org>,
        open list <linux-kernel@vger.kernel.org>
References: <20190118122020.27596-1-kraxel@redhat.com>
 <20190118122020.27596-24-kraxel@redhat.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20190118122020.27596-24-kraxel@redhat.com>
X-Operating-System: Linux phenom 4.19.0-1-amd64 
User-Agent: Mutt/1.10.1 (2018-07-13)
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Fri, Jan 18, 2019 at 01:20:20PM +0100, Gerd Hoffmann wrote:
> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>

We already do all reasonable overflow checks in drm_mode_create_dumb(). If
you don't trust them I think would be better time spent typing an igt to
test this than adding redundant check in all drivers.

You're also missing one check for bpp underflows :-)
-Daniel

> ---
>  drivers/gpu/drm/qxl/qxl_dumb.c | 10 ++++++----
>  1 file changed, 6 insertions(+), 4 deletions(-)
> 
> diff --git a/drivers/gpu/drm/qxl/qxl_dumb.c b/drivers/gpu/drm/qxl/qxl_dumb.c
> index 272d19b677..bed6d06ee4 100644
> --- a/drivers/gpu/drm/qxl/qxl_dumb.c
> +++ b/drivers/gpu/drm/qxl/qxl_dumb.c
> @@ -37,11 +37,13 @@ int qxl_mode_dumb_create(struct drm_file *file_priv,
>  	uint32_t handle;
>  	int r;
>  	struct qxl_surface surf;
> -	uint32_t pitch, format;
> +	uint32_t pitch, size, format;
>  
> -	pitch = args->width * ((args->bpp + 1) / 8);
> -	args->size = pitch * args->height;
> -	args->size = ALIGN(args->size, PAGE_SIZE);
> +	if (check_mul_overflow(args->width, ((args->bpp + 1) / 8), &pitch))
> +		return -EINVAL;
> +	if (check_mul_overflow(pitch, args->height, &size))
> +		return -EINVAL;
> +	args->size = ALIGN(size, PAGE_SIZE);
>  
>  	switch (args->bpp) {
>  	case 16:
> -- 
> 2.9.3
> 

-- 
Daniel Vetter
Software Engineer, Intel Corporation
http://blog.ffwll.ch