All of lore.kernel.org
 help / color / mirror / Atom feed
From: Sergey Shtylyov <s.shtylyov@omp.ru>
To: Roman Smirnov <r.smirnov@omp.ru>, Helge Deller <deller@gmx.de>,
	Daniel Vetter <daniel@ffwll.ch>
Cc: Thomas Zimmermann <tzimmermann@suse.de>,
	Karina Yankevich <k.yankevich@omp.ru>,
	"linux-fbdev@vger.kernel.org" <linux-fbdev@vger.kernel.org>,
	"dri-devel@lists.freedesktop.org"
	<dri-devel@lists.freedesktop.org>,
	"linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
	"lvc-project@linuxtesting.org" <lvc-project@linuxtesting.org>
Subject: Re: [PATCH v2] fbmon: prevent division by zero in fb_videomode_from_videomode()
Date: Tue, 19 Mar 2024 11:22:49 +0300	[thread overview]
Message-ID: <e730b2cd-5f29-8685-7427-8a798066e111@omp.ru> (raw)
In-Reply-To: <57b3f6a6cc184c8ead51ecc50669b503@omp.ru>

On 3/19/24 11:12 AM, Roman Smirnov wrote:
[...]

>>>> On 3/5/24 14:51, Roman Smirnov wrote:
>>>>> The expression htotal * vtotal can have a zero value on
>>>>> overflow.
>>>>
>>>> I'm not sure if those always results in zero in kernel on overflow.
>>>> Might be architecture-depended too, but let's assume it
>>>> can become zero, ....
>>>>
>>>>> It is necessary to prevent division by zero like in
>>>>> fb_var_to_videomode().
>>>>>
>>>>> Found by Linux Verification Center (linuxtesting.org) with Svace.
>>>>>
>>>>> Signed-off-by: Roman Smirnov <r.smirnov@omp.ru>
>>>>> Reviewed-by: Sergey Shtylyov <s.shtylyov@omp.ru>
>>>>> ---
>>>>>    V1 -> V2: Replaced the code of the first version with a check.
>>>>>
>>>>>    drivers/video/fbdev/core/fbmon.c | 2 +-
>>>>>    1 file changed, 1 insertion(+), 1 deletion(-)
>>>>>
>>>>> diff --git a/drivers/video/fbdev/core/fbmon.c b/drivers/video/fbdev/core/fbmon.c
>>>>> index 79e5bfbdd34c..b137590386da 100644
>>>>> --- a/drivers/video/fbdev/core/fbmon.c
>>>>> +++ b/drivers/video/fbdev/core/fbmon.c
>>>>> @@ -1344,7 +1344,7 @@ int fb_videomode_from_videomode(const struct videomode *vm,
>>>>>         vtotal = vm->vactive + vm->vfront_porch + vm->vback_porch +
>>>>>                  vm->vsync_len;
>>>>>         /* prevent division by zero */
>>>>> -     if (htotal && vtotal) {
>>>>> +     if (htotal && vtotal && (vm->pixelclock / htotal >= vtotal)) {
>>>>
>>>> why don't you then simply check for
>>>>          if .. ((htotal * vtotal) == 0) ...
>>>> instead?
>>>>
>>>> Helge
>>>
>>> Thomas Zimmermann from the previous discussion said:
>>> On Tue, 5 Mar 2024 11:18:05 +0100 Thomas Zimmerman wrote:
>>>> Maybe use
>>>>
>>>>     if (htotal && vtotal && (vm->pixelclock / htotal >= vtotal))
>>>>
>>>> for the test. That rules out overflowing multiplication and sets
>>>> refresh to 0 in such cases.
>>>
>>> This prevents overflow, which is also a problematic case.
>>
>> I don't like adding another division here and I doubt we have
>> a problem with possible overflow.
>> So, I suggest to keep it simple, something like:
>>        ...
>>        total = htotal * vtotal;
>>        if (total)
>>                fbmode->refresh = vm->pixelclock / total;
>>        else...
> 
> Okay, I'll prepare a third version with that change:
> 
>     if (htotal && vtotal && (htotal * vtotal))

   I think the 1st 2 checks here are now redundant. Also, the inner
parens are not necessary...

> I think that will be enough.

   More than enough. :-)

MBR, Sergey

      reply	other threads:[~2024-03-19  8:22 UTC|newest]

Thread overview: 6+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2024-03-05 13:51 [PATCH v2] fbmon: prevent division by zero in fb_videomode_from_videomode() Roman Smirnov
2024-03-15  8:44 ` Helge Deller
2024-03-18  8:11   ` Roman Smirnov
2024-03-18 19:15     ` Helge Deller
2024-03-19  8:12       ` Roman Smirnov
2024-03-19  8:22         ` Sergey Shtylyov [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=e730b2cd-5f29-8685-7427-8a798066e111@omp.ru \
    --to=s.shtylyov@omp.ru \
    --cc=daniel@ffwll.ch \
    --cc=deller@gmx.de \
    --cc=dri-devel@lists.freedesktop.org \
    --cc=k.yankevich@omp.ru \
    --cc=linux-fbdev@vger.kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=lvc-project@linuxtesting.org \
    --cc=r.smirnov@omp.ru \
    --cc=tzimmermann@suse.de \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.