* [PATCH v2] fbmon: prevent division by zero in fb_videomode_from_videomode()
@ 2024-03-05 13:51 Roman Smirnov
2024-03-15 8:44 ` Helge Deller
0 siblings, 1 reply; 6+ messages in thread
From: Roman Smirnov @ 2024-03-05 13:51 UTC (permalink / raw
To: Daniel Vetter, Helge Deller
Cc: Roman Smirnov, Thomas Zimmermann, Sergey Shtylyov,
Karina Yankevich, linux-fbdev, dri-devel, linux-kernel,
lvc-project
The expression htotal * vtotal can have a zero value on
overflow. It is necessary to prevent division by zero like in
fb_var_to_videomode().
Found by Linux Verification Center (linuxtesting.org) with Svace.
Signed-off-by: Roman Smirnov <r.smirnov@omp.ru>
Reviewed-by: Sergey Shtylyov <s.shtylyov@omp.ru>
---
V1 -> V2: Replaced the code of the first version with a check.
drivers/video/fbdev/core/fbmon.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/video/fbdev/core/fbmon.c b/drivers/video/fbdev/core/fbmon.c
index 79e5bfbdd34c..b137590386da 100644
--- a/drivers/video/fbdev/core/fbmon.c
+++ b/drivers/video/fbdev/core/fbmon.c
@@ -1344,7 +1344,7 @@ int fb_videomode_from_videomode(const struct videomode *vm,
vtotal = vm->vactive + vm->vfront_porch + vm->vback_porch +
vm->vsync_len;
/* prevent division by zero */
- if (htotal && vtotal) {
+ if (htotal && vtotal && (vm->pixelclock / htotal >= vtotal)) {
fbmode->refresh = vm->pixelclock / (htotal * vtotal);
/* a mode must have htotal and vtotal != 0 or it is invalid */
} else {
--
2.34.1
^ permalink raw reply related [flat|nested] 6+ messages in thread
* Re: [PATCH v2] fbmon: prevent division by zero in fb_videomode_from_videomode()
2024-03-05 13:51 [PATCH v2] fbmon: prevent division by zero in fb_videomode_from_videomode() Roman Smirnov
@ 2024-03-15 8:44 ` Helge Deller
2024-03-18 8:11 ` Roman Smirnov
0 siblings, 1 reply; 6+ messages in thread
From: Helge Deller @ 2024-03-15 8:44 UTC (permalink / raw
To: Roman Smirnov, Daniel Vetter
Cc: Thomas Zimmermann, Sergey Shtylyov, Karina Yankevich, linux-fbdev,
dri-devel, linux-kernel, lvc-project
On 3/5/24 14:51, Roman Smirnov wrote:
> The expression htotal * vtotal can have a zero value on
> overflow.
I'm not sure if thos always results in zero in kernel on overflow.
Might be architecture-depended too, but let's assume it
can become zero, ....
> It is necessary to prevent division by zero like in
> fb_var_to_videomode().
>
> Found by Linux Verification Center (linuxtesting.org) with Svace.
>
> Signed-off-by: Roman Smirnov <r.smirnov@omp.ru>
> Reviewed-by: Sergey Shtylyov <s.shtylyov@omp.ru>
> ---
> V1 -> V2: Replaced the code of the first version with a check.
>
> drivers/video/fbdev/core/fbmon.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/drivers/video/fbdev/core/fbmon.c b/drivers/video/fbdev/core/fbmon.c
> index 79e5bfbdd34c..b137590386da 100644
> --- a/drivers/video/fbdev/core/fbmon.c
> +++ b/drivers/video/fbdev/core/fbmon.c
> @@ -1344,7 +1344,7 @@ int fb_videomode_from_videomode(const struct videomode *vm,
> vtotal = vm->vactive + vm->vfront_porch + vm->vback_porch +
> vm->vsync_len;
> /* prevent division by zero */
> - if (htotal && vtotal) {
> + if (htotal && vtotal && (vm->pixelclock / htotal >= vtotal)) {
why don't you then simply check for
if .. ((htotal * vtotal) == 0) ...
instead?
Helge
> fbmode->refresh = vm->pixelclock / (htotal * vtotal);
> /* a mode must have htotal and vtotal != 0 or it is invalid */
> } else {
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH v2] fbmon: prevent division by zero in fb_videomode_from_videomode()
2024-03-15 8:44 ` Helge Deller
@ 2024-03-18 8:11 ` Roman Smirnov
2024-03-18 19:15 ` Helge Deller
0 siblings, 1 reply; 6+ messages in thread
From: Roman Smirnov @ 2024-03-18 8:11 UTC (permalink / raw
To: Helge Deller, Daniel Vetter
Cc: Thomas Zimmermann, Sergey Shtylyov, Karina Yankevich,
linux-fbdev@vger.kernel.org, dri-devel@lists.freedesktop.org,
linux-kernel@vger.kernel.org, lvc-project@linuxtesting.org
On Fri, 15 Mar 2024 09:44:08 +0100 Helge Deller wrote:
> On 3/5/24 14:51, Roman Smirnov wrote:
> > The expression htotal * vtotal can have a zero value on
> > overflow.
>
> I'm not sure if thos always results in zero in kernel on overflow.
> Might be architecture-depended too, but let's assume it
> can become zero, ....
>
> > It is necessary to prevent division by zero like in
> > fb_var_to_videomode().
> >
> > Found by Linux Verification Center (linuxtesting.org) with Svace.
> >
> > Signed-off-by: Roman Smirnov <r.smirnov@omp.ru>
> > Reviewed-by: Sergey Shtylyov <s.shtylyov@omp.ru>
> > ---
> > V1 -> V2: Replaced the code of the first version with a check.
> >
> > drivers/video/fbdev/core/fbmon.c | 2 +-
> > 1 file changed, 1 insertion(+), 1 deletion(-)
> >
> > diff --git a/drivers/video/fbdev/core/fbmon.c b/drivers/video/fbdev/core/fbmon.c
> > index 79e5bfbdd34c..b137590386da 100644
> > --- a/drivers/video/fbdev/core/fbmon.c
> > +++ b/drivers/video/fbdev/core/fbmon.c
> > @@ -1344,7 +1344,7 @@ int fb_videomode_from_videomode(const struct videomode *vm,
> > vtotal = vm->vactive + vm->vfront_porch + vm->vback_porch +
> > vm->vsync_len;
> > /* prevent division by zero */
> > - if (htotal && vtotal) {
> > + if (htotal && vtotal && (vm->pixelclock / htotal >= vtotal)) {
>
> why don't you then simply check for
> if .. ((htotal * vtotal) == 0) ...
> instead?
>
> Helge
Thomas Zimmermann from the previous discussion said:
On Tue, 5 Mar 2024 11:18:05 +0100 Thomas Zimmerman wrote:
> Maybe use
>
> if (htotal && vtotal && (vm->pixelclock / htotal >= vtotal))
>
> for the test. That rules out overflowing multiplication and sets
> refresh to 0 in such cases.
This prevents overflow, which is also a problematic case.
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH v2] fbmon: prevent division by zero in fb_videomode_from_videomode()
2024-03-18 8:11 ` Roman Smirnov
@ 2024-03-18 19:15 ` Helge Deller
2024-03-19 8:12 ` Roman Smirnov
0 siblings, 1 reply; 6+ messages in thread
From: Helge Deller @ 2024-03-18 19:15 UTC (permalink / raw
To: Roman Smirnov, Daniel Vetter
Cc: Thomas Zimmermann, Sergey Shtylyov, Karina Yankevich,
linux-fbdev@vger.kernel.org, dri-devel@lists.freedesktop.org,
linux-kernel@vger.kernel.org, lvc-project@linuxtesting.org
On 3/18/24 09:11, Roman Smirnov wrote:
> On Fri, 15 Mar 2024 09:44:08 +0100 Helge Deller wrote:
>> On 3/5/24 14:51, Roman Smirnov wrote:
>>> The expression htotal * vtotal can have a zero value on
>>> overflow.
>>
>> I'm not sure if those always results in zero in kernel on overflow.
>> Might be architecture-depended too, but let's assume it
>> can become zero, ....
>>
>>> It is necessary to prevent division by zero like in
>>> fb_var_to_videomode().
>>>
>>> Found by Linux Verification Center (linuxtesting.org) with Svace.
>>>
>>> Signed-off-by: Roman Smirnov <r.smirnov@omp.ru>
>>> Reviewed-by: Sergey Shtylyov <s.shtylyov@omp.ru>
>>> ---
>>> V1 -> V2: Replaced the code of the first version with a check.
>>>
>>> drivers/video/fbdev/core/fbmon.c | 2 +-
>>> 1 file changed, 1 insertion(+), 1 deletion(-)
>>>
>>> diff --git a/drivers/video/fbdev/core/fbmon.c b/drivers/video/fbdev/core/fbmon.c
>>> index 79e5bfbdd34c..b137590386da 100644
>>> --- a/drivers/video/fbdev/core/fbmon.c
>>> +++ b/drivers/video/fbdev/core/fbmon.c
>>> @@ -1344,7 +1344,7 @@ int fb_videomode_from_videomode(const struct videomode *vm,
>>> vtotal = vm->vactive + vm->vfront_porch + vm->vback_porch +
>>> vm->vsync_len;
>>> /* prevent division by zero */
>>> - if (htotal && vtotal) {
>>> + if (htotal && vtotal && (vm->pixelclock / htotal >= vtotal)) {
>>
>> why don't you then simply check for
>> if .. ((htotal * vtotal) == 0) ...
>> instead?
>>
>> Helge
>
> Thomas Zimmermann from the previous discussion said:
>
> On Tue, 5 Mar 2024 11:18:05 +0100 Thomas Zimmerman wrote:
>> Maybe use
>>
>> if (htotal && vtotal && (vm->pixelclock / htotal >= vtotal))
>>
>> for the test. That rules out overflowing multiplication and sets
>> refresh to 0 in such cases.
>
> This prevents overflow, which is also a problematic case.
I don't like adding another division here and I doubt we have
a problem with possible overflow.
So, I suggest to keep it simple, something like:
...
total = htotal * vtotal;
if (total)
fbmode->refresh = vm->pixelclock / total;
else...
Helge
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH v2] fbmon: prevent division by zero in fb_videomode_from_videomode()
2024-03-18 19:15 ` Helge Deller
@ 2024-03-19 8:12 ` Roman Smirnov
2024-03-19 8:22 ` Sergey Shtylyov
0 siblings, 1 reply; 6+ messages in thread
From: Roman Smirnov @ 2024-03-19 8:12 UTC (permalink / raw
To: Helge Deller, Daniel Vetter
Cc: Thomas Zimmermann, Sergey Shtylyov, Karina Yankevich,
linux-fbdev@vger.kernel.org, dri-devel@lists.freedesktop.org,
linux-kernel@vger.kernel.org, lvc-project@linuxtesting.org
On Mon, 18 Mar 2024 20:15:55 +0100 Helge Deller wrote:
> On 3/18/24 09:11, Roman Smirnov wrote:
> > On Fri, 15 Mar 2024 09:44:08 +0100 Helge Deller wrote:
> > > On 3/5/24 14:51, Roman Smirnov wrote:
> > > > The expression htotal * vtotal can have a zero value on
> > > > overflow.
> > >
> > > I'm not sure if those always results in zero in kernel on overflow.
> > > Might be architecture-depended too, but let's assume it
> > > can become zero, ....
> > >
> > > > It is necessary to prevent division by zero like in
> > > > fb_var_to_videomode().
> > > >
> > > > Found by Linux Verification Center (linuxtesting.org) with Svace.
> > > >
> > > > Signed-off-by: Roman Smirnov <r.smirnov@omp.ru>
> > > > Reviewed-by: Sergey Shtylyov <s.shtylyov@omp.ru>
> > > > ---
> > > > V1 -> V2: Replaced the code of the first version with a check.
> > > >
> > > > drivers/video/fbdev/core/fbmon.c | 2 +-
> > > > 1 file changed, 1 insertion(+), 1 deletion(-)
> > > >
> > > > diff --git a/drivers/video/fbdev/core/fbmon.c b/drivers/video/fbdev/core/fbmon.c
> > > > index 79e5bfbdd34c..b137590386da 100644
> > > > --- a/drivers/video/fbdev/core/fbmon.c
> > > > +++ b/drivers/video/fbdev/core/fbmon.c
> > > > @@ -1344,7 +1344,7 @@ int fb_videomode_from_videomode(const struct videomode *vm,
> > > > vtotal = vm->vactive + vm->vfront_porch + vm->vback_porch +
> > > > vm->vsync_len;
> > > > /* prevent division by zero */
> > > > - if (htotal && vtotal) {
> > > > + if (htotal && vtotal && (vm->pixelclock / htotal >= vtotal)) {
> > >
> > > why don't you then simply check for
> > > if .. ((htotal * vtotal) == 0) ...
> > > instead?
> > >
> > > Helge
> >
> > Thomas Zimmermann from the previous discussion said:
> > On Tue, 5 Mar 2024 11:18:05 +0100 Thomas Zimmerman wrote:
> > > Maybe use
> > >
> > > if (htotal && vtotal && (vm->pixelclock / htotal >= vtotal))
> > >
> > > for the test. That rules out overflowing multiplication and sets
> > > refresh to 0 in such cases.
> >
> > This prevents overflow, which is also a problematic case.
>
> I don't like adding another division here and I doubt we have
> a problem with possible overflow.
> So, I suggest to keep it simple, something like:
> ...
> total = htotal * vtotal;
> if (total)
> fbmode->refresh = vm->pixelclock / total;
> else...
Okay, I'll prepare a third version with that change:
if (htotal && vtotal && (htotal * vtotal))
I think that will be enough.
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH v2] fbmon: prevent division by zero in fb_videomode_from_videomode()
2024-03-19 8:12 ` Roman Smirnov
@ 2024-03-19 8:22 ` Sergey Shtylyov
0 siblings, 0 replies; 6+ messages in thread
From: Sergey Shtylyov @ 2024-03-19 8:22 UTC (permalink / raw
To: Roman Smirnov, Helge Deller, Daniel Vetter
Cc: Thomas Zimmermann, Karina Yankevich, linux-fbdev@vger.kernel.org,
dri-devel@lists.freedesktop.org, linux-kernel@vger.kernel.org,
lvc-project@linuxtesting.org
On 3/19/24 11:12 AM, Roman Smirnov wrote:
[...]
>>>> On 3/5/24 14:51, Roman Smirnov wrote:
>>>>> The expression htotal * vtotal can have a zero value on
>>>>> overflow.
>>>>
>>>> I'm not sure if those always results in zero in kernel on overflow.
>>>> Might be architecture-depended too, but let's assume it
>>>> can become zero, ....
>>>>
>>>>> It is necessary to prevent division by zero like in
>>>>> fb_var_to_videomode().
>>>>>
>>>>> Found by Linux Verification Center (linuxtesting.org) with Svace.
>>>>>
>>>>> Signed-off-by: Roman Smirnov <r.smirnov@omp.ru>
>>>>> Reviewed-by: Sergey Shtylyov <s.shtylyov@omp.ru>
>>>>> ---
>>>>> V1 -> V2: Replaced the code of the first version with a check.
>>>>>
>>>>> drivers/video/fbdev/core/fbmon.c | 2 +-
>>>>> 1 file changed, 1 insertion(+), 1 deletion(-)
>>>>>
>>>>> diff --git a/drivers/video/fbdev/core/fbmon.c b/drivers/video/fbdev/core/fbmon.c
>>>>> index 79e5bfbdd34c..b137590386da 100644
>>>>> --- a/drivers/video/fbdev/core/fbmon.c
>>>>> +++ b/drivers/video/fbdev/core/fbmon.c
>>>>> @@ -1344,7 +1344,7 @@ int fb_videomode_from_videomode(const struct videomode *vm,
>>>>> vtotal = vm->vactive + vm->vfront_porch + vm->vback_porch +
>>>>> vm->vsync_len;
>>>>> /* prevent division by zero */
>>>>> - if (htotal && vtotal) {
>>>>> + if (htotal && vtotal && (vm->pixelclock / htotal >= vtotal)) {
>>>>
>>>> why don't you then simply check for
>>>> if .. ((htotal * vtotal) == 0) ...
>>>> instead?
>>>>
>>>> Helge
>>>
>>> Thomas Zimmermann from the previous discussion said:
>>> On Tue, 5 Mar 2024 11:18:05 +0100 Thomas Zimmerman wrote:
>>>> Maybe use
>>>>
>>>> if (htotal && vtotal && (vm->pixelclock / htotal >= vtotal))
>>>>
>>>> for the test. That rules out overflowing multiplication and sets
>>>> refresh to 0 in such cases.
>>>
>>> This prevents overflow, which is also a problematic case.
>>
>> I don't like adding another division here and I doubt we have
>> a problem with possible overflow.
>> So, I suggest to keep it simple, something like:
>> ...
>> total = htotal * vtotal;
>> if (total)
>> fbmode->refresh = vm->pixelclock / total;
>> else...
>
> Okay, I'll prepare a third version with that change:
>
> if (htotal && vtotal && (htotal * vtotal))
I think the 1st 2 checks here are now redundant. Also, the inner
parens are not necessary...
> I think that will be enough.
More than enough. :-)
MBR, Sergey
^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2024-03-19 8:38 UTC | newest]
Thread overview: 6+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2024-03-05 13:51 [PATCH v2] fbmon: prevent division by zero in fb_videomode_from_videomode() Roman Smirnov
2024-03-15 8:44 ` Helge Deller
2024-03-18 8:11 ` Roman Smirnov
2024-03-18 19:15 ` Helge Deller
2024-03-19 8:12 ` Roman Smirnov
2024-03-19 8:22 ` Sergey Shtylyov
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).