mainline inclusion from mainline-v6.1-rc1 commit 91954c6c904b515baafaee6a1f35c94409a3bb68 bugzilla: https://gitee.com/src-openeuler/kernel/issues/IARV8L CVE: CVE-2024-46726
Reference: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?i...
--------------------------------
[WHY & HOW] Make sure vmid0p72_idx, vnom0p8_idx and vmax0p9_idx calculation will never overflow and exceess array size.
This fixes 3 OVERRUN and 1 INTEGER_OVERFLOW issues reported by Coverity.
Reviewed-by: Harry Wentland harry.wentland@amd.com Acked-by: Tom Chung chiahsuan.chung@amd.com Signed-off-by: Alex Hung alex.hung@amd.com Tested-by: Daniel Wheeler daniel.wheeler@amd.com Signed-off-by: Alex Deucher alexander.deucher@amd.com
Conflicts: drivers/gpu/drm/amd/display/dc/calcs/dcn_calcs.c [Conflicts from: 1) commit 552b7cb0eed1 move drivers/gpu/drm/amd/display/dc/calcs/dcn_calcs.c to drivers/gpu/drm/amd/display/dc/dml/calcs/dcn_calcs.c; 2) commit 91954c6c904b move dcn_bw_update_from_pplib() to dcn_bw_update_from_pplib_fclks() and the code logic is the same.]
Signed-off-by: Tong Tiangen tongtiangen@huawei.com --- drivers/gpu/drm/amd/display/dc/calcs/dcn_calcs.c | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-)
diff --git a/drivers/gpu/drm/amd/display/dc/calcs/dcn_calcs.c b/drivers/gpu/drm/amd/display/dc/calcs/dcn_calcs.c index 51397b565ddf..2186603d915c 100644 --- a/drivers/gpu/drm/amd/display/dc/calcs/dcn_calcs.c +++ b/drivers/gpu/drm/amd/display/dc/calcs/dcn_calcs.c @@ -1498,10 +1498,9 @@ void dcn_bw_update_from_pplib(struct dc *dc) ASSERT(fclks.num_levels);
vmin0p65_idx = 0; - vmid0p72_idx = fclks.num_levels - - (fclks.num_levels > 2 ? 3 : (fclks.num_levels > 1 ? 2 : 1)); - vnom0p8_idx = fclks.num_levels - (fclks.num_levels > 1 ? 2 : 1); - vmax0p9_idx = fclks.num_levels - 1; + vmid0p72_idx = fclks.num_levels > 2 ? fclks.num_levels - 3 : 0; + vnom0p8_idx = fclks.num_levels > 1 ? fclks.num_levels - 2 : 0; + vmax0p9_idx = fclks.num_levels > 0 ? fclks.num_levels - 1 : 0;
dc->dcn_soc->fabric_and_dram_bandwidth_vmin0p65 = 32 * (fclks.data[vmin0p65_idx].clocks_in_khz / 1000.0) / 1000.0;