Received: by 2002:a05:6358:3188:b0:123:57c1:9b43 with SMTP id q8csp72788rwd; Tue, 6 Jun 2023 18:44:42 -0700 (PDT) X-Google-Smtp-Source: ACHHUZ6JvuJ6uYkSrdHapehtG/t/5C+pZhrWAAgFYJa6ps7HSugBjpIT+ueuewsKsthQlpttCzkP X-Received: by 2002:a05:6a20:2591:b0:117:c69b:cb34 with SMTP id k17-20020a056a20259100b00117c69bcb34mr1867042pzd.2.1686102282061; Tue, 06 Jun 2023 18:44:42 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1686102282; cv=none; d=google.com; s=arc-20160816; b=UWHvQyXvnaI1yhHXi1t3yVLmS+VmOIPMzfmRSYuywjpuTGO7U/43EvkD24f0L8nWQY sA5PtiDS/QNWpRk0wt2RYGoHzLvzh4x7Y+KGrYkQbNrD2kApfFAgpRyHBeGoAF3jc85G YFUPRzJOgMZQCujZbkUeynEQHNOpg2BMuyq8fxFl+PJp74dGHXxLDpS/9Pngx2LcL9vg EibD4jpJc84LaQlC0YXH4AnnzWsO86UiUaocLGrvc1KOExZ+HxelgNEB2pfJzS7es2nQ 4y/6d8W5QrTb8zHaZQbf9QV1svWY1yJVdkj0On2G2M+5k4ITRSCiKItt0CLM6iP+ppMq 9QWA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:in-reply-to:from:cc:to :content-language:subject:user-agent:mime-version:date:message-id; bh=QkxWxZyxEf/+L5dyxwWj5jTrTnwoZdAgN9kGLstnNDo=; b=LfZI5dwKIkHyyozkRpahoQSv5atfkb9FALrbJ+oC+2cL+5cL2bsibWS3BTrDFuD3FP GuVPjjhcMayxHTOJDhg1FyJPR90/M/3Wgg4ERFlAIVy0RyGNSlGwBRyu/p9qK24l8C/+ 60tyhOl7TZKa8WY18wkhvh8SDDbagtrlolRwDslAM0m3RYSErL1mWoZVD53m0SNlHm75 VDb2y751VJB0fYL4XP+IsFJOBCeLAMeWr7ROY+iSJXqRkD3bEFO42aiRmMwyYKN9SlJM Srx5/3cqy8FRup2/Iw7qN8CSIx08XCOzukjh78ikcyNvnf0e8NJdNaV5A6XgqNa4OqKB f7kg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id j19-20020a637a53000000b005307b843a98si8141208pgn.53.2023.06.06.18.44.28; Tue, 06 Jun 2023 18:44:42 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S240444AbjFGBRk (ORCPT + 99 others); Tue, 6 Jun 2023 21:17:40 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:57236 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S234661AbjFGBRi (ORCPT ); Tue, 6 Jun 2023 21:17:38 -0400 Received: from mail.nfschina.com (unknown [42.101.60.195]) by lindbergh.monkeyblade.net (Postfix) with SMTP id 726C4E6B for ; Tue, 6 Jun 2023 18:17:36 -0700 (PDT) Received: from [172.30.38.103] (unknown [180.167.10.98]) by mail.nfschina.com (Maildata Gateway V2.8.8) with ESMTPSA id 1C8101800F838B; Wed, 7 Jun 2023 09:17:21 +0800 (CST) Message-ID: <126ba315-196d-ee1e-a781-bf8b510f1ddb@nfschina.com> Date: Wed, 7 Jun 2023 09:17:20 +0800 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Thunderbird/91.8.0 Subject: Re: [PATCH] drm/bridge: ti-sn65dsi86: Avoid possible buffer overflow Content-Language: en-US To: Doug Anderson Cc: Andrzej Hajda , Neil Armstrong , Robert Foss , Laurent Pinchart , Jonas Karlman , Jernej Skrabec , David Airlie , Daniel Vetter , andersson@kernel.org, linux-kernel@vger.kernel.org, dri-devel@lists.freedesktop.org, u.kleine-koenig@pengutronix.de X-MD-Sfrom: suhui@nfschina.com X-MD-Bcc: suhui@nfschina.com X-MD-SrcIP: 180.167.10.98 From: Su Hui In-Reply-To: Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit X-Spam-Status: No, score=-1.1 required=5.0 tests=BAYES_00,RDNS_NONE, SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE,URIBL_BLOCKED autolearn=no autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Hi, On 2023/6/6 23:28, Doug Anderson wrote: > Hi, > > On Tue, Jun 6, 2023 at 12:56 AM Su Hui wrote: >> Smatch error:buffer overflow 'ti_sn_bridge_refclk_lut' 5 <= 5. >> >> Fixes: cea86c5bb442 ("drm/bridge: ti-sn65dsi86: Implement the pwm_chip") >> Signed-off-by: Su Hui >> --- >> drivers/gpu/drm/bridge/ti-sn65dsi86.c | 3 ++- >> 1 file changed, 2 insertions(+), 1 deletion(-) >> >> diff --git a/drivers/gpu/drm/bridge/ti-sn65dsi86.c b/drivers/gpu/drm/bridge/ti-sn65dsi86.c >> index 7a748785c545..952aae4221e7 100644 >> --- a/drivers/gpu/drm/bridge/ti-sn65dsi86.c >> +++ b/drivers/gpu/drm/bridge/ti-sn65dsi86.c >> @@ -305,7 +305,8 @@ static void ti_sn_bridge_set_refclk_freq(struct ti_sn65dsi86 *pdata) >> * The PWM refclk is based on the value written to SN_DPPLL_SRC_REG, >> * regardless of its actual sourcing. >> */ >> - pdata->pwm_refclk_freq = ti_sn_bridge_refclk_lut[i]; >> + if (i < refclk_lut_size) >> + pdata->pwm_refclk_freq = ti_sn_bridge_refclk_lut[i]; > I don't think this is quite the right fix. I don't think we can just > skip assigning "pdata->pwm_refclk_freq". In general I think we're in > pretty bad shape if we ever fail to match a refclk from the table and > I'm not quite sure how the bridge chip could work at all in this case. > Probably that at least deserves a warning message in the logs. There's > no place to return an error though, so I guess the warning is the best > we can do and then we can do our best to do something reasonable. > > In this case, I think "reasonable" might be that if the for loop exits > and "i == refclk_lut_size" that we should set "i" to 1. According to > the datasheet [1] setting a value of 5 (which the existing code does) > is the same as setting a value of 1 (the default) and if it's 1 then > we'll be able to look this up in the table. I think you are right, set i to 1 if i >= refclk_lut_size. I will resend this patch soon. Thanks for your reply! Su Hui > > [1] https://www.ti.com/lit/gpn/sn65dsi86 > > -Doug