• Stephen Boyd's avatar
    drm/msm: Avoid div-by-zero in dpu_crtc_atomic_check() · 22f76094
    Stephen Boyd authored
    The cstate->num_mixers member is only set to a non-zero value once
    dpu_encoder_virt_mode_set() is called, but the atomic check function can
    be called by userspace before that. Let's avoid the div-by-zero here and
    inside _dpu_crtc_setup_lm_bounds() by skipping this part of the atomic
    check if dpu_encoder_virt_mode_set() hasn't been called yet. This fixes
    an UBSAN warning:
    
     UBSAN: Undefined behaviour in drivers/gpu/drm/msm/disp/dpu1/dpu_crtc.c:860:31
     division by zero
     CPU: 7 PID: 409 Comm: frecon Tainted: G S                5.4.31 #128
     Hardware name: Google Trogdor (rev0) (DT)
     Call trace:
      dump_backtrace+0x0/0x14c
      show_stack+0x20/0x2c
      dump_stack+0xa0/0xd8
      __ubsan_handle_divrem_overflow+0xec/0x110
      dpu_crtc_atomic_check+0x97c/0x9d4
      drm_atomic_helper_check_planes+0x160/0x1c8
      drm_atomic_helper_check+0x54/0xbc
      drm_atomic_check_only+0x6a8/0x880
      drm_atomic_commit+0x20/0x5c
      drm_atomic_helper_set_config+0x98/0xa0
      drm_mode_setcrtc+0x308/0x5dc
      drm_ioctl_kernel+0x9c/0x114
      drm_ioctl+0x2ac/0x4b0
      drm_compat_ioctl+0xe8/0x13c
      __arm64_compat_sys_ioctl+0x184/0x324
      el0_svc_common+0xa4/0x154
      el0_svc_compat_handler+0x
    
    Cc: Abhinav Kumar <abhinavk@codeaurora.org>
    Cc: Jeykumar Sankaran <jsanka@codeaurora.org>
    Cc: Jordan Crouse <jcrouse@codeaurora.org>
    Cc: Sean Paul <seanpaul@chromium.org>
    Fixes: 25fdd593 ("drm/msm: Add SDM845 DPU support")
    Signed-off-by: default avatarStephen Boyd <swboyd@chromium.org>
    Reviewed-by: default avatarAbhinav Kumar <abhinavk@codeaurora.org>
    Tested-by: default avatarSai Prakash Ranjan <saiprakash.ranjan@codeaurora.org>
    Signed-off-by: default avatarRob Clark <robdclark@chromium.org>
    22f76094
dpu_crtc.c 36.8 KB