[PATCH 1/2] drm/msm: Avoid div-by-zero in dpu_crtc_atomic_check()
Sai Prakash Ranjan
saiprakash.ranjan at codeaurora.org
Wed Sep 2 07:05:30 UTC 2020
On 2020-09-02 03:29, Stephen Boyd wrote:
> The cstate->num_mixers member is only set to a non-zero value once
> dpu_encoder_virt_mode_set() is called, but the atomic check function
> can
> be called by userspace before that. Let's avoid the div-by-zero here
> and
> inside _dpu_crtc_setup_lm_bounds() by skipping this part of the atomic
> check if dpu_encoder_virt_mode_set() hasn't been called yet. This fixes
> an UBSAN warning:
>
> UBSAN: Undefined behaviour in
> drivers/gpu/drm/msm/disp/dpu1/dpu_crtc.c:860:31
> division by zero
> CPU: 7 PID: 409 Comm: frecon Tainted: G S 5.4.31 #128
> Hardware name: Google Trogdor (rev0) (DT)
> Call trace:
> dump_backtrace+0x0/0x14c
> show_stack+0x20/0x2c
> dump_stack+0xa0/0xd8
> __ubsan_handle_divrem_overflow+0xec/0x110
> dpu_crtc_atomic_check+0x97c/0x9d4
> drm_atomic_helper_check_planes+0x160/0x1c8
> drm_atomic_helper_check+0x54/0xbc
> drm_atomic_check_only+0x6a8/0x880
> drm_atomic_commit+0x20/0x5c
> drm_atomic_helper_set_config+0x98/0xa0
> drm_mode_setcrtc+0x308/0x5dc
> drm_ioctl_kernel+0x9c/0x114
> drm_ioctl+0x2ac/0x4b0
> drm_compat_ioctl+0xe8/0x13c
> __arm64_compat_sys_ioctl+0x184/0x324
> el0_svc_common+0xa4/0x154
> el0_svc_compat_handler+0x
>
> Cc: Abhinav Kumar <abhinavk at codeaurora.org>
> Cc: Jeykumar Sankaran <jsanka at codeaurora.org>
> Cc: Jordan Crouse <jcrouse at codeaurora.org>
> Cc: Sean Paul <seanpaul at chromium.org>
> Fixes: 25fdd5933e4c ("drm/msm: Add SDM845 DPU support")
> Signed-off-by: Stephen Boyd <swboyd at chromium.org>
> ---
Tested-by: Sai Prakash Ranjan <saiprakash.ranjan at codeaurora.org>
--
QUALCOMM INDIA, on behalf of Qualcomm Innovation Center, Inc. is a
member
of Code Aurora Forum, hosted by The Linux Foundation
More information about the dri-devel
mailing list