Received: by 2002:a17:90a:37e8:0:0:0:0 with SMTP id v95csp356418pjb; Fri, 4 Oct 2019 00:20:14 -0700 (PDT) X-Google-Smtp-Source: APXvYqwybTkFQDnXwRZamu27/vgIXGgZD+xjQ+ibAUH3S4+cRPf9T1BcsE/CWTWlX9Xd7NMPLmAS X-Received: by 2002:a17:906:a2c9:: with SMTP id by9mr11058755ejb.29.1570173614111; Fri, 04 Oct 2019 00:20:14 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1570173614; cv=none; d=google.com; s=arc-20160816; b=T9LYVMvMcXgszmbTfcaeYFtci5kd+E5bIOv4qAArvYYGI/dMXli878FWJIZbAaTSTA LBChNgx8oucUlnXYXril+kwrAssrVoW0kowR4NABAo7ATjYJYDGJdmmowOifznPByKkl yMGqDeGUlczzooQ45OKuVKmnv0iIw2JThCgHC+uVrYQ5jfQWwi60B6wScNnZoPs3bYkk b8PJmS/QrweUec9tNsA1I7iVK6q2Bf4l2BFpfJB1n0gtgLPrKXub31mZ7mF+bwF8NPqL TCw3CHrZtvF9csAYnt6OpZjgVP+hqHiDn57bCj+3v2vUqi5+2A7rAeCE4RuqZO9URNby ZC3g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding :content-language:mime-version:user-agent:date:message-id:subject:cc :autocrypt:from:to; bh=DGKOXwKJAKhh++scq+HB25iOZfQCIc/Ohe2Hi2dPRPk=; b=gVgUBcZHTZMf+YigBgtyER8x8tPyXVLQcGEkfPuCscaJfRLBfIE+S36MckNgUGihJy MOjQ9fqCMcE/3dkHDvPa9HCAHGP9AeTMsbEWTsQRcCVZtsIeYU0IrdTfB6cD4tCGLbRP L7IkWQMPHfR4mN8sxjQdZ+15eUBCkoyfELcxb+9zx0FgGflo5aWj8osQjpxKwyhearPO mIcNQQNtK4Mx/MsGuh1tvCiz0cInu35y80y6WhxXs04+H6P8JR8NhvfeAbZY1gw3F/ka QjWVeC5zow5uxEBUs0ksEc1bzrrIKoQ7gjqU70fQXwgIiXOHjo+Vvj3rE93wv+/vYcYk 5mJA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=canonical.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id b33si3172783edc.265.2019.10.04.00.19.49; Fri, 04 Oct 2019 00:20:14 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=canonical.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729223AbfJCWIH (ORCPT + 99 others); Thu, 3 Oct 2019 18:08:07 -0400 Received: from youngberry.canonical.com ([91.189.89.112]:59158 "EHLO youngberry.canonical.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728356AbfJCWIH (ORCPT ); Thu, 3 Oct 2019 18:08:07 -0400 Received: from 1.general.cking.uk.vpn ([10.172.193.212]) by youngberry.canonical.com with esmtpsa (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.86_2) (envelope-from ) id 1iG9GW-0003Oj-5O; Thu, 03 Oct 2019 22:08:04 +0000 To: Harry Wentland , Leo Li , Alex Deucher , =?UTF-8?Q?Christian_K=c3=b6nig?= , "David (ChunMing) Zhou" , David Airlie , Daniel Vetter , amd-gfx mailing list , "dri-devel@lists.freedesktop.org" , Bhawanpreet Lakha From: Colin Ian King Autocrypt: addr=colin.king@canonical.com; prefer-encrypt=mutual; keydata= mQINBE6TJCgBEACo6nMNvy06zNKj5tiwDsXXS+LhT+LwtEsy9EnraKYXAf2xwazcICSjX06e fanlyhB0figzQO0n/tP7BcfMVNG7n1+DC71mSyRK1ZERcG1523ajvdZOxbBCTvTitYOy3bjs +LXKqeVMhK3mRvdTjjmVpWnWqJ1LL+Hn12ysDVVfkbtuIm2NoaSEC8Ae8LSSyCMecd22d9Pn LR4UeFgrWEkQsqROq6ZDJT9pBLGe1ZS0pVGhkRyBP9GP65oPev39SmfAx9R92SYJygCy0pPv BMWKvEZS/7bpetPNx6l2xu9UvwoeEbpzUvH26PHO3DDAv0ynJugPCoxlGPVf3zcfGQxy3oty dNTWkP6Wh3Q85m+AlifgKZudjZLrO6c+fAw/jFu1UMjNuyhgShtFU7NvEzL3RqzFf9O1qM2m uj83IeFQ1FZ65QAiCdTa3npz1vHc7N4uEQBUxyXgXfCI+A5yDnjHwzU0Y3RYS52TA3nfa08y LGPLTf5wyAREkFYou20vh5vRvPASoXx6auVf1MuxokDShVhxLpryBnlKCobs4voxN54BUO7m zuERXN8kadsxGFzItAyfKYzEiJrpUB1yhm78AecDyiPlMjl99xXk0zs9lcKriaByVUv/NsyJ FQj/kmdxox3XHi9K29kopFszm1tFiDwCFr/xumbZcMY17Yi2bQARAQABtCVDb2xpbiBLaW5n IDxjb2xpbi5raW5nQGNhbm9uaWNhbC5jb20+iQI2BBMBCAAhBQJOkyQoAhsDBQsJCAcDBRUK CQgLBRYCAwEAAh4BAheAAAoJEGjCh9/GqAImsBcP9i6C/qLewfi7iVcOwqF9avfGzOPf7CVr n8CayQnlWQPchmGKk6W2qgnWI2YLIkADh53TS0VeSQ7Tetj8f1gV75eP0Sr/oT/9ovn38QZ2 vN8hpZp0GxOUrzkvvPjpH+zdmKSaUsHGp8idfPpZX7XeBO0yojAs669+3BrnBcU5wW45SjSV nfmVj1ZZj3/yBunb+hgNH1QRcm8ZPICpjvSsGFClTdB4xu2AR28eMiL/TTg9k8Gt72mOvhf0 fS0/BUwcP8qp1TdgOFyiYpI8CGyzbfwwuGANPSupGaqtIRVf+/KaOdYUM3dx/wFozZb93Kws gXR4z6tyvYCkEg3x0Xl9BoUUyn9Jp5e6FOph2t7TgUvv9dgQOsZ+V9jFJplMhN1HPhuSnkvP 5/PrX8hNOIYuT/o1AC7K5KXQmr6hkkxasjx16PnCPLpbCF5pFwcXc907eQ4+b/42k+7E3fDA Erm9blEPINtt2yG2UeqEkL+qoebjFJxY9d4r8PFbEUWMT+t3+dmhr/62NfZxrB0nTHxDVIia u8xM+23iDRsymnI1w0R78yaa0Eea3+f79QsoRW27Kvu191cU7QdW1eZm05wO8QUvdFagVVdW Zg2DE63Fiin1AkGpaeZG9Dw8HL3pJAJiDe0KOpuq9lndHoGHs3MSa3iyQqpQKzxM6sBXWGfk EkK5Ag0ETpMkKAEQAMX6HP5zSoXRHnwPCIzwz8+inMW7mJ60GmXSNTOCVoqExkopbuUCvinN 4Tg+AnhnBB3R1KTHreFGoz3rcV7fmJeut6CWnBnGBtsaW5Emmh6gZbO5SlcTpl7QDacgIUuT v1pgewVHCcrKiX0zQDJkcK8FeLUcB2PXuJd6sJg39kgsPlI7R0OJCXnvT/VGnd3XPSXXoO4K cr5fcjsZPxn0HdYCvooJGI/Qau+imPHCSPhnX3WY/9q5/WqlY9cQA8tUC+7mgzt2VMjFft1h rp/CVybW6htm+a1d4MS4cndORsWBEetnC6HnQYwuC4bVCOEg9eXMTv88FCzOHnMbE+PxxHzW 3Gzor/QYZGcis+EIiU6hNTwv4F6fFkXfW6611JwfDUQCAHoCxF3B13xr0BH5d2EcbNB6XyQb IGngwDvnTyKHQv34wE+4KtKxxyPBX36Z+xOzOttmiwiFWkFp4c2tQymHAV70dsZTBB5Lq06v 6nJs601Qd6InlpTc2mjd5mRZUZ48/Y7i+vyuNVDXFkwhYDXzFRotO9VJqtXv8iqMtvS4xPPo 2DtJx6qOyDE7gnfmk84IbyDLzlOZ3k0p7jorXEaw0bbPN9dDpw2Sh9TJAUZVssK119DJZXv5 2BSc6c+GtMqkV8nmWdakunN7Qt/JbTcKlbH3HjIyXBy8gXDaEto5ABEBAAGJAh8EGAEIAAkF Ak6TJCgCGwwACgkQaMKH38aoAiZ4lg/+N2mkx5vsBmcsZVd3ys3sIsG18w6RcJZo5SGMxEBj t1UgyIXWI9lzpKCKIxKx0bskmEyMy4tPEDSRfZno/T7p1mU7hsM4owi/ic0aGBKP025Iok9G LKJcooP/A2c9dUV0FmygecRcbIAUaeJ27gotQkiJKbi0cl2gyTRlolKbC3R23K24LUhYfx4h pWj8CHoXEJrOdHO8Y0XH7059xzv5oxnXl2SD1dqA66INnX+vpW4TD2i+eQNPgfkECzKzGj+r KRfhdDZFBJj8/e131Y0t5cu+3Vok1FzBwgQqBnkA7dhBsQm3V0R8JTtMAqJGmyOcL+JCJAca 3Yi81yLyhmYzcRASLvJmoPTsDp2kZOdGr05Dt8aGPRJL33Jm+igfd8EgcDYtG6+F8MCBOult TTAu+QAijRPZv1KhEJXwUSke9HZvzo1tNTlY3h6plBsBufELu0mnqQvHZmfa5Ay99dF+dL1H WNp62+mTeHsX6v9EACH4S+Cw9Q1qJElFEu9/1vFNBmGY2vDv14gU2xEiS2eIvKiYl/b5Y85Q QLOHWV8up73KK5Qq/6bm4BqVd1rKGI9un8kezUQNGBKre2KKs6wquH8oynDP/baoYxEGMXBg GF/qjOC6OY+U7kNUW3N/A7J3M2VdOTLu3hVTzJMZdlMmmsg74azvZDV75dUigqXcwjE= Cc: "linux-kernel@vger.kernel.org" Subject: re: drm/amd/display: Add HDCP module - static analysis bug report Message-ID: <951eb7dc-bebe-5049-4998-f199e18b0bf3@canonical.com> Date: Thu, 3 Oct 2019 23:08:03 +0100 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.1.1 MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Hi, Static analysis with Coverity has detected a potential issue with function validate_bksv in drivers/gpu/drm/amd/display/modules/hdcp/hdcp1_execution.c with recent commit: commit ed9d8e2bcb003ec94658cafe9b1bb3960e2139ec Author: Bhawanpreet Lakha Date: Tue Aug 6 17:52:01 2019 -0400 drm/amd/display: Add HDCP module The analysis is as follows: 28 static inline enum mod_hdcp_status validate_bksv(struct mod_hdcp *hdcp) 29 { CID 89852 (#1 of 1): Out-of-bounds read (OVERRUN) 1. overrun-local: Overrunning array of 5 bytes at byte offset 7 by dereferencing pointer (uint64_t *)hdcp->auth.msg.hdcp1.bksv. 30 uint64_t n = *(uint64_t *)hdcp->auth.msg.hdcp1.bksv; 31 uint8_t count = 0; 32 33 while (n) { 34 count++; 35 n &= (n - 1); 36 } hdcp->auth.msg.hdcp1.bksv is an array of 5 uint8_t as defined in drivers/gpu/drm/amd/display/modules/hdcp/hdcp.h as follows: struct mod_hdcp_message_hdcp1 { uint8_t an[8]; uint8_t aksv[5]; uint8_t ainfo; uint8_t bksv[5]; uint16_t r0p; uint8_t bcaps; uint16_t bstatus; uint8_t ksvlist[635]; uint16_t ksvlist_size; uint8_t vp[20]; uint16_t binfo_dp; }; variable n is going to contain the contains of r0p and bcaps. I'm not sure if that is intentional. If not, then the count is going to be incorrect if these are non-zero. Colin