[lvc-project] [PATCH] drm/bochs: avoid sign extension in video memory size

[Fedor Pchelkin]

On Mon, 08. Dec 14:16, Alexey Simakov wrote:
> When bochs_dispi_read() returns a value in the 0x8000–0xFFFF range,
> the expression bochs_dispi_read() * 64 * 1024 is computed in signed
> int and then promoted to unsigned long, which can lead to
> int -> unsigned long sign extension.
> 
> Cast the multipliers to unsigned long so that the multiplication is
> done in unsigned long and covers the full range of the DISPI video
> memory register without sign extension.
> 
> The QEMU stdvga device using the bochs dispi interface exposes video
> memory up to 256 MB, so this change is made against malicious or
> out-of-spec return values from the device.
> 
> Found by Linux Verification Center (linuxtesting.org) with Svace.
> 
> Fixes: 0a6659bdc5e8 ("drm/bochs: new driver")
> Signed-off-by: Alexey Simakov <bigalex934 at gmail.com>
> ---

Для ветки 5.10 понадобится отправить отдельный вариант патча в
lvc-patches at linuxtesting.org.