On Mon, 01 Jun 2026, Jani Nikula <[email protected]> wrote: > On Mon, 01 Jun 2026, Jani Nikula <[email protected]> wrote: >> On Fri, 29 May 2026, Thomas Zimmermann <[email protected]> wrote: >>> Rajat Gupta (1): >>> drm: prevent integer overflows in dumb buffer creation helpers >> >> Looks like this commit 5ab62dd3687b ("drm: prevent integer overflows in >> dumb buffer creation helpers") regressed in our CI, awaiting >> confirmation. > > The IGT test kms_big_fb uses max width and height from GetResources, and > i915 and xe use max_width 16384 and max_height 16384 in mode config. > > The regressing commit adds random hard limits not based on anything: > > + /* Reject unreasonable inputs early. Dumb buffers are for software > + * rendering; nothing legitimate needs more than 8192x8192 at 32bpp. > + * This prevents overflows in downstream alignment helpers. > + */ > + if (args->width >= 8192 || args->height >= 8192 || args->bpp > 32) > + return -EINVAL; > > This is now in v7.1-rc6. Please revert ASAP.
Ah, missed this clue in the pull request: On Fri, 29 May 2026, Thomas Zimmermann <[email protected]> wrote: > here is this week's PR from drm-misc-fixes. There's one cross-subsys > commit to the dma-buf code. Commit 5ab62dd3687b ("drm: prevent integer > overflows in dumb buffer creation helpers") has not Link tag because > it went through the security list. We have the whole review and CI processes in place to catch silly mistakes, and then we proceed to shoot ourselves in the foot and bypass all of that because "security", and expedite the regressions everywhere. I'll bet this will be in stable kernels in no time too. This is stupid. Please also read [1] with its recent updates. BR, Jani. [1] https://docs.kernel.org/process/security-bugs.html#what-qualifies-as-a-security-bug > > > BR, > Jani. > > >> >> No matter what, it's immediately suspect because AFAICT it was not >> posted on the lists, and the commit doesn't have a Link: trailer >> pointing at the patch. >> >> This is not how we're supposed to roll. What's going on? >> >> >> BR, >> Jani. -- Jani Nikula, Intel
