Thank you for your contribution! Sashiko AI review found 1 potential issue(s) to consider: - [Medium] Integer overflow in `panthor_vm_is_kernel_address()` bypasses the newly added kernel BO range check. --
commit 517863d5c6821783c9329a7a6ac1663177dce0ba Author: Adrián Larumbe <[email protected]> drm/panthor: Add vm_bind region with kbo range intersection check This commit adds a check during VM binding to ensure that user-exposed BO mappings do not intersect with the virtual address space carve-out reserved for kernel BOs. It introduces panthor_vm_is_kernel_address() to evaluate if the requested mapping overlaps with the kernel VA range. > diff --git a/drivers/gpu/drm/panthor/panthor_mmu.c > b/drivers/gpu/drm/panthor/panthor_mmu.c > index 31cc57029c12c..5625f3d340318 100644 > --- a/drivers/gpu/drm/panthor/panthor_mmu.c > +++ b/drivers/gpu/drm/panthor/panthor_mmu.c [ ... ] > @@ -1309,6 +1318,24 @@ static int panthor_vm_op_ctx_prealloc_pts(struct > panthor_vm_op_ctx *op_ctx) > return 0; > } > > +static bool > +panthor_vm_is_kernel_address(struct panthor_vm *vm, > + const struct drm_panthor_vm_bind_op *op) > +{ > + u32 op_type = op->flags & DRM_PANTHOR_VM_BIND_OP_TYPE_MASK; > + u64 end, kstart, krange, kend; > + > + if (op_type == DRM_PANTHOR_VM_BIND_OP_TYPE_SYNC_ONLY) > + return false; > + > + end = op->va + op->size; > + kstart = vm->kernel_va.start; > + krange = vm->kernel_va.range; > + kend = kstart + krange; > + > + return krange && op->va < kend && kstart < end; [Severity: Medium] Can this calculation integer overflow? If a user provides an op->va and op->size that wrap around a 64-bit integer when added, end becomes a small value. This would cause the intersection check (kstart < end) to evaluate to false, bypassing the newly added kernel BO range check. Should this use an overflow safe check to validate the range before checking the intersection? > +} -- Sashiko AI review · https://sashiko.dev/#/patchset/[email protected]?part=1
