[lvc-project] [PATCH] drm/gem: fix overflow in calculating DMA GEM size

Tue Apr 15 12:49:04 MSK 2025

On Tue, 25. Mar 08:46, Ваторопин Андрей wrote:
> From: Andrey Vatoropin <a.vatoropin at crpt.ru>
> 
> The IOCTL handler drm_gem_dma_dumb_create() calculates "size" by
> multiplying "pitch" and "height." This expression is currently being 
> evaluated using 32-bit arithmetic, which can lead to an overflow during 
> multiplication.
> 
> Since a value of type 'u64' is used to store the eventual size, it is 
> necessary to perform 64-bit arithmetic to avoid overflow during the
> multiplication.
> 
> The same thing was done in commit 0f8f8a643000 
> ("drm/i915/gem: Detect overflow in calculating dumb buffer size")
> 
> Found by Linux Verification Center (linuxtesting.org) with SVACE.
>        
> Fixes: 6d1782919dc9 ("drm/cma: Introduce drm_gem_cma_dumb_create_internal()")
> Signed-off-by: Andrey Vatoropin <a.vatoropin at crpt.ru> 
> ---

Просьба выслать патч под 5.10. Текущий чисто не ложится.