[PATCH] drm: drm_modes: Fix signed-integer-overflow UBSAN warning
From: AngeloGioacchino Del Regno
Date: Thu Jan 21 2021 - 14:36:36 EST
During a UBSAN run on ARM64 MSM8998, kernel built with GCC 7.5.0,
a signed integer overflow was shown.
To solve this warning split the multiplication by assigning the
mode clock first to the "num" variable and then multiply: this
way was chosen because no explicit casting is required.
Solves the following warning:
[ 2.028003] UBSAN: signed-integer-overflow in drivers/gpu/drm/drm_modes.c:765:20
[ 2.028721] 2376000 * 1000 cannot be represented in type 'int'
[ 2.029134] CPU: 6 PID: 62 Comm: kworker/6:1 Tainted: G W 5.11.0-rc4-00115-g38e7d22724f4-dirty #8
[ 2.029884] Hardware name: F(x)tec Pro1 (QX1000) (DT)
[ 2.030583] Workqueue: events deferred_probe_work_func
[ 2.031043] Call trace:
[ 2.031419] dump_backtrace+0x0/0x288
[ 2.032144] show_stack+0x14/0x60
[ 2.032564] dump_stack+0xd4/0x12c
[ 2.032985] ubsan_epilogue+0xc/0x50
[ 2.033693] handle_overflow+0xd0/0xf8
[ 2.034092] __ubsan_handle_mul_overflow+0x10/0x18
[ 2.034493] drm_mode_vrefresh+0xd8/0xf8
[ 2.035181] cea_mode_alternate_clock+0x18/0xb0
[ 2.035592] drm_match_cea_mode.part.26+0xa8/0x198
[ 2.036004] drm_match_cea_mode+0x14/0x28
[ 2.036689] drm_mode_validate_ycbcr420+0x14/0x78
[ 2.037098] drm_helper_probe_single_connector_modes+0x5fc/0x910
[ 2.037815] drm_client_modeset_probe+0x26c/0x16f8
[ 2.038225] __drm_fb_helper_initial_config_and_unlock+0x44/0x7b8
[ 2.038931] drm_fb_helper_initial_config+0x48/0x68
[ 2.039337] msm_fbdev_init+0x80/0xe0
[ 2.039735] msm_drm_bind+0x4d8/0x6d0
Signed-off-by: AngeloGioacchino Del Regno <angelogioacchino.delregno@xxxxxxxxxxxxxx>
---
drivers/gpu/drm/drm_modes.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/drivers/gpu/drm/drm_modes.c b/drivers/gpu/drm/drm_modes.c
index 33fb2f05ce66..dd374c628cc5 100644
--- a/drivers/gpu/drm/drm_modes.c
+++ b/drivers/gpu/drm/drm_modes.c
@@ -762,7 +762,8 @@ int drm_mode_vrefresh(const struct drm_display_mode *mode)
if (mode->htotal == 0 || mode->vtotal == 0)
return 0;
- num = mode->clock * 1000;
+ num = mode->clock;
+ num *= 1000;
den = mode->htotal * mode->vtotal;
if (mode->flags & DRM_MODE_FLAG_INTERLACE)
--
2.30.0