Received: by 2002:a6b:500f:0:0:0:0:0 with SMTP id e15csp219787iob; Wed, 18 May 2022 00:12:35 -0700 (PDT) X-Google-Smtp-Source: ABdhPJwPm10aybS5gdzqx0aM9LQAqe6L5W7tYl1Fg5Ew/1q19g+08rasBYcQNVlGPx4Ito55MN5M X-Received: by 2002:a63:1c2:0:b0:3c5:e6bf:a3e3 with SMTP id 185-20020a6301c2000000b003c5e6bfa3e3mr22986194pgb.601.1652857955031; Wed, 18 May 2022 00:12:35 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1652857955; cv=none; d=google.com; s=arc-20160816; b=z2kRCSjjEC5eUpvobeAW9xtG0L+g18wmBnBAdD+uXhTzM3xmiconK4PKqs7RHxoiOB /g4vEEDETlbxOr6DFk/oV+xJh2Wy/H5Q9TL4z+poxwtRy8hZGYttGXw+/OBfCInu31CF NS7gR6lh5UVcA7evMO/vvhyuF00C0C3G0xyDKki5srqKwdLymv1lOhj55jEqVtW1s6P5 1VG1wI/O7lbnRdZp/umb3VmNg3ATR4EfS9Pme1GATbg2SV7zEniDxzvT4cKsdTDkpNsO jJGJGU6WWfSr0DVXq64wSxRVTQnBwcse4TTC/L95X2aj9x78ttOaUInPpzH2XQvlpo9E WCGA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :message-id:date:subject:cc:to:from:dkim-signature; bh=YmSH4WeEBLasFK029hFJFejLoqVw7N7yZPY1rCf/FfU=; b=bp89qnwCsYN6BKTxrLn81NGc5WrTsIGdNfxb1DCTO8SvIllm/iFx1bcONvZECcXLRk 5aDam4AG4Be71FnA8YKipaw3STdtMQ8D7AsKkxj/NCA8Ww+TizHodab+z3S7zrJ3zrmz 1wAUwBMbGrKDvxbQIOFFbv2q/36o/2cbreZHNg0Y7wpHGF6Hy1bXrc9qmOFaK03BrdgY MHsJmgwt/rmulFrr2LeTRVnIm8JCcM0B4vxVSlmGvJ30UNg4wwlDguSXGXIZqEEbdjoR qZM4nYBMdzS1D1Er8CKFw/3Sc8FcfEGzPSxmMRavgm64sMd6W16iXhC5Hhyv3mVTPbMv xF6Q== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20210112 header.b=cvFS50Vi; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from lindbergh.monkeyblade.net (lindbergh.monkeyblade.net. [2620:137:e000::1:18]) by mx.google.com with ESMTPS id r19-20020a17090aa09300b001df7d0ea04bsi5101046pjp.137.2022.05.18.00.12.34 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 18 May 2022 00:12:35 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:18 as permitted sender) client-ip=2620:137:e000::1:18; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20210112 header.b=cvFS50Vi; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by lindbergh.monkeyblade.net (Postfix) with ESMTP id 9858871DA7; Tue, 17 May 2022 23:59:21 -0700 (PDT) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231707AbiERG7N (ORCPT + 99 others); Wed, 18 May 2022 02:59:13 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:42850 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231690AbiERG7M (ORCPT ); Wed, 18 May 2022 02:59:12 -0400 Received: from mail-pf1-x443.google.com (mail-pf1-x443.google.com [IPv6:2607:f8b0:4864:20::443]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 5A1664339D for ; Tue, 17 May 2022 23:59:11 -0700 (PDT) Received: by mail-pf1-x443.google.com with SMTP id x143so1286654pfc.11 for ; Tue, 17 May 2022 23:59:11 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=YmSH4WeEBLasFK029hFJFejLoqVw7N7yZPY1rCf/FfU=; b=cvFS50VivsG2a7DUQM7O/jQw4CymgJ9LbNkb818N52p4s2zAa1WFjiS8iB6HMqZRvW 6qDOkWsWqkMxV+IyEMpYo2pRFTd/9TZ5lt8pF0UQyZtcQbsuHTemqTMQVtF/bL483l2c m7G7hqDQnoySGOYbKJka6x2gX3+X4P2/M+4NnZSMPttUt7hHaNBzTkSVcrqYxCxRnnhj FQXcFw6JMAY1/tz6Ad3E85ciWSSTPopjgDX41NV3dfcsJhdHgF5pQ+zN3GlKlPmPCmqX j2tlCJnnLs4PQvIQk5aNrS/AsMO5S3krdBtERgZkrYPZek/lVFVrpm2J6OwlcCy52AyQ GZnQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=YmSH4WeEBLasFK029hFJFejLoqVw7N7yZPY1rCf/FfU=; b=QPSf/TCUXMGdJUR1/UG1VahSio7cNEOMASQCSPj0kStQzL+IxFiDPXgA61oLZYLTiW o0Uk0xhE4JtUyg2G8iUe4GLRfJytN6C4weqt4kU3bJUkFmNp91egb8FKae7pgnJ3/Gey wM1K8FSSqMa5l6XJ27sabc0+5NyB0Gbijpu3qf1qjbj4tmYT5K5ML4RLKpAJyU0Uy9nn N1TL5hSqlbLS3zwFBNraKgNZMYjEo4yXHsA7mUdKtc3e/9o6oJ3AISMRgtQrzjAbB88y qEhB4JWSRgzANKyG1eUdHRoLSFrY78bdNppxpzyUJmi4cn4/vSCpj21MsIbThEE0DK5F Y7/g== X-Gm-Message-State: AOAM531MJ8HMp0hcTuG1jMSU2gv+UZuanupIzN92LM3+5HLRQaTJn+x8 WXgXiYAPkSuHlbNCQ9Xb6F4= X-Received: by 2002:a63:4602:0:b0:3f2:7215:1ac0 with SMTP id t2-20020a634602000000b003f272151ac0mr10925036pga.179.1652857150712; Tue, 17 May 2022 23:59:10 -0700 (PDT) Received: from localhost.localdomain ([103.84.139.165]) by smtp.gmail.com with ESMTPSA id g16-20020aa79f10000000b0050dc76281a6sm990241pfr.128.2022.05.17.23.59.06 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 17 May 2022 23:59:10 -0700 (PDT) From: Hangyu Hua To: andrzej.hajda@intel.com, narmstrong@baylibre.com, robert.foss@linaro.org, Laurent.pinchart@ideasonboard.com, jonas@kwiboo.se, jernej.skrabec@gmail.com, airlied@linux.ie, daniel@ffwll.ch, architt@codeaurora.org Cc: dri-devel@lists.freedesktop.org, linux-kernel@vger.kernel.org, Hangyu Hua Subject: [PATCH] drm: bridge: sii8620: fix possible off-by-one Date: Wed, 18 May 2022 14:58:56 +0800 Message-Id: <20220518065856.18936-1-hbh25y@gmail.com> X-Mailer: git-send-email 2.25.1 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Spam-Status: No, score=-1.7 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,FREEMAIL_FORGED_FROMDOMAIN,FREEMAIL_FROM, HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,RDNS_NONE, SPF_HELO_NONE,T_SCC_BODY_TEXT_LINE autolearn=no autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org The next call to sii8620_burst_get_tx_buf will result in off-by-one When ctx->burst.tx_count + size == ARRAY_SIZE(ctx->burst.tx_buf). The same thing happens in sii8620_burst_get_rx_buf. This patch also change tx_count and tx_buf to rx_count and rx_buf in sii8620_burst_get_rx_buf. It is unreasonable to check tx_buf's size and use rx_buf. Fixes: e19e9c692f81 ("drm/bridge/sii8620: add support for burst eMSC transmissions") Signed-off-by: Hangyu Hua --- drivers/gpu/drm/bridge/sil-sii8620.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/drivers/gpu/drm/bridge/sil-sii8620.c b/drivers/gpu/drm/bridge/sil-sii8620.c index ec7745c31da0..ab0bce4a988c 100644 --- a/drivers/gpu/drm/bridge/sil-sii8620.c +++ b/drivers/gpu/drm/bridge/sil-sii8620.c @@ -605,7 +605,7 @@ static void *sii8620_burst_get_tx_buf(struct sii8620 *ctx, int len) u8 *buf = &ctx->burst.tx_buf[ctx->burst.tx_count]; int size = len + 2; - if (ctx->burst.tx_count + size > ARRAY_SIZE(ctx->burst.tx_buf)) { + if (ctx->burst.tx_count + size >= ARRAY_SIZE(ctx->burst.tx_buf)) { dev_err(ctx->dev, "TX-BLK buffer exhausted\n"); ctx->error = -EINVAL; return NULL; @@ -622,7 +622,7 @@ static u8 *sii8620_burst_get_rx_buf(struct sii8620 *ctx, int len) u8 *buf = &ctx->burst.rx_buf[ctx->burst.rx_count]; int size = len + 1; - if (ctx->burst.tx_count + size > ARRAY_SIZE(ctx->burst.tx_buf)) { + if (ctx->burst.rx_count + size >= ARRAY_SIZE(ctx->burst.rx_buf)) { dev_err(ctx->dev, "RX-BLK buffer exhausted\n"); ctx->error = -EINVAL; return NULL; -- 2.25.1