[ kbuild bot sent this warning on May 4 but I never heard back and it's
May 27 now so sending a duplicate warning is probably for the best. -dan]
tree: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master
head: 7e284070abe53d448517b80493863595af4ab5f0
commit: 622469c87fc3e6c90a980be3e2287d82bd55c977 drm/amdgpu/discovery: add a function to parse the vcn info table
config: arc-randconfig-m031-20220524 (https://download.01.org/0day-ci/archive/20220527/[email protected]/config )
compiler: arceb-elf-gcc (GCC) 11.3.0
If you fix the issue, kindly add following tag where applicable
Reported-by: kernel test robot <[email protected]>
Reported-by: Dan Carpenter <[email protected]>
smatch warnings:
drivers/gpu/drm/amd/amdgpu/amdgpu_discovery.c:1433 amdgpu_discovery_get_vcn_info() error: buffer overflow 'adev->vcn.vcn_codec_disable_mask' 2 <= 3
vim +1433 drivers/gpu/drm/amd/amdgpu/amdgpu_discovery.c
622469c87fc3e6 Alex Deucher 2022-03-30 1403 int amdgpu_discovery_get_vcn_info(struct amdgpu_device *adev)
622469c87fc3e6 Alex Deucher 2022-03-30 1404 {
622469c87fc3e6 Alex Deucher 2022-03-30 1405 struct binary_header *bhdr;
622469c87fc3e6 Alex Deucher 2022-03-30 1406 union vcn_info *vcn_info;
622469c87fc3e6 Alex Deucher 2022-03-30 1407 u16 offset;
622469c87fc3e6 Alex Deucher 2022-03-30 1408 int v;
622469c87fc3e6 Alex Deucher 2022-03-30 1409
622469c87fc3e6 Alex Deucher 2022-03-30 1410 if (!adev->mman.discovery_bin) {
622469c87fc3e6 Alex Deucher 2022-03-30 1411 DRM_ERROR("ip discovery uninitialized\n");
622469c87fc3e6 Alex Deucher 2022-03-30 1412 return -EINVAL;
622469c87fc3e6 Alex Deucher 2022-03-30 1413 }
622469c87fc3e6 Alex Deucher 2022-03-30 1414
622469c87fc3e6 Alex Deucher 2022-03-30 1415 if (adev->vcn.num_vcn_inst > VCN_INFO_TABLE_MAX_NUM_INSTANCES) {
Capped to 4
622469c87fc3e6 Alex Deucher 2022-03-30 1416 dev_err(adev->dev, "invalid vcn instances\n");
622469c87fc3e6 Alex Deucher 2022-03-30 1417 return -EINVAL;
622469c87fc3e6 Alex Deucher 2022-03-30 1418 }
622469c87fc3e6 Alex Deucher 2022-03-30 1419
622469c87fc3e6 Alex Deucher 2022-03-30 1420 bhdr = (struct binary_header *)adev->mman.discovery_bin;
622469c87fc3e6 Alex Deucher 2022-03-30 1421 offset = le16_to_cpu(bhdr->table_list[VCN_INFO].offset);
622469c87fc3e6 Alex Deucher 2022-03-30 1422
622469c87fc3e6 Alex Deucher 2022-03-30 1423 if (!offset) {
622469c87fc3e6 Alex Deucher 2022-03-30 1424 dev_err(adev->dev, "invalid vcn table offset\n");
622469c87fc3e6 Alex Deucher 2022-03-30 1425 return -EINVAL;
622469c87fc3e6 Alex Deucher 2022-03-30 1426 }
622469c87fc3e6 Alex Deucher 2022-03-30 1427
622469c87fc3e6 Alex Deucher 2022-03-30 1428 vcn_info = (union vcn_info *)(adev->mman.discovery_bin + offset);
622469c87fc3e6 Alex Deucher 2022-03-30 1429
622469c87fc3e6 Alex Deucher 2022-03-30 1430 switch (le16_to_cpu(vcn_info->v1.header.version_major)) {
622469c87fc3e6 Alex Deucher 2022-03-30 1431 case 1:
622469c87fc3e6 Alex Deucher 2022-03-30 1432 for (v = 0; v < adev->vcn.num_vcn_inst; v++) {
622469c87fc3e6 Alex Deucher 2022-03-30 @1433 adev->vcn.vcn_codec_disable_mask[v] =
But this array doesn't have 4 elements
622469c87fc3e6 Alex Deucher 2022-03-30 1434 le32_to_cpu(vcn_info->v1.instance_info[v].fuse_data.all_bits);
622469c87fc3e6 Alex Deucher 2022-03-30 1435 }
622469c87fc3e6 Alex Deucher 2022-03-30 1436 break;
622469c87fc3e6 Alex Deucher 2022-03-30 1437 default:
622469c87fc3e6 Alex Deucher 2022-03-30 1438 dev_err(adev->dev,
622469c87fc3e6 Alex Deucher 2022-03-30 1439 "Unhandled VCN info table %d.%d\n",
622469c87fc3e6 Alex Deucher 2022-03-30 1440 le16_to_cpu(vcn_info->v1.header.version_major),
622469c87fc3e6 Alex Deucher 2022-03-30 1441 le16_to_cpu(vcn_info->v1.header.version_minor));
622469c87fc3e6 Alex Deucher 2022-03-30 1442 return -EINVAL;
622469c87fc3e6 Alex Deucher 2022-03-30 1443 }
622469c87fc3e6 Alex Deucher 2022-03-30 1444 return 0;
f39f5bb1c9d68d Xiaojie Yuan 2019-06-20 1445 }
--
0-DAY CI Kernel Test Service
https://01.org/lkp
_______________________________________________
kbuild mailing list -- [email protected]
To unsubscribe send an email to [email protected]
A patch was available already to protect against such scenario.
https://patchwork.freedesktop.org/patch/486289/, "drm/amdgpu/discovery: validate VCN and SDMA instances"
Regards,
Guchun
-----Original Message-----
From: amd-gfx <[email protected]> On Behalf Of Dan Carpenter
Sent: Friday, May 27, 2022 3:46 PM
To: [email protected]; Deucher, Alexander <[email protected]>
Cc: [email protected]; [email protected]; [email protected]; [email protected]
Subject: [kbuild] drivers/gpu/drm/amd/amdgpu/amdgpu_discovery.c:1433 amdgpu_discovery_get_vcn_info() error: buffer overflow 'adev->vcn.vcn_codec_disable_mask' 2 <= 3
[ kbuild bot sent this warning on May 4 but I never heard back and it's
May 27 now so sending a duplicate warning is probably for the best. -dan]
tree: https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgit.kernel.org%2Fpub%2Fscm%2Flinux%2Fkernel%2Fgit%2Ftorvalds%2Flinux.git&data=05%7C01%7Cguchun.chen%40amd.com%7Cfc2110078e5c4790337808da3fb50de6%7C3dd8961fe4884e608e11a82d994e183d%7C0%7C0%7C637892344114571722%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=4AYyKswjTmjKoNdRpOxWPW2R2o2RU5CkrYRuelaCafA%3D&reserved=0 master
head: 7e284070abe53d448517b80493863595af4ab5f0
commit: 622469c87fc3e6c90a980be3e2287d82bd55c977 drm/amdgpu/discovery: add a function to parse the vcn info table
config: arc-randconfig-m031-20220524 (https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdownload.01.org%2F0day-ci%2Farchive%2F20220527%2F202205271546.oV14N2r8-lkp%40intel.com%2Fconfig&data=05%7C01%7Cguchun.chen%40amd.com%7Cfc2110078e5c4790337808da3fb50de6%7C3dd8961fe4884e608e11a82d994e183d%7C0%7C0%7C637892344114571722%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=osyRhU3i%2Fdnwcu%2Fz9T0278PTeEFuM%2BAWw8zR43ir%2FhQ%3D&reserved=0 )
compiler: arceb-elf-gcc (GCC) 11.3.0
If you fix the issue, kindly add following tag where applicable
Reported-by: kernel test robot <[email protected]>
Reported-by: Dan Carpenter <[email protected]>
smatch warnings:
drivers/gpu/drm/amd/amdgpu/amdgpu_discovery.c:1433 amdgpu_discovery_get_vcn_info() error: buffer overflow 'adev->vcn.vcn_codec_disable_mask' 2 <= 3
vim +1433 drivers/gpu/drm/amd/amdgpu/amdgpu_discovery.c
622469c87fc3e6 Alex Deucher 2022-03-30 1403 int amdgpu_discovery_get_vcn_info(struct amdgpu_device *adev)
622469c87fc3e6 Alex Deucher 2022-03-30 1404 {
622469c87fc3e6 Alex Deucher 2022-03-30 1405 struct binary_header *bhdr;
622469c87fc3e6 Alex Deucher 2022-03-30 1406 union vcn_info *vcn_info;
622469c87fc3e6 Alex Deucher 2022-03-30 1407 u16 offset;
622469c87fc3e6 Alex Deucher 2022-03-30 1408 int v;
622469c87fc3e6 Alex Deucher 2022-03-30 1409
622469c87fc3e6 Alex Deucher 2022-03-30 1410 if (!adev->mman.discovery_bin) {
622469c87fc3e6 Alex Deucher 2022-03-30 1411 DRM_ERROR("ip discovery uninitialized\n");
622469c87fc3e6 Alex Deucher 2022-03-30 1412 return -EINVAL;
622469c87fc3e6 Alex Deucher 2022-03-30 1413 }
622469c87fc3e6 Alex Deucher 2022-03-30 1414
622469c87fc3e6 Alex Deucher 2022-03-30 1415 if (adev->vcn.num_vcn_inst > VCN_INFO_TABLE_MAX_NUM_INSTANCES) {
Capped to 4
622469c87fc3e6 Alex Deucher 2022-03-30 1416 dev_err(adev->dev, "invalid vcn instances\n");
622469c87fc3e6 Alex Deucher 2022-03-30 1417 return -EINVAL;
622469c87fc3e6 Alex Deucher 2022-03-30 1418 }
622469c87fc3e6 Alex Deucher 2022-03-30 1419
622469c87fc3e6 Alex Deucher 2022-03-30 1420 bhdr = (struct binary_header *)adev->mman.discovery_bin;
622469c87fc3e6 Alex Deucher 2022-03-30 1421 offset = le16_to_cpu(bhdr->table_list[VCN_INFO].offset);
622469c87fc3e6 Alex Deucher 2022-03-30 1422
622469c87fc3e6 Alex Deucher 2022-03-30 1423 if (!offset) {
622469c87fc3e6 Alex Deucher 2022-03-30 1424 dev_err(adev->dev, "invalid vcn table offset\n");
622469c87fc3e6 Alex Deucher 2022-03-30 1425 return -EINVAL;
622469c87fc3e6 Alex Deucher 2022-03-30 1426 }
622469c87fc3e6 Alex Deucher 2022-03-30 1427
622469c87fc3e6 Alex Deucher 2022-03-30 1428 vcn_info = (union vcn_info *)(adev->mman.discovery_bin + offset);
622469c87fc3e6 Alex Deucher 2022-03-30 1429
622469c87fc3e6 Alex Deucher 2022-03-30 1430 switch (le16_to_cpu(vcn_info->v1.header.version_major)) {
622469c87fc3e6 Alex Deucher 2022-03-30 1431 case 1:
622469c87fc3e6 Alex Deucher 2022-03-30 1432 for (v = 0; v < adev->vcn.num_vcn_inst; v++) {
622469c87fc3e6 Alex Deucher 2022-03-30 @1433 adev->vcn.vcn_codec_disable_mask[v] =
But this array doesn't have 4 elements
622469c87fc3e6 Alex Deucher 2022-03-30 1434 le32_to_cpu(vcn_info->v1.instance_info[v].fuse_data.all_bits);
622469c87fc3e6 Alex Deucher 2022-03-30 1435 }
622469c87fc3e6 Alex Deucher 2022-03-30 1436 break;
622469c87fc3e6 Alex Deucher 2022-03-30 1437 default:
622469c87fc3e6 Alex Deucher 2022-03-30 1438 dev_err(adev->dev,
622469c87fc3e6 Alex Deucher 2022-03-30 1439 "Unhandled VCN info table %d.%d\n",
622469c87fc3e6 Alex Deucher 2022-03-30 1440 le16_to_cpu(vcn_info->v1.header.version_major),
622469c87fc3e6 Alex Deucher 2022-03-30 1441 le16_to_cpu(vcn_info->v1.header.version_minor));
622469c87fc3e6 Alex Deucher 2022-03-30 1442 return -EINVAL;
622469c87fc3e6 Alex Deucher 2022-03-30 1443 }
622469c87fc3e6 Alex Deucher 2022-03-30 1444 return 0;
f39f5bb1c9d68d Xiaojie Yuan 2019-06-20 1445 }
--
0-DAY CI Kernel Test Service
https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2F01.org%2Flkp&data=05%7C01%7Cguchun.chen%40amd.com%7Cfc2110078e5c4790337808da3fb50de6%7C3dd8961fe4884e608e11a82d994e183d%7C0%7C0%7C637892344114571722%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=FEZiW7nVnlbPvQRbf2TUEbh15BsdY0tRLKvWFtPknuA%3D&reserved=0
_______________________________________________
kbuild mailing list -- [email protected] To unsubscribe send an email to [email protected]
On Fri, May 27, 2022 at 07:56:48AM +0000, Chen, Guchun wrote:
> A patch was available already to protect against such scenario.
>
> https://patchwork.freedesktop.org/patch/486289/ , "drm/amdgpu/discovery: validate VCN and SDMA instances"
>
What? That's an unrelated patch and it has already been applied so I
took it into consideration when doing my analysis.
regards,
dan carpenter
On Fri, May 27, 2022 at 3:46 AM Dan Carpenter <[email protected]> wrote:
>
> [ kbuild bot sent this warning on May 4 but I never heard back and it's
> May 27 now so sending a duplicate warning is probably for the best. -dan]
>
> tree: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master
> head: 7e284070abe53d448517b80493863595af4ab5f0
> commit: 622469c87fc3e6c90a980be3e2287d82bd55c977 drm/amdgpu/discovery: add a function to parse the vcn info table
> config: arc-randconfig-m031-20220524 (https://download.01.org/0day-ci/archive/20220527/[email protected]/config )
> compiler: arceb-elf-gcc (GCC) 11.3.0
>
> If you fix the issue, kindly add following tag where applicable
> Reported-by: kernel test robot <[email protected]>
> Reported-by: Dan Carpenter <[email protected]>
>
> smatch warnings:
> drivers/gpu/drm/amd/amdgpu/amdgpu_discovery.c:1433 amdgpu_discovery_get_vcn_info() error: buffer overflow 'adev->vcn.vcn_codec_disable_mask' 2 <= 3
>
> vim +1433 drivers/gpu/drm/amd/amdgpu/amdgpu_discovery.c
>
> 622469c87fc3e6 Alex Deucher 2022-03-30 1403 int amdgpu_discovery_get_vcn_info(struct amdgpu_device *adev)
> 622469c87fc3e6 Alex Deucher 2022-03-30 1404 {
> 622469c87fc3e6 Alex Deucher 2022-03-30 1405 struct binary_header *bhdr;
> 622469c87fc3e6 Alex Deucher 2022-03-30 1406 union vcn_info *vcn_info;
> 622469c87fc3e6 Alex Deucher 2022-03-30 1407 u16 offset;
> 622469c87fc3e6 Alex Deucher 2022-03-30 1408 int v;
> 622469c87fc3e6 Alex Deucher 2022-03-30 1409
> 622469c87fc3e6 Alex Deucher 2022-03-30 1410 if (!adev->mman.discovery_bin) {
> 622469c87fc3e6 Alex Deucher 2022-03-30 1411 DRM_ERROR("ip discovery uninitialized\n");
> 622469c87fc3e6 Alex Deucher 2022-03-30 1412 return -EINVAL;
> 622469c87fc3e6 Alex Deucher 2022-03-30 1413 }
> 622469c87fc3e6 Alex Deucher 2022-03-30 1414
> 622469c87fc3e6 Alex Deucher 2022-03-30 1415 if (adev->vcn.num_vcn_inst > VCN_INFO_TABLE_MAX_NUM_INSTANCES) {
>
> Capped to 4
>
> 622469c87fc3e6 Alex Deucher 2022-03-30 1416 dev_err(adev->dev, "invalid vcn instances\n");
> 622469c87fc3e6 Alex Deucher 2022-03-30 1417 return -EINVAL;
> 622469c87fc3e6 Alex Deucher 2022-03-30 1418 }
> 622469c87fc3e6 Alex Deucher 2022-03-30 1419
> 622469c87fc3e6 Alex Deucher 2022-03-30 1420 bhdr = (struct binary_header *)adev->mman.discovery_bin;
> 622469c87fc3e6 Alex Deucher 2022-03-30 1421 offset = le16_to_cpu(bhdr->table_list[VCN_INFO].offset);
> 622469c87fc3e6 Alex Deucher 2022-03-30 1422
> 622469c87fc3e6 Alex Deucher 2022-03-30 1423 if (!offset) {
> 622469c87fc3e6 Alex Deucher 2022-03-30 1424 dev_err(adev->dev, "invalid vcn table offset\n");
> 622469c87fc3e6 Alex Deucher 2022-03-30 1425 return -EINVAL;
> 622469c87fc3e6 Alex Deucher 2022-03-30 1426 }
> 622469c87fc3e6 Alex Deucher 2022-03-30 1427
> 622469c87fc3e6 Alex Deucher 2022-03-30 1428 vcn_info = (union vcn_info *)(adev->mman.discovery_bin + offset);
> 622469c87fc3e6 Alex Deucher 2022-03-30 1429
> 622469c87fc3e6 Alex Deucher 2022-03-30 1430 switch (le16_to_cpu(vcn_info->v1.header.version_major)) {
> 622469c87fc3e6 Alex Deucher 2022-03-30 1431 case 1:
> 622469c87fc3e6 Alex Deucher 2022-03-30 1432 for (v = 0; v < adev->vcn.num_vcn_inst; v++) {
> 622469c87fc3e6 Alex Deucher 2022-03-30 @1433 adev->vcn.vcn_codec_disable_mask[v] =
>
> But this array doesn't have 4 elements
Correct, but num_vcn_inst can't be larger than
AMDGPU_MAX_VCN_INSTANCES (2) at the moment thanks to:
https://patchwork.freedesktop.org/patch/486289/
Alex
>
> 622469c87fc3e6 Alex Deucher 2022-03-30 1434 le32_to_cpu(vcn_info->v1.instance_info[v].fuse_data.all_bits);
> 622469c87fc3e6 Alex Deucher 2022-03-30 1435 }
> 622469c87fc3e6 Alex Deucher 2022-03-30 1436 break;
> 622469c87fc3e6 Alex Deucher 2022-03-30 1437 default:
> 622469c87fc3e6 Alex Deucher 2022-03-30 1438 dev_err(adev->dev,
> 622469c87fc3e6 Alex Deucher 2022-03-30 1439 "Unhandled VCN info table %d.%d\n",
> 622469c87fc3e6 Alex Deucher 2022-03-30 1440 le16_to_cpu(vcn_info->v1.header.version_major),
> 622469c87fc3e6 Alex Deucher 2022-03-30 1441 le16_to_cpu(vcn_info->v1.header.version_minor));
> 622469c87fc3e6 Alex Deucher 2022-03-30 1442 return -EINVAL;
> 622469c87fc3e6 Alex Deucher 2022-03-30 1443 }
> 622469c87fc3e6 Alex Deucher 2022-03-30 1444 return 0;
> f39f5bb1c9d68d Xiaojie Yuan 2019-06-20 1445 }
>
> --
> 0-DAY CI Kernel Test Service
> https://01.org/lkp
> _______________________________________________
> kbuild mailing list -- [email protected]
> To unsubscribe send an email to [email protected]
>
On Thu, Jun 02, 2022 at 10:24:58AM -0400, Alex Deucher wrote:
> On Thu, Jun 2, 2022 at 7:51 AM Dan Carpenter <[email protected]> wrote:
> >
> > On Thu, Jun 02, 2022 at 08:26:03AM +0200, Ernst Sj?strand wrote:
> > > Dan: I also ran Smatch which resulted in the following discussion:
> > >
> > > https://lists.freedesktop.org/archives/amd-gfx/2022-May/079228.html
> >
> > Since the bounds check is dead code which does not make sense and is not
> > required, another idea would be to just delete it.
>
> It wouldn't be dead code if AMDGPU_MAX_VCN_INSTANCES ever increased.
Or we could add a comment to the code I suppose.
/* Impossible in 2022 but this check might sense in the future */
regards,
dan carpenter
On Thu, Jun 2, 2022 at 11:33 AM Dan Carpenter <[email protected]> wrote:
>
> On Thu, Jun 02, 2022 at 10:24:58AM -0400, Alex Deucher wrote:
> > On Thu, Jun 2, 2022 at 7:51 AM Dan Carpenter <[email protected]> wrote:
> > >
> > > On Thu, Jun 02, 2022 at 08:26:03AM +0200, Ernst Sjöstrand wrote:
> > > > Dan: I also ran Smatch which resulted in the following discussion:
> > > >
> > > > https://lists.freedesktop.org/archives/amd-gfx/2022-May/079228.html
> > >
> > > Since the bounds check is dead code which does not make sense and is not
> > > required, another idea would be to just delete it.
> >
> > It wouldn't be dead code if AMDGPU_MAX_VCN_INSTANCES ever increased.
>
> Or we could add a comment to the code I suppose.
>
> /* Impossible in 2022 but this check might sense in the future */
Good idea. I'll send out a patch.
Thanks,
Alex
>
> regards,
> dan carpenter
>
On Thu, Jun 02, 2022 at 08:26:03AM +0200, Ernst Sj?strand wrote:
> Dan: I also ran Smatch which resulted in the following discussion:
>
> https://lists.freedesktop.org/archives/amd-gfx/2022-May/079228.html
Since the bounds check is dead code which does not make sense and is not
required, another idea would be to just delete it.
regards,
dan carpenter
On Thu, Jun 2, 2022 at 7:51 AM Dan Carpenter <[email protected]> wrote:
>
> On Thu, Jun 02, 2022 at 08:26:03AM +0200, Ernst Sjöstrand wrote:
> > Dan: I also ran Smatch which resulted in the following discussion:
> >
> > https://lists.freedesktop.org/archives/amd-gfx/2022-May/079228.html
>
> Since the bounds check is dead code which does not make sense and is not
> required, another idea would be to just delete it.
It wouldn't be dead code if AMDGPU_MAX_VCN_INSTANCES ever increased.
Alex
>
> regards,
> dan carpenter
>