Received: by 2002:ab2:6816:0:b0:1f9:5764:f03e with SMTP id t22csp1542036lqo; Sat, 18 May 2024 07:37:57 -0700 (PDT) X-Forwarded-Encrypted: i=3; AJvYcCWZA8Wa0+wwDbr7xCnql9dz510/lDo30SuBksYqesNe/ZkY9/4ZKMXQ0ANITRkcINxUnRreYrMIaj/V7HrcpY+gnoNXSXzccoSbNikwXg== X-Google-Smtp-Source: AGHT+IE5yL0cZdOmDLq3RXOEgH3AlglsxoTgqbqhhKximYkBNZSFrtjS3J9Xjy/C23gyXCKU8qlO X-Received: by 2002:a05:6214:488e:b0:6a0:7d91:1adf with SMTP id 6a1803df08f44-6a1681b9566mr308293286d6.35.1716043076723; Sat, 18 May 2024 07:37:56 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1716043076; cv=pass; d=google.com; s=arc-20160816; b=te7hmKRGG0el8FPX37Acn5PjeOAOXoMTyGA2KuUS0R6t4Yxhgfad2MpUm6ETTn8jI2 J2fOtUQnjEECY0FNiXAUslb6dCPpdw60aJBwuBal3Za5Gim7l2rPnIVAWH4anqMVukYt tbqSc5kOZXW0rmkQMugAeGKnRAcYMQKTpnxzrm4a2cnuDrNsP94B+7tPYX5VJa7gflz4 d3BFlZ5miIzip/f13ff9V4Y6kqinYHEdiEHbYnFOTkDfvl5vAPdVIqXVi5EqImtNfQvS 1d8HUFysS6+7qtP3Z5rw1r0TUSzloj5CmvC3GCSKphlHR/nhFQ1XBVmCGH+qGl345D4B hXsA== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:message-id:date:subject:cc:to :from:sender:dkim-signature; bh=FKsSBBFxiA0ly77raLTlMP1yScB2JsDo1G9Qw1p73GY=; fh=CgHqwZOgl0ivw7zzIrFnnuZFVjHU7TNyUQML+2o2Zz8=; b=c78mPfiXUcH5FBslabIQNUUV74hKSJSUmUyitcFaBqBaLCp65OWv/0bRqjOvJUAB4J i+VqU/BmzcV9Kv5YBm9/hIhvh4XDVIscI8Ks0CwSkVG2uQuVX2DzjuTK70bGqtLNLAbo Guoh0eW+MRNZFSZTvWNBWyTo4rgtT0NIzAK8vxnsP7YcVmC23/vifid+tDYuwdVKBRCD 1qoEbIHUCx1pngUaeQbsxURbtPu6o0+uYA4yv3Kja5tykLfyBUfbGBn7epH+B4LAwWSw Pfrkie1PkbvoxfYb4WYUdS0egf6iReqFUhvPSr2s6NJApOHyiNGA5k3MsCW03m2WPZlr 0i1w==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@gmail.com header.s=20230601 header.b=CpYoODkd; arc=pass (i=1 spf=pass spfdomain=gmail.com dkim=pass dkdomain=gmail.com); spf=pass (google.com: domain of linux-kernel+bounces-182895-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.199.223 as permitted sender) smtp.mailfrom="linux-kernel+bounces-182895-linux.lists.archive=gmail.com@vger.kernel.org" Return-Path: Received: from ny.mirrors.kernel.org (ny.mirrors.kernel.org. [147.75.199.223]) by mx.google.com with ESMTPS id 6a1803df08f44-6a15f2b7492si211235416d6.379.2024.05.18.07.37.56 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sat, 18 May 2024 07:37:56 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel+bounces-182895-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.199.223 as permitted sender) client-ip=147.75.199.223; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20230601 header.b=CpYoODkd; arc=pass (i=1 spf=pass spfdomain=gmail.com dkim=pass dkdomain=gmail.com); spf=pass (google.com: domain of linux-kernel+bounces-182895-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.199.223 as permitted sender) smtp.mailfrom="linux-kernel+bounces-182895-linux.lists.archive=gmail.com@vger.kernel.org" Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ny.mirrors.kernel.org (Postfix) with ESMTPS id 5AB0A1C20C7C for ; Sat, 18 May 2024 14:37:56 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id C6FAF41C79; Sat, 18 May 2024 14:37:49 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="CpYoODkd" Received: from mail-pl1-f178.google.com (mail-pl1-f178.google.com [209.85.214.178]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 5D9BE125CC for ; Sat, 18 May 2024 14:37:47 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.214.178 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1716043068; cv=none; b=rM4ikVBNMhU1UCO1LLNFmlai2z7k87PWL8GyWVDeeJmdY9UxEmtasT8olrE+7BhuiDsxQmAdpSWxnpkDldxnqo1lKr4b9oa1wzoCRkbZ8UJt43k0E7idVXwd5huS38qu2OWxgsz7JwtQICEri2zim8MqXSEEuHWx0TIPDgxDQpY= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1716043068; c=relaxed/simple; bh=7OkjQ0L79LzNPtTFobFn/mgjZvvIp7YvqAVVik9RRyY=; h=From:To:Cc:Subject:Date:Message-Id:MIME-Version; b=vGCR9VAunjEYQddgZiyyFSCxqT0+zTr79np9OhzBZH+WgaYtpAl249EtrfplED0NR/T9yCB51aowSBI9N/xsyb22d3guldI2P5eh3KpUsBRgNLb+9275HhZOX8HRtl2svLXTSMe76IY/g55zb1KeA4cbEZCaYeqFToRFc0rv8Jk= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=roeck-us.net; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=CpYoODkd; arc=none smtp.client-ip=209.85.214.178 Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=roeck-us.net Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Received: by mail-pl1-f178.google.com with SMTP id d9443c01a7336-1eeabda8590so33978745ad.0 for ; Sat, 18 May 2024 07:37:47 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1716043066; x=1716647866; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:sender:from:to:cc:subject:date:message-id:reply-to; bh=FKsSBBFxiA0ly77raLTlMP1yScB2JsDo1G9Qw1p73GY=; b=CpYoODkdcrK2h/AACWuDxz1ff2r/8CyLzHluQ5PY3u5AbspK+bn8HLvjnpX7aZlF0T 1swHtjnK3y03Cm0cA6jUAQxfP2ix9Txn5u/nw10rkK5IR7stFSlRDcv3LWsqdoAFH3hx osUHgbDdIY0cDoEoAYzZ0cbTlLlJHfx16Dx/EbwYIAA7RbR6hfAG5t1djR5Q3XMT3IMj /iPvfD4jF4RwVo+sa6m54A2Z3BAudZkicqvf1tMc4X4OD+YQhCU0YnvB0drdcilkXVOR Zwp7+h18Rt2MGDxEoizue6kA9oe4Z4bWRUvBrt9CLqXvW4TkIKeFkcRZde9zMivzSRJ+ mFew== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1716043066; x=1716647866; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:sender:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=FKsSBBFxiA0ly77raLTlMP1yScB2JsDo1G9Qw1p73GY=; b=aDK3i7mxDtfw6HKg8g9L1J0EKE++PzIHxD5tbnc/v2jv4K2p3oY8qLSorxMZ0hPM0j wrQLG/oMi738sn+bF90a2ClQmJ9l8JWJ/pddX17hQ3m45pAJj84fOH9GGvO5BnEJzlSa qTLhzsj9CDL7mEtPUtQu8CrBuga30+Ayabk8R1Mto4HnjyGdOcE0wmdiJDWp3eu+EIuu oeBffrBeduVcvlAz+BerVJhac7GTiMPJ2nHPPfFqD2jJaY/TQeoPW+YMAV7OGDlR0uV5 hOuPdI2X9uJheQZRDtaeYIYwgYvx6juozBnn7sePqOfkdkrLL5uktxJlJRvZcb8adOgG 4IAA== X-Forwarded-Encrypted: i=1; AJvYcCW2cw8Hbq5hxvoCZAZ/ou6K7Xufo3Lw0fsZVGeBX/pMfPG8Rw4jMbsqBo73P1Pfikx5BlFS+OPiRxQv/J83Iln+PveuWFH/9VxUonMY X-Gm-Message-State: AOJu0YwyAPrKdacmKS/DwndS6Kv8M8bDK7QtoJpUIiM7VDEt4RIXj13y 9i0kgGmdV9AS+9Hjd1kU+IhoqWevugT2th67CD7nyAZ9H9unku1q X-Received: by 2002:a17:902:ecd2:b0:1e3:cf2b:7151 with SMTP id d9443c01a7336-1ef441a6e2cmr283064855ad.59.1716043066561; Sat, 18 May 2024 07:37:46 -0700 (PDT) Received: from server.roeck-us.net ([2600:1700:e321:62f0:329c:23ff:fee3:9d7c]) by smtp.gmail.com with ESMTPSA id d9443c01a7336-1ef0bbde9d7sm178417435ad.106.2024.05.18.07.37.45 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sat, 18 May 2024 07:37:45 -0700 (PDT) Sender: Guenter Roeck From: Guenter Roeck To: David Airlie Cc: Karol Herbst , Lyude Paul , Daniel Vetter , dri-devel@lists.freedesktop.org, nouveau@lists.freedesktop.org, linux-kernel@vger.kernel.org, Guenter Roeck , Javier Martinez Canillas , Jani Nikula , Thomas Zimmermann , Danilo Krummrich , Maxime Ripard Subject: [PATCH] drm/nouveau/nvif: Avoid build error due to potential integer overflows Date: Sat, 18 May 2024 07:37:43 -0700 Message-Id: <20240518143743.313872-1-linux@roeck-us.net> X-Mailer: git-send-email 2.39.2 Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Trying to build parisc:allmodconfig with gcc 12.x or later results in the following build error. drivers/gpu/drm/nouveau/nvif/object.c: In function 'nvif_object_mthd': drivers/gpu/drm/nouveau/nvif/object.c:161:9: error: 'memcpy' accessing 4294967264 or more bytes at offsets 0 and 32 overlaps 6442450881 bytes at offset -2147483617 [-Werror=restrict] 161 | memcpy(data, args->mthd.data, size); | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ drivers/gpu/drm/nouveau/nvif/object.c: In function 'nvif_object_ctor': drivers/gpu/drm/nouveau/nvif/object.c:298:17: error: 'memcpy' accessing 4294967240 or more bytes at offsets 0 and 56 overlaps 6442450833 bytes at offset -2147483593 [-Werror=restrict] 298 | memcpy(data, args->new.data, size); gcc assumes that 'sizeof(*args) + size' can overflow, which would result in the problem. The problem is not new, only it is now no longer a warning but an error since W=1 has been enabled for the drm subsystem and since Werror is enabled for test builds. Rearrange arithmetic and add extra size checks to avoid the overflow. Fixes: a61ddb4393ad ("drm: enable (most) W=1 warnings by default across the subsystem") Cc: Javier Martinez Canillas Cc: Jani Nikula Cc: Thomas Zimmermann Cc: Danilo Krummrich Cc: Maxime Ripard Signed-off-by: Guenter Roeck --- checkpatch complains about the line length in the description and the (pre-existing) assignlemts in if conditions, but I did not want to split lines in the description or rearrange the code further. I don't know why I only see the problem with parisc builds (at least so far). drivers/gpu/drm/nouveau/nvif/object.c | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/drivers/gpu/drm/nouveau/nvif/object.c b/drivers/gpu/drm/nouveau/nvif/object.c index 4d1aaee8fe15..baf623a48874 100644 --- a/drivers/gpu/drm/nouveau/nvif/object.c +++ b/drivers/gpu/drm/nouveau/nvif/object.c @@ -145,8 +145,9 @@ nvif_object_mthd(struct nvif_object *object, u32 mthd, void *data, u32 size) u8 stack[128]; int ret; - if (sizeof(*args) + size > sizeof(stack)) { - if (!(args = kmalloc(sizeof(*args) + size, GFP_KERNEL))) + if (size > sizeof(stack) - sizeof(*args)) { + if (size > INT_MAX || + !(args = kmalloc(sizeof(*args) + size, GFP_KERNEL))) return -ENOMEM; } else { args = (void *)stack; @@ -276,7 +277,8 @@ nvif_object_ctor(struct nvif_object *parent, const char *name, u32 handle, object->map.size = 0; if (parent) { - if (!(args = kmalloc(sizeof(*args) + size, GFP_KERNEL))) { + if (size > INT_MAX || + !(args = kmalloc(sizeof(*args) + size, GFP_KERNEL))) { nvif_object_dtor(object); return -ENOMEM; } -- 2.39.2