Received: by 2002:a5b:505:0:0:0:0:0 with SMTP id o5csp1294649ybp; Wed, 9 Oct 2019 11:47:46 -0700 (PDT) X-Google-Smtp-Source: APXvYqxGDL7BU+skG4/pJLqCIAu2ulfzBnYzLY12fhS61rsrnESEx/QxIZuR9lVAdPzm+YBQstFy X-Received: by 2002:a17:906:fcac:: with SMTP id qw12mr4202108ejb.31.1570646866213; Wed, 09 Oct 2019 11:47:46 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1570646866; cv=none; d=google.com; s=arc-20160816; b=v7kzmaky1a5rUHHAW3KKe/CwEpBLjBS5ldnj/Q+S8W7jZ6QpL18qNQLu4ERGnxEkXi ntCHKqguol30Mj3MCrSDV4EbWmY95v0l//S2xP4qTQCuVtra/D+5HQP7FITHRDV9TbNQ dMYO4qrvT8mtGZj8XuRLB4uYksKmeI35pZVdzK1J1HjLJKmUei1rD7BfPD+h+NR5O2CV 5u+2Efb1vwyYsFHlKrMbvXjX0+dhjfEYAlX/nPH1FuGJmYdBtipV600Pcy0fJvJirVCm qvlPYEi2jP69dyUBMXBeQMM2vMkmdaF5GofM0G8XoW2kBtaOTNyJwLMf6zjAsJiD/kby V/8Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:dkim-signature; bh=80jcnPBLsOoks69yHo8g6YiW4RIC2Pi47/8pROpVuWc=; b=Flnuxj0xSN6WRcleguLfvGNyzNEAjtN0ARkSp5ZddGE6YRafPLGIR9LpOQVSBIe4Co RwElMxHtViUdmERXxOQ6FA989kv5XK/xvoFCWifhv4H+f5aYwxFP5a6Yo91xasDz6/cD rTauqoj4/yjNhIuH53NwHgsxIzhRtcg5rnSvaf8bU7LA4fhTqw/6EL5423mMs9+tn6tG n4r/cy1LKCb4IjngGhznm9RRk8Pc/fb4Vc3F+wJ5lHRjmw8aJPcI6yxu1+HOcR5qonAI g/uYckhjW2QbONvEZNkDUz/7CkMyc9VG+atRNtpGVYqN1FGHrOI3O8Etj4rMAm5Fp87d Gdtw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@ffwll.ch header.s=google header.b=MNqqYHpM; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id si6si1616405ejb.195.2019.10.09.11.47.22; Wed, 09 Oct 2019 11:47:46 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@ffwll.ch header.s=google header.b=MNqqYHpM; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1731637AbfJISoM (ORCPT + 99 others); Wed, 9 Oct 2019 14:44:12 -0400 Received: from mail-oi1-f194.google.com ([209.85.167.194]:42635 "EHLO mail-oi1-f194.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1731254AbfJISoM (ORCPT ); Wed, 9 Oct 2019 14:44:12 -0400 Received: by mail-oi1-f194.google.com with SMTP id i185so2644062oif.9 for ; Wed, 09 Oct 2019 11:44:09 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ffwll.ch; s=google; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=80jcnPBLsOoks69yHo8g6YiW4RIC2Pi47/8pROpVuWc=; b=MNqqYHpMw01a7siHJTmNDsZU/gVtDJklrOtu9mitWMxnxA/AjOqQHWYUhBI6XkjxBp fb/0SUpv7f97S258loyt9/mP1quCcObSikIDKnzLPgYRkv0mTX1R+JLXdPDMs5nlPoNM hq2MsXJt/oJZugSpmImlMYOydesHrFM6MorA4= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=80jcnPBLsOoks69yHo8g6YiW4RIC2Pi47/8pROpVuWc=; b=ri9KB5Qw+yVkAejAYw4SCU+LW9DxKgRIurAeWRg5Iej1vLZoVXO2N9uUZK1M5r2M6J NzHPeA0Cuzv4bfANUvgv8IFrb4ABtxvWIHuXQaDniRjrVHQioT+EJgJoMK1A53U7w8y7 Yth6r5v0E3razdhZ7O9n96OE16z42293vPI7TURUp5zIrQshBAA/LYY/nNOvkG5VZK7F GMS4+DLBcGo8uxlbt7NmZm+TYULcM8A7gXC1Z4uq3p9nWlhkkYc9ENnkhKu+0uT2248Y SWssAmOo2ZDtujJwpoMv2oEP86jiyk/+0C4kHw2lXsYAYQnzEK2gpfdX4XzNcB1bFE/p wHBg== X-Gm-Message-State: APjAAAW9mnJuoQa4yDIaywsi8xFDTDUarsddzmXtpEazOXKX/Zcl4LR2 yQ9iMMvmpXUFC6+6nZkMSmfmP/11SLnCjwS9XUPW5Q== X-Received: by 2002:aca:3a55:: with SMTP id h82mr3856687oia.128.1570646649343; Wed, 09 Oct 2019 11:44:09 -0700 (PDT) MIME-Version: 1.0 References: <951eb7dc-bebe-5049-4998-f199e18b0bf3@canonical.com> <20191009163235.GT16989@phenom.ffwll.local> In-Reply-To: From: Daniel Vetter Date: Wed, 9 Oct 2019 20:43:58 +0200 Message-ID: Subject: Re: drm/amd/display: Add HDCP module - static analysis bug report To: "Lakha, Bhawanpreet" Cc: Colin Ian King , "Wentland, Harry" , "Li, Sun peng (Leo)" , "Deucher, Alexander" , "Koenig, Christian" , "Zhou, David(ChunMing)" , David Airlie , amd-gfx mailing list , "dri-devel@lists.freedesktop.org" , "linux-kernel@vger.kernel.org" Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Wed, Oct 9, 2019 at 8:23 PM Lakha, Bhawanpreet wrote: > > Hi, > > The reason we don't use drm_hdcp is because our policy is to do hdcp > verification using PSP/HW (onboard secure processor). i915 also uses hw to auth, we still use the parts from drm_hdcp ... Did you actually look at what's in there? It's essentially just shared defines and data structures from the standard, plus a few minimal helpers to en/decode some bits. Just from a quick read the entire patch very much looks like midlayer everywhere design that we discussed back when DC landed ... -Daniel > > Bhawan > > On 2019-10-09 12:32 p.m., Daniel Vetter wrote: > > On Thu, Oct 03, 2019 at 11:08:03PM +0100, Colin Ian King wrote: > >> Hi, > >> > >> Static analysis with Coverity has detected a potential issue with > >> function validate_bksv in > >> drivers/gpu/drm/amd/display/modules/hdcp/hdcp1_execution.c with recent > >> commit: > >> > >> commit ed9d8e2bcb003ec94658cafe9b1bb3960e2139ec > >> Author: Bhawanpreet Lakha > >> Date: Tue Aug 6 17:52:01 2019 -0400 > >> > >> drm/amd/display: Add HDCP module > > I think the real question here is ... why is this not using drm_hdcp? > > -Daniel > > > >> > >> The analysis is as follows: > >> > >> 28 static inline enum mod_hdcp_status validate_bksv(struct mod_hdcp *hdcp) > >> 29 { > >> > >> CID 89852 (#1 of 1): Out-of-bounds read (OVERRUN) > >> > >> 1. overrun-local: > >> Overrunning array of 5 bytes at byte offset 7 by dereferencing pointer > >> (uint64_t *)hdcp->auth.msg.hdcp1.bksv. > >> > >> 30 uint64_t n = *(uint64_t *)hdcp->auth.msg.hdcp1.bksv; > >> 31 uint8_t count = 0; > >> 32 > >> 33 while (n) { > >> 34 count++; > >> 35 n &= (n - 1); > >> 36 } > >> > >> hdcp->auth.msg.hdcp1.bksv is an array of 5 uint8_t as defined in > >> drivers/gpu/drm/amd/display/modules/hdcp/hdcp.h as follows: > >> > >> struct mod_hdcp_message_hdcp1 { > >> uint8_t an[8]; > >> uint8_t aksv[5]; > >> uint8_t ainfo; > >> uint8_t bksv[5]; > >> uint16_t r0p; > >> uint8_t bcaps; > >> uint16_t bstatus; > >> uint8_t ksvlist[635]; > >> uint16_t ksvlist_size; > >> uint8_t vp[20]; > >> > >> uint16_t binfo_dp; > >> }; > >> > >> variable n is going to contain the contains of r0p and bcaps. I'm not > >> sure if that is intentional. If not, then the count is going to be > >> incorrect if these are non-zero. > >> > >> Colin > _______________________________________________ > dri-devel mailing list > dri-devel@lists.freedesktop.org > https://lists.freedesktop.org/mailman/listinfo/dri-devel -- Daniel Vetter Software Engineer, Intel Corporation +41 (0) 79 365 57 48 - http://blog.ffwll.ch