From nobody Mon Sep 16 19:42:43 2024 Received: from exchange.fintech.ru (exchange.fintech.ru [195.54.195.159]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 805BD54759; Thu, 25 Jul 2024 15:59:31 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=195.54.195.159 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1721923176; cv=none; b=DIv2cmqWj+U6PRyPzOrtdlR4yfMJKSefLgcKQ34yJnFZFXLXUrF59mzidWFH7b1msAObzhZaHNPKUcWzBFtpz6eG4TtlDDwZ8kimOENFCWFOcnrUAQhiZuOo98rpp6gKEfmnZF5GMbGXKeJ+7p3e1CGal1hsfGKlyiQEb4voRNI= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1721923176; c=relaxed/simple; bh=gDOU6QQOrbtz6N9UbEfgvHFGXIdB4+i5OpwEQYFZphY=; h=From:To:CC:Subject:Date:Message-ID:MIME-Version:Content-Type; b=ggGSiShcoPNgA9Gjjy1aboyH7yA2AVYzpF99Au8LmbDf9Y36aztg/1DuxhGpoyzEd/i2l/cItploi6HqekqO37USrgNafgD6UA2+utttYsqhg48qKMmhWgaNaBKlyu8svSgYK2G+gIdJpVQMdM+pPpkLeT0qiO8LeBSb0ZJ/tI0= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=fintech.ru; spf=pass smtp.mailfrom=fintech.ru; arc=none smtp.client-ip=195.54.195.159 Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=fintech.ru Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=fintech.ru Received: from Ex16-01.fintech.ru (10.0.10.18) by exchange.fintech.ru (195.54.195.159) with Microsoft SMTP Server (TLS) id 14.3.498.0; Thu, 25 Jul 2024 18:59:29 +0300 Received: from localhost (10.0.253.138) by Ex16-01.fintech.ru (10.0.10.18) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2242.4; Thu, 25 Jul 2024 18:59:28 +0300 From: Nikita Zhandarovich To: Jani Nikula , Joonas Lahtinen , Rodrigo Vivi , Tvrtko Ursulin CC: Nikita Zhandarovich , David Airlie , Daniel Vetter , , , , , Subject: [PATCH] drm/i915/guc: prevent a possible int overflow in wq offsets Date: Thu, 25 Jul 2024 08:59:25 -0700 Message-ID: <20240725155925.14707-1-n.zhandarovich@fintech.ru> X-Mailer: git-send-email 2.25.1 Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-ClientProxiedBy: Ex16-02.fintech.ru (10.0.10.19) To Ex16-01.fintech.ru (10.0.10.18) Content-Type: text/plain; charset="utf-8" It may be possible for the sum of the values derived from i915_ggtt_offset() and __get_parent_scratch_offset()/ i915_ggtt_offset() to go over the u32 limit before being assigned to wq offsets of u64 type. Mitigate these issues by expanding one of the right operands to u64 to avoid any overflow issues just in case. Found by Linux Verification Center (linuxtesting.org) with static analysis tool SVACE. Fixes: 2584b3549f4c ("drm/i915/guc: Update to GuC version 70.1.1") Cc: stable@vger.kernel.org Signed-off-by: Nikita Zhandarovich Reviewed-by: Rodrigo Vivi --- drivers/gpu/drm/i915/gt/uc/intel_guc_submission.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/drivers/gpu/drm/i915/gt/uc/intel_guc_submission.c b/drivers/gp= u/drm/i915/gt/uc/intel_guc_submission.c index 9400d0eb682b..908ebfa22933 100644 --- a/drivers/gpu/drm/i915/gt/uc/intel_guc_submission.c +++ b/drivers/gpu/drm/i915/gt/uc/intel_guc_submission.c @@ -2842,9 +2842,9 @@ static void prepare_context_registration_info_v70(str= uct intel_context *ce, ce->parallel.guc.wqi_tail =3D 0; ce->parallel.guc.wqi_head =3D 0; =20 - wq_desc_offset =3D i915_ggtt_offset(ce->state) + + wq_desc_offset =3D (u64)i915_ggtt_offset(ce->state) + __get_parent_scratch_offset(ce); - wq_base_offset =3D i915_ggtt_offset(ce->state) + + wq_base_offset =3D (u64)i915_ggtt_offset(ce->state) + __get_wq_offset(ce); info->wq_desc_lo =3D lower_32_bits(wq_desc_offset); info->wq_desc_hi =3D upper_32_bits(wq_desc_offset);