Received: by 2002:a05:6a10:5bc5:0:0:0:0 with SMTP id os5csp7562pxb; Tue, 26 Oct 2021 19:51:32 -0700 (PDT) X-Google-Smtp-Source: ABdhPJwOhbaGW/rdq1fDT9zwrnPGEBm2stKRsWSZ9HZez83s1H+Tovqa8hkh6iQM8qvMdjJ3PLk2 X-Received: by 2002:a17:902:7b98:b0:138:c171:c1af with SMTP id w24-20020a1709027b9800b00138c171c1afmr25953144pll.70.1635303091832; Tue, 26 Oct 2021 19:51:31 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1635303091; cv=none; d=google.com; s=arc-20160816; b=a4QMZcgJVNVjLtSfbYRTI1Z4hiv/RJ44jvC//KNYh0vGY29i1KUOwU+eSvXQ5Xn0lv lTMYJoI6b5bp/rINHxBzvolYNJXK/JpD8Oa4zjZzNOXuZM7YHIVFQomUUPoHRN3TXtOH xiJ8T7UH4+4d/ucvaiEAcU4toBWyQS07ezwCWTzVl/hBDMbk4bRluIJ3hhQdKqCn+gT1 gqbuQwsLAztGOojTLotgXoH51rKnJk4psOj0HPE6CdTsC6bTEmgyOTDW4RdQdnifGxxb ihONiE4Yq40s8vKpoURFeyD10J2Wg7f+dg3HJt2t2u33kNqKYd+EHNzmwP8GVwA2zPOD +eVw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:subject:message-id:date:from:in-reply-to :references:mime-version; bh=AXHONT95KJvkaHI1jvYYaUxOJPvtYl1iFSyJcrCpH7A=; b=cJ+ehrOy+v45j9QSZH/ZaYWtEKuhQI3gS4xSwicsDIO1L/xp5lbz15ojVJr8DrUh5T 2nB/qKB8WzK7DEQ/sMqdKJByJ49hoAC3S/2hvdf1pB6HIvTTh5+ZqBuuXVcytYzBB8Wo osVOWRiX9O+IMD8E6brQQUS7cB5ksggHKccn4mnaNVXMXSqdBNqUIgt2cBRYc31fQr+w uii0mq6vZiJRNpQo+n4tL3lqUOOCgn3mNSJ0XWTO1UB6mFRH5b5QvpyETLBckikj/c1W h/eZimUqM6gWp43aofxGfR/0kSwhMWGX/dDmnapkJ920QlyXj5S4Tm0U/ywKFEm9a3RT VPrQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id p15si28811049pgj.376.2021.10.26.19.50.47; Tue, 26 Oct 2021 19:51:31 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S234734AbhJZROh (ORCPT + 99 others); Tue, 26 Oct 2021 13:14:37 -0400 Received: from mail-ua1-f41.google.com ([209.85.222.41]:33561 "EHLO mail-ua1-f41.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230160AbhJZROh (ORCPT ); Tue, 26 Oct 2021 13:14:37 -0400 Received: by mail-ua1-f41.google.com with SMTP id s4so6302055uaq.0; Tue, 26 Oct 2021 10:12:13 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=AXHONT95KJvkaHI1jvYYaUxOJPvtYl1iFSyJcrCpH7A=; b=722szwjXRC5/3fbyuPDDNMf8huFBx7byBrPMkIQDV2Shb0BDx9ejpAetH6cZ9mxc/J h8/8KTTejjP2PcJjujvZxxkD40eczZRxcRlW8xQYFDCh9/I9lN7EYHKuS9sxw4WtnmnG cm4w3WwIW0ALBT/7/Kw6++m6ULFvMG0OZq47+k7o2wdSXdMS81lZb5wM5Gc/BsHSQQKZ xKIvLRD0wWub4PPShsiWZ84WfvkuFExthobvH6kaG8QzJxRv9yq/TKfS0VBXn6yJ1SyE rqNOWHb61OvWzT6tD1Z8DCEInKMbd7/vxJOlHKCxdi9ylN5bH39cTJmJDRnhiYQpC50v LsOA== X-Gm-Message-State: AOAM531plzoe4amZz3dtmJZBLyNDg/iKMPP6bY+SxejiZWLH6UdrBwBC OXjFnY1avS9iRGbdcjemAmav/7SxfUljMg== X-Received: by 2002:a05:6102:3122:: with SMTP id f2mr12859196vsh.58.1635268332395; Tue, 26 Oct 2021 10:12:12 -0700 (PDT) Received: from mail-ua1-f52.google.com (mail-ua1-f52.google.com. [209.85.222.52]) by smtp.gmail.com with ESMTPSA id h6sm844725vsc.16.2021.10.26.10.12.11 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Tue, 26 Oct 2021 10:12:12 -0700 (PDT) Received: by mail-ua1-f52.google.com with SMTP id e10so30592030uab.3; Tue, 26 Oct 2021 10:12:11 -0700 (PDT) X-Received: by 2002:a67:f4c9:: with SMTP id s9mr14009160vsn.35.1635268331701; Tue, 26 Oct 2021 10:12:11 -0700 (PDT) MIME-Version: 1.0 References: <1635188490-15082-1-git-send-email-george.kennedy@oracle.com> <0ddb1c19-64b0-4117-7a92-c3d2fcddfdcf@oracle.com> In-Reply-To: From: Geert Uytterhoeven Date: Tue, 26 Oct 2021 19:12:00 +0200 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: [PATCH] video: fbdev: cirrusfb: check pixclock to avoid divide by zero To: George Kennedy Cc: Greg KH , Thomas Zimmermann , Sam Ravnborg , DRI Development , Linux Fbdev development list , Linux Kernel Mailing List Content-Type: text/plain; charset="UTF-8" Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Hi George, On Tue, Oct 26, 2021 at 5:48 PM George Kennedy wrote: > On 10/26/2021 10:11 AM, Geert Uytterhoeven wrote: > > On Tue, Oct 26, 2021 at 3:38 PM George Kennedy > > wrote: > >> On 10/26/2021 4:30 AM, Geert Uytterhoeven wrote: > >>> On Mon, Oct 25, 2021 at 9:37 PM George Kennedy > >>> wrote: > >>>> On 10/25/2021 3:07 PM, Greg KH wrote: > >>>>> On Mon, Oct 25, 2021 at 02:01:30PM -0500, George Kennedy wrote: > >>>>>> Do a sanity check on pixclock value before using it as a divisor. > >>>>>> > >>>>>> Syzkaller reported a divide error in cirrusfb_check_pixclock. > >>>>>> > >>>>>> divide error: 0000 [#1] SMP KASAN PTI > >>>>>> CPU: 0 PID: 14938 Comm: cirrusfb_test Not tainted 5.15.0-rc6 #1 > >>>>>> Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.11.0-2 > >>>>>> RIP: 0010:cirrusfb_check_var+0x6f1/0x1260 > >>>>>> > >>>>>> Call Trace: > >>>>>> fb_set_var+0x398/0xf90 > >>>>>> do_fb_ioctl+0x4b8/0x6f0 > >>>>>> fb_ioctl+0xeb/0x130 > >>>>>> __x64_sys_ioctl+0x19d/0x220 > >>>>>> do_syscall_64+0x3a/0x80 > >>>>>> entry_SYSCALL_64_after_hwframe+0x44/0xae > >>>>>> > >>>>>> Signed-off-by: George Kennedy > >>>>>> --- a/drivers/video/fbdev/cirrusfb.c > >>>>>> +++ b/drivers/video/fbdev/cirrusfb.c > >>>>>> @@ -477,6 +477,9 @@ static int cirrusfb_check_pixclock(const struct fb_var_screeninfo *var, > >>>>>> struct cirrusfb_info *cinfo = info->par; > >>>>>> unsigned maxclockidx = var->bits_per_pixel >> 3; > >>>>>> > >>>>>> + if (!var->pixclock) > >>>>>> + return -EINVAL; > >>> This is not correct: fbdev drivers should round up invalid values, > >>> and only return an error if rounding up cannot yield a valid value. > >> What default value would you recommend? Here are examples of some of the > >> possible cirrusfb pixclock values: > >> 40000: 25MHz > >> 20000: 50Mhz > >> 12500: 80Mhz > > You should pick the lowest supported value. > > In bestclock() the frequency value ("freq") is not allowed to go below 8000. > > if (freq < 8000) > freq = 8000; > > If pixclock is passed in as zero to cirrusfb_check_pixclock(), is it ok > to then set the value of pixclock to 125000, which will result in "freq" > being set to 8000 (or adjust the passed in pixclock value to make sure > "freq" does not get below 8000)? No, clock rate is the inverse of clock period. So the smallest clock period (fb_var_screeninfo.pixclock) corresponds to the largest clock rate (freq in bestclock()). Gr{oetje,eeting}s, Geert -- Geert Uytterhoeven -- There's lots of Linux beyond ia32 -- geert@linux-m68k.org In personal conversations with technical people, I call myself a hacker. But when I'm talking to journalists I just say "programmer" or something like that. -- Linus Torvalds