Received: by 2002:ab2:710b:0:b0:1ef:a325:1205 with SMTP id z11csp1644424lql; Wed, 13 Mar 2024 04:26:45 -0700 (PDT) X-Forwarded-Encrypted: i=3; AJvYcCWAUFg1ZfpX28pGvWfl0F1tFunsInNoqjmHMaW7h/4y4nc9swUIbcXZJIf4Jt95ZK/8l8Hy8enXQz7H8173PUu5tx8VKNIIormByHAeVA== X-Google-Smtp-Source: AGHT+IFKSIheZYH7Z2JEi2oJCm2IbD1/MKDJZjghaZEQ5Ex35lVmT0F4Gu8H+dl2HeyJ2kYbz9YK X-Received: by 2002:a17:907:a78c:b0:a46:1fa:fc12 with SMTP id vx12-20020a170907a78c00b00a4601fafc12mr9600655ejc.18.1710329205349; Wed, 13 Mar 2024 04:26:45 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1710329205; cv=pass; d=google.com; s=arc-20160816; b=QHMdDeQTyqzrJh9LqvBRL9iBsQvx/aLOGFaoAh49biNEdqRdCxlWhmmAb9JEcDGV8Z Wbdlmn/uI1Wq3gkaBOx24+aTDX1p+otAqLlOGvtIhp+wJfVw0rnNPUDoWHqyiBwbagbp HY5TqGzC9NDN+PKrKBfNWPAkblI8InbLOEQGqOSx91IuKvQYYAMEIYtC9yKzkcS/rJmf wi3GbkD6GrSa49foTsyiZGuUan1LxYdHCuaztEDR2RpUYUAjfAW8VFFrXYZZByM+APde nATslm1sissPiYKKFjw1pmSnCplDT4yBF3PsSScXltowRHp36BDXdj+6uF/XC2LMM0x8 bsFw== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:message-id:date:subject:cc:to :from:dkim-signature; bh=lfLsFRDMtbO4BOATAAgu9+j4r/MV0Lasvl2lY8+nWuI=; fh=j16/h/XIEmKJtZS9cZ4m3PwvKPV7tUTczWQt9MTTHZg=; b=qbEpsskS9JTh2zymkW0JOr4Ov1OqRYJ+DsP532aUJEEXseyre/+uQfDuiv7ykLGbDk oXBtlrw/XPI22SLXjEJ8e7vJ8XDuJE59DYMaX88ZXO/HUTjzi0gh9uxpNRFn8CTbtfaZ I5uZvz8mLtpGObzBg3q/pd3n8gum8yn7qgDBEx+TYmm7GLZ5l7JmtmU1oHO9Xkz48XtB eC8LmtZ24R1ax8lw1mBoGo+yO7kKT20bjoT/B13dRLBWuGlUc+kPhzPyyIJcMYDKIz75 F5XwAKxt7djqajDnXDH0jAr67xbFnJm9mJ8UsKbUzVVmfI2zcua/hsRwZKV/y/TULilj LgfA==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@gmail.com header.s=20230601 header.b=evR5oD4i; arc=pass (i=1 spf=pass spfdomain=gmail.com dkim=pass dkdomain=gmail.com dmarc=pass fromdomain=gmail.com); spf=pass (google.com: domain of linux-kernel+bounces-101436-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:4601:e00::3 as permitted sender) smtp.mailfrom="linux-kernel+bounces-101436-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from am.mirrors.kernel.org (am.mirrors.kernel.org. [2604:1380:4601:e00::3]) by mx.google.com with ESMTPS id ka15-20020a170907990f00b00a45fefe5bf2si4325916ejc.265.2024.03.13.04.26.45 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 13 Mar 2024 04:26:45 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel+bounces-101436-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:4601:e00::3 as permitted sender) client-ip=2604:1380:4601:e00::3; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20230601 header.b=evR5oD4i; arc=pass (i=1 spf=pass spfdomain=gmail.com dkim=pass dkdomain=gmail.com dmarc=pass fromdomain=gmail.com); spf=pass (google.com: domain of linux-kernel+bounces-101436-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:4601:e00::3 as permitted sender) smtp.mailfrom="linux-kernel+bounces-101436-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by am.mirrors.kernel.org (Postfix) with ESMTPS id 18C571F22883 for ; Wed, 13 Mar 2024 11:26:45 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 1E9393F8FB; Wed, 13 Mar 2024 11:26:38 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="evR5oD4i" Received: from mail-lf1-f51.google.com (mail-lf1-f51.google.com [209.85.167.51]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id DF8E93EA95 for ; Wed, 13 Mar 2024 11:26:34 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.167.51 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1710329197; cv=none; b=IrIGGKbxW9bUFTQoLaH9qOqzbIe0dmCfmXuy2mPlk8HV4UkU7eaasBxDmKI2yW8o2Q3cwkwNjUHebtxiLSHWIO8rLjQbhWfamH5ZbS1Y/6n/daK/y/LsEf1RjRV8T7h1kgIBA6f4kPFCBwM16w5X6GV+njUGKAKoJQkVMLO+PKw= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1710329197; c=relaxed/simple; bh=5qzekjfuvebL2UR1FzA7R5gK9ijJWsW3F2Wj7DKSuvU=; h=From:To:Cc:Subject:Date:Message-Id:MIME-Version; b=X+be6JG4bdK7Mip9vlDucitX265aXYgs91nwx6krQyL/CGBZnEw4SSdizpB/J2gaq4vUjsI1ovTMPwdJUsubMVJvp4rkOzpXACeiVmoTuv5pCo7HsSf9Bgzum2VDNeGFoA8JDdPYL4l7j75+8btIFAGj0+v5R6s3/KFPDh/ywf0= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=evR5oD4i; arc=none smtp.client-ip=209.85.167.51 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Received: by mail-lf1-f51.google.com with SMTP id 2adb3069b0e04-513ca834ad7so410605e87.0 for ; Wed, 13 Mar 2024 04:26:34 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1710329193; x=1710933993; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:from:to:cc:subject:date:message-id:reply-to; bh=lfLsFRDMtbO4BOATAAgu9+j4r/MV0Lasvl2lY8+nWuI=; b=evR5oD4iN2shkeS6cKn0OKllt93/i4ofoMUwVEBW0Tw3SVkq6dftPXKvPKg8lTrVSV 2V5c/4zt1l1eCfGUzzQyUSBety6WWjuJko9PRiFsao7hTtppNow/UGzuG/s+Hdprk0Ss dckRqZQkama+FGMt7M56tLQrPPsn6IPqRrb/srIoOf9ZGF0b2au8NM14eiXhCx1d9J8S SYOYOpCoboohIELoNvjtSIJRxlD9lgwZniQ1MJP05vB/QtG1omewjM8h+bjsHlmi7X7+ c+owQfFnexghzg4wm0CPar+LwUtSFMivijvCkXMhU5ktsOufFJCvUdsor5XRsQrSf1On Uyyg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1710329193; x=1710933993; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=lfLsFRDMtbO4BOATAAgu9+j4r/MV0Lasvl2lY8+nWuI=; b=sq6NSvi8NDa/YZUAyeRd8cjhNfdL9v+0eayfmTkLjLc9tI//NQbSjVmq8g9jdrbVKB 5EeZOAbyEiN3CfmiLBo49rJe+jUq0EuP2IJ57zojFWivwmmezHLMsfVMiwmiicwOYrQl +7KuZRFuWBo9IhJwTf5rDAP5whZDz8TI8qYFCiCizteAS9483o53qyh2IVVxSwQPrc4P C6OcY/TxAcTwn2kl1yhnSE/rYnw9peLn4BbTCFPsORn5fSHQhFwq/t+G3vWV6cq16Wcd IG3PUF+Xq/hZGglH9P1btEX3kDlj9MiBJCNj1r0Knv4cweRUSJQz0zuDZ8X4O4qZZm1o JSIA== X-Forwarded-Encrypted: i=1; AJvYcCV4NFSZVs66QOP2UqTEi2wt/R5Wb2P58ETCP7acrUC9gs7j9LhSCqWL32L8rsFrcDTbsMUs9YL0XyxpgcUxsWPKt4YoAFfYhzHVnPQb X-Gm-Message-State: AOJu0Yy6H44HjmzX/9TgoUxlBCiMyuBB9YZ62jNXJe6+JXkn+q+r8VEW JYaqWoOyjhwh56pNV3T0vkJSluQ+D8FwUs+laXs6HAOsf2UOHEnhfjAK3MunhsWhsQ== X-Received: by 2002:ac2:5506:0:b0:512:a4ce:abaa with SMTP id j6-20020ac25506000000b00512a4ceabaamr7845165lfk.48.1710329192820; Wed, 13 Mar 2024 04:26:32 -0700 (PDT) Received: from localhost.localdomain ([212.22.67.162]) by smtp.gmail.com with ESMTPSA id g5-20020a19e045000000b00513201a0e56sm268249lfj.78.2024.03.13.04.26.32 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 13 Mar 2024 04:26:32 -0700 (PDT) From: Maxim Korotkov To: Gerd Hoffmann Cc: Maxim Korotkov , Maarten Lankhorst , Maxime Ripard , Thomas Zimmermann , David Airlie , Daniel Vetter , virtualization@lists.linux.dev, dri-devel@lists.freedesktop.org, linux-kernel@vger.kernel.org, Maxim Korotkov Subject: [PATCH] drm/bochs: avoided potential integer overflow Date: Wed, 13 Mar 2024 14:25:18 +0300 Message-Id: <20240313112518.2030805-1-korotkov.maxim.s@gmail.com> X-Mailer: git-send-email 2.34.1 Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: 8bit if the bochs_dispi_read() function returns a value between 0x8000 and 0xFFFF, then an overflow may occurs. Found by Security Code and Linux Verification Center (linuxtesting.org) Signed-off-by: Maxim Korotkov --- drivers/gpu/drm/tiny/bochs.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/gpu/drm/tiny/bochs.c b/drivers/gpu/drm/tiny/bochs.c index c23c9f0cf49c..ad31049f9779 100644 --- a/drivers/gpu/drm/tiny/bochs.c +++ b/drivers/gpu/drm/tiny/bochs.c @@ -240,7 +240,7 @@ static int bochs_hw_init(struct drm_device *dev) id = bochs_dispi_read(bochs, VBE_DISPI_INDEX_ID); mem = bochs_dispi_read(bochs, VBE_DISPI_INDEX_VIDEO_MEMORY_64K) - * 64 * 1024; + * mul_u32_u32(64, 1024); if ((id & 0xfff0) != VBE_DISPI_ID0) { DRM_ERROR("ID mismatch\n"); return -ENODEV; -- 2.34.1