Received: by 2002:a05:6358:53a8:b0:117:f937:c515 with SMTP id z40csp503820rwe;
        Wed, 19 Apr 2023 01:48:59 -0700 (PDT)
X-Google-Smtp-Source: AKy350Y5oKFC8mEVGcefavJKbkXK6P8ZgSRjQf93m9NwItAKZdPZDMpp8xuc2e7+/1M9w5hUPyLU
X-Received: by 2002:a05:6808:319:b0:38e:2879:735b with SMTP id i25-20020a056808031900b0038e2879735bmr2327707oie.34.1681894139258;
        Wed, 19 Apr 2023 01:48:59 -0700 (PDT)
ARC-Seal: i=2; a=rsa-sha256; t=1681894139; cv=pass;
        d=google.com; s=arc-20160816;
        b=d7Y3takDONqNRsnMAbYZt5E5n7carp1n0UUgNz0mGuIS/sMh1LXGbtziQjA94zR0A2
         EP+Q0Wj2YiwqzVuSx1X2U+3YRUBq3ygbCb7kJKxfLsgGQ+DMG/0wUIib17oxDDkrAwy5
         1ps/asLZjC9dpAqJ5JEVsXhp5vk/dM5VVr0kZ2GKLOWYX8GmjH+q0IXxaZqXeDHDBOdz
         /CIrPbqzYbBPNUTLwX8g9ZbG3R60hdciuEL68Vw5oJtdW0PwjOCN/6hXSgyu9jBSsVcy
         ipyuQiCclkr8yIfXZNLb8U5281csnFi79TlCzzjBv3wXvYr7cls0GgHjgDO0XXIKKvbw
         L/Xg==
ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:mime-version:content-transfer-encoding
         :in-reply-to:from:references:cc:to:content-language:subject
         :user-agent:date:message-id:dkim-signature;
        bh=kMQSielGWYbG6fEUE9RFMlXGsHRTixRMPU/s7olHq3c=;
        b=GooiJ9Egqk65IR8dugvVJoCsEL7zvcCHc4WnpEQHsgJas8ASNeLoFn7o24uVvXNGR1
         pBI5YAA7WSfxSe6NWxrFrxafWmGp8D/3Or/nNC+sU9hnFu/UxIOw6pJEIrhKyuQryduC
         RJoM3E2PkoB0pENHv7ysQSPHJD4oV3TAy6Jsoy75sypUuNhyv/qEIxP015q1Nhz89qLL
         l9pYuTYZNYymw9QZ0Uu8+0Y/rtIr9c8AueSnHs2vdTKCk3rsDVY2gqcWxDkd/UtyMu+7
         R+E+9qKObDyhIZgTXQoRzOtGHOIo+9F++JPS8eROa5ONwZmV3vZg/fD5jScOC0CvQTiE
         ZBpg==
ARC-Authentication-Results: i=2; mx.google.com;
       dkim=pass header.i=@amd.com header.s=selector1 header.b=aFdfC1pj;
       arc=pass (i=1 spf=pass spfdomain=amd.com dkim=pass dkdomain=amd.com dmarc=pass fromdomain=amd.com);
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=amd.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20])
        by mx.google.com with ESMTP id u13-20020a056808000d00b00386ca35e7aasi13858780oic.305.2023.04.19.01.48.46;
        Wed, 19 Apr 2023 01:48:59 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@amd.com header.s=selector1 header.b=aFdfC1pj;
       arc=pass (i=1 spf=pass spfdomain=amd.com dkim=pass dkdomain=amd.com dmarc=pass fromdomain=amd.com);
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=amd.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S232710AbjDSIii (ORCPT <rfc822;asglitc12@gmail.com> + 99 others);
        Wed, 19 Apr 2023 04:38:38 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:48818 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S232682AbjDSIif (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Wed, 19 Apr 2023 04:38:35 -0400
Received: from NAM10-DM6-obe.outbound.protection.outlook.com (mail-dm6nam10on2070.outbound.protection.outlook.com [40.107.93.70])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 8A36E7686;
        Wed, 19 Apr 2023 01:38:33 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;
 b=oCoKr9jOf2ECfAX+ml041kNXeEB0v6niu64CB1g9/61ZJ06sSJNH5VSV8UYFXN2r9o/XfBKIU8Jimv8diuhaGi4EtgCam64myDuB7HwUN8QmKPXIYDM7JJnB3mWiNpJUJEOk3VObWECdoEf/27nbq48qW26Wjz/NvU6WjW7VPQquITRVIZKy5Z8yhDiFxL9kbxGjr8q3PE4gO0NHJV6kkyFvZU9VysRKiJVtkYU/58aHjhHfA94WMd001t+fD+cNFGjhwUHVeJ9sjZjbotjS9cdX+GgGmNzgW9Mu4K1qaAFs89KIdd/Ec/ZS9kSXRS8uXNYezPBCLVVq7C/9sKs9mg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
 s=arcselector9901;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;
 bh=kMQSielGWYbG6fEUE9RFMlXGsHRTixRMPU/s7olHq3c=;
 b=Zx+Xzsb2hqBBS/Uba0HHgJMQZ4W7QmWGy2E0GhswLH9OQ9UI4ECrhhw71MJoVfploLXbYfgBa0Ox77Z6EVtOp3rZHGU/RdMtdZNBuQgZ3eTG1JSAFub+x22BdcqlwVpRTaBGOJ34CVnzy2a0L+BExwvcwnTBVh9uxWfxBWyg5UsKlCcoKhKYZ9IqJ3T/dgIhb1oH348tvXOkOw7aFxiv1PGosdJSlsF8Qxdh3OPPJeztXwUByb7Di6+Ms1F/EFImEG6QtN3OroWKqZrBrByoU9fzfXz0MXT4pDMsLv+sw+WcTd2g/8RZ0JCkqB1GgLo+qv4xYNaIrYbXZA6ZCkBelg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass
 smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass
 header.d=amd.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
 bh=kMQSielGWYbG6fEUE9RFMlXGsHRTixRMPU/s7olHq3c=;
 b=aFdfC1pjUKmuYNeBRFgIwj7VGfVtC5ozVnc0uktOtcSSAJ1D9s2XZ9mQktI8ZMjexLJX6AVVPih1Xw9uFycRGEI6kCG3bb87kZX/rtGAWmzBchYwvnIJh/dwV81VlSN2Q11ROH4sMfs9bRl4kTOTKvov7bsf24AVuZA4uVnp7CM=
Authentication-Results: dkim=none (message not signed)
 header.d=none;dmarc=none action=none header.from=amd.com;
Received: from BN8PR12MB3587.namprd12.prod.outlook.com (2603:10b6:408:43::13)
 by MW3PR12MB4427.namprd12.prod.outlook.com (2603:10b6:303:52::10) with
 Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6277.49; Wed, 19 Apr
 2023 08:38:31 +0000
Received: from BN8PR12MB3587.namprd12.prod.outlook.com
 ([fe80::d2f8:7388:39c1:bbed]) by BN8PR12MB3587.namprd12.prod.outlook.com
 ([fe80::d2f8:7388:39c1:bbed%3]) with mapi id 15.20.6319.020; Wed, 19 Apr 2023
 08:38:30 +0000
Message-ID: <5eae1b0d-a917-fc28-16ba-29bff612caac@amd.com>
Date:   Wed, 19 Apr 2023 10:38:25 +0200
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101
 Thunderbird/102.10.0
Subject: Re: [PATCH V2 2/2] drm/amdgpu: Fix integer overflow in
 amdgpu_cs_pass1
Content-Language: en-US
To:     hackyzh002 <hackyzh002@gmail.com>, alexander.deucher@amd.com
Cc:     Xinhui.Pan@amd.com, airlied@gmail.com, daniel@ffwll.ch,
        sumit.semwal@linaro.org, amd-gfx@lists.freedesktop.org,
        dri-devel@lists.freedesktop.org, linux-kernel@vger.kernel.org,
        linux-media@vger.kernel.org, linaro-mm-sig@lists.linaro.org
References: <20230419082705.4110-1-hackyzh002@gmail.com>
From:   =?UTF-8?Q?Christian_K=c3=b6nig?= <christian.koenig@amd.com>
In-Reply-To: <20230419082705.4110-1-hackyzh002@gmail.com>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
X-ClientProxiedBy: FR3P281CA0011.DEUP281.PROD.OUTLOOK.COM
 (2603:10a6:d10:1d::17) To BN8PR12MB3587.namprd12.prod.outlook.com
 (2603:10b6:408:43::13)
MIME-Version: 1.0
X-MS-PublicTrafficType: Email
X-MS-TrafficTypeDiagnostic: BN8PR12MB3587:EE_|MW3PR12MB4427:EE_
X-MS-Office365-Filtering-Correlation-Id: 4af3334f-7afd-47e8-aba2-08db40b1743d
X-MS-Exchange-SenderADCheck: 1
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: obqFg6GI3vahOYG62PfdDlTJ98PFXu2LgNdaxXpr+gghZ8ie8iXYEAQDX1jZOl7l5znmEx8vUZe63Z5Le8tmV/uJHwkGJx2G6cSZkVuqr199Vz6f///hfXlbNGFGpFJiSKoikV25gqeJG8Wcx5C/vB8tmO0bawGBqmO4oyfCapcpEWLTXeVYwG+9iDwpxYnI6ftzu43F6M9EDMPcQ65XLnjpqZoo0KMZSLwIZEHrPQSr4m0zhdA3KjjzxamOG8xBu9e0UdnxnUhVA0FG0dn9A2c6ti06hnGtUcex4PXnOp8yZZbs56Sa7Gn0G22I1YdYSt0ZHx0WjD8f/HCGpOS8gBRSlm+wsxdFuiltAtUzHwGx0LOX+rhVFMWG5sRhUQf7ra24YafqT0X2aMs10NZqWLMuVP9+TAeTWAAK8oCRP1+/8K5aACItvMOWwRIkGZyqVfjgv9p6F7DtrO/m0cu39YtNc72f0rUKXnpsy2P1i1EepeeMrURWHIJWVSgeSBP/rq98pwGHDRjmffLyYWKPqOC8fc6AzmhHqzp7/A7qzGX38pN57fe9Yp662zgzsp7AIxXz/P65jaxw4O3TH75ehu+PNdnIuU9U7PYii3l06HM66MSu+DP9KWm7h4lgunWFvewvRnQGXR+DPNXx2NjJ6Q==
X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:BN8PR12MB3587.namprd12.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230028)(4636009)(39860400002)(346002)(366004)(136003)(396003)(376002)(451199021)(31686004)(36756003)(5660300002)(38100700002)(2906002)(8936002)(86362001)(31696002)(66556008)(4326008)(66946007)(66476007)(41300700001)(8676002)(6486002)(83380400001)(6506007)(478600001)(316002)(6512007)(6666004)(186003)(6636002)(2616005)(43740500002)(45980500001);DIR:OUT;SFP:1101;
X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1
X-MS-Exchange-AntiSpam-MessageData-0: =?utf-8?B?YXFXN1Z3VXZYZHIwN2c2RlpIVGtuNnVDeHNMMGdZZkJJQWpuM2pWN0NJeVRM?=
 =?utf-8?B?cWFFNENJTFpkTkhBZG9zMWVkQ2R5RFc1dnlLSTBjTkVWQ0NxZkFsN3E4UDB1?=
 =?utf-8?B?Tmx6WlZkYW0rU1RKbzkzYTBhVmdLSGdZSnJ4TTRybzcrRThhdzZSMnovNWRu?=
 =?utf-8?B?SFhSUkl6QzZUc3hsaTdCOWFhenZhZ3NuNE1CbmVodXVFajYzUDhNQzVKNWxL?=
 =?utf-8?B?bVh4d1lQTnAyNDJqSjQ5SzdtMXRESXJaTU1ZZW5nSzhWbEF0cHdEc0lzNit5?=
 =?utf-8?B?ZU5IWUdxQStUNHJoeWxvQzJNZ1dobUFFUG01Y2NVZFRvbzB6VWJuYkIycTQ2?=
 =?utf-8?B?YVh3MTJVNXhLOVo1TWpoTi9LTGV6dkl3a3FvVmN6aUpsRjlUNWY3V3c2aUQw?=
 =?utf-8?B?V0hVUFVxMDFNWkhmcFhGVlJ1UXc3SWEzMmVlblNXNW10amRoai9GWCt0Q1Zn?=
 =?utf-8?B?ZDF1cjh0QUsveEVoYXBlMDlxZEU5dFZzWnh4aTBVeWVjbXJnekh1OEw5dHhD?=
 =?utf-8?B?T2toZG0xZWh4dGhLWE5nV2hPOXkrLzVhRHYxNnV5d0FhRTNkSlNPQWk0bVJ3?=
 =?utf-8?B?WmJtQzY0VzU0c2M3QTUwejFvOCtrOVRJVTA5aWYycXFrenFqWkFCVHVzNG9v?=
 =?utf-8?B?b0YrVHVxdnBXN0FtMi83dVVrSmJRVDhuY0YvVlU0VmdhZ2VnMmxnZUxsc0dX?=
 =?utf-8?B?NEFIKy84UzBnQUcwa3VhMzNqR2hhN0VEOVcxcmxrR1lkMTRXa3RFM29pRFhl?=
 =?utf-8?B?bzRnMURxU0tHQ1R2VktZc3IzcS9rMFNPMzY2SnJYWkIyTmVpOUhzMUZEODhP?=
 =?utf-8?B?SXNjVUZpT0tSUWg2UTc1RjdGQ1pVaS9jMDZXcUMzamJrY0orYmtWZDlNUjRr?=
 =?utf-8?B?M3Y3c2JZeVltc2E3eFZGMHpENENFUzJWaHlpQkpWVGNWNklFSHpwUjdIbkN5?=
 =?utf-8?B?eGdDVWVjNFVoVStqVGxqU3pqKzVMcW0xV0tCMjZKd3V0RnVzbVQ3SWZDOXRq?=
 =?utf-8?B?c0VvNnJnY2V2Y3VYQ2RjZFZxUjhzY0NGTGdEbXVlcDVGS2lHK2w5SlcrbEtw?=
 =?utf-8?B?T2NPdEkzTDJMd04yYm05amZWbHpUOEpxeEZwSk13QVFYNzAzR2U4Z21kMlJP?=
 =?utf-8?B?TDc2dUFEbXAyT0N5Qlk2NEhJckxpRTVzZDg1MDhEdlBodEl3TUgzMTNOTzYy?=
 =?utf-8?B?OUhKTnd1SWFnMHpGQ25OY3hyNWVNSjhzK08vMWFjcmJvS1Z2OGdpM29LREhS?=
 =?utf-8?B?Z0xFUzROc29zRDRPKzRwZ0w5dmc5VDg1TWxHNkYreVB6Vlc4dEFzUHBFMm1V?=
 =?utf-8?B?d3BjYjN0VVdXazFNNlFaWkZxaEQ5SGNUUUd0ZDd6clZlUmE4ejZtRjVuU0pL?=
 =?utf-8?B?N200WWpBcDJ5aEl0UU1nNzlvWHg2OERKWDh5ZHA0V2hJSkdVcjR4LytpQWxS?=
 =?utf-8?B?cVViVmlRZGhIKzNpeFIrZWU0M0xGRFFVano0UU4yVVBhZGVZeUtadUU2R3lX?=
 =?utf-8?B?aGpobVlzeTg3MkFibTM5MjhycmpOLzR4MFZqckoyaUhZMERwQ2dLV1lKUlVl?=
 =?utf-8?B?aGtQa2tFSVFuNDcvYkNKWjA3b1I0eVpYNmVjMVhvL1BHYUtsQzRaOEwxT3l1?=
 =?utf-8?B?Z0p5bVFKcnlUVXllSVBUWm44VnNweGJWSGxoa2w5THVZUFNJYjI5NHNIcmNl?=
 =?utf-8?B?UVhrbEgyTzhlakk4UFVkdU5BQ2R4U3U0bnBOV0xkWWhkOFZZY2NVSFNkR05a?=
 =?utf-8?B?WmlwS0crMlpweEp3cjdHNWdPVHdyZldTV0xZdzdhS2FrQWtIQ1lmTWtwa3Jr?=
 =?utf-8?B?UmRpU0MvN1FoWGIvMjNvL0hLT0hLd0U3RDVyaUk4R1RPcW1wbFVueHlTZlhv?=
 =?utf-8?B?dWsyRHhnQmo4a1E2K0tCdHlXT1A4b253ZHF0OXUvL29ZRjlkWnJRNEtLdSsx?=
 =?utf-8?B?WXNrVEhFTDEra29WS2owVitob1dOaXRRcGpqWmVNRU9lRDZiaGlKUnVtM0ZH?=
 =?utf-8?B?V25PaWtUWmZvUFg2eGpzMzBwSG1nYWx2QkVMcTVBMFVTeHhOUmRaN1gxMXZk?=
 =?utf-8?B?WkZYbXNITUovZTdGd0d4azQ3ZnNuS3FSaUFlTmp2NUNaU2Jpd2kyUm1nWGxK?=
 =?utf-8?B?eUNYd2pqSE5JVC9MakloYVZyaUhhV3o0cXJ4ZG5WSVBoejlDQTZTTzd1RkNQ?=
 =?utf-8?Q?Ca3sU4G2FPQ3Yc5rR7d2Hw52AyjLAy7bQEVXm3+DWMg6?=
X-OriginatorOrg: amd.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 4af3334f-7afd-47e8-aba2-08db40b1743d
X-MS-Exchange-CrossTenant-AuthSource: BN8PR12MB3587.namprd12.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 19 Apr 2023 08:38:30.9065
 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d
X-MS-Exchange-CrossTenant-MailboxType: HOSTED
X-MS-Exchange-CrossTenant-UserPrincipalName: Rv6Lmk51nwVmaJIyYwkPWICKKnAhCzdP9YiilO299FrRqfXamc9BLxJeI7Msdst6
X-MS-Exchange-Transport-CrossTenantHeadersStamped: MW3PR12MB4427
X-Spam-Status: No, score=-3.7 required=5.0 tests=BAYES_00,DKIM_SIGNED,
        DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FORGED_SPF_HELO,NICE_REPLY_A,
        RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H2,SPF_HELO_PASS,SPF_NONE,
        T_SCC_BODY_TEXT_LINE,URIBL_BLOCKED autolearn=ham autolearn_force=no
        version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
        lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

Am 19.04.23 um 10:27 schrieb hackyzh002:
> The type of size is unsigned int, if size is 0x40000000, there will
> be an integer overflow, size will be zero after size *= sizeof(uint32_t),
> will cause uninitialized memory to be referenced later.
>
> Signed-off-by: hackyzh002 <hackyzh002@gmail.com>
> ---
>   drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c | 4 ++--
>   1 file changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c b/drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c
> index 08eced097..c17b3af85 100644
> --- a/drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c
> +++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c
> @@ -192,7 +192,7 @@ static int amdgpu_cs_pass1(struct amdgpu_cs_parser *p,
>   	uint64_t *chunk_array_user;
>   	uint64_t *chunk_array;
>   	uint32_t uf_offset = 0;
> -	unsigned int size;
> +	size_t size;
>   	int ret;
>   	int i;
>   
> @@ -235,7 +235,7 @@ static int amdgpu_cs_pass1(struct amdgpu_cs_parser *p,
>   		size = p->chunks[i].length_dw;
>   		cdata = u64_to_user_ptr(user_chunk.chunk_data);
>   
> -		p->chunks[i].kdata = kvmalloc_array(size, sizeof(uint32_t),
> +		p->chunks[i].kdata = kvcalloc(size, sizeof(uint32_t),

Again, please drop that part of the patch. This is superfluous.

Regards,
Christian.

>   						    GFP_KERNEL);
>   		if (p->chunks[i].kdata == NULL) {
>   			ret = -ENOMEM;