Received: by 2002:a05:6a10:9848:0:0:0:0 with SMTP id x8csp4276837pxf; Tue, 30 Mar 2021 03:58:07 -0700 (PDT) X-Google-Smtp-Source: ABdhPJy8YN3aMlyX2WFuOmC7GbQ8uXxfGJa7Zzp2gdSoK0KMdnSeylv/AgrUYXYXlJ/oxgmbQpJk X-Received: by 2002:a17:907:c16:: with SMTP id ga22mr32823047ejc.120.1617101887196; Tue, 30 Mar 2021 03:58:07 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1617101887; cv=none; d=google.com; s=arc-20160816; b=jey7w5khuK4jURl3Krj6kJ2CeL02BFNceoJn/t6/Yb/LijaT6HJXNYLhTwn2mKf7jt HGgaeYg6LOmu/jeKDI46KR1FmBESDtKo6uBBpScqDP7Mbn7kKWz1Cb1C/hTLtXRzizPR 3KjCp06mh+qFzSMP4BrbdW0T8jL54wrNFHmaId6tC7s7VGhWTqYew2Q0eNiEWXCbgAb2 yKV/CRETwz9KykiKsWdSyND8J/yKVor2C+FNikM6BWO80uT/fXQWn1uI4NPwtUpf2KQo w+I5NqWomrGxhDOLhrGN9aWgO0xqcCIjEkq0iYlKxvWqzG1nJcEE2e0Q2eY9gRs8VrFW cWYg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:content-language :in-reply-to:mime-version:user-agent:date:message-id:from:references :cc:to:subject:dkim-signature; bh=rYqzNHiuAl/aoLjb89NUxhkCMXfILPBrl172tqHnnHE=; b=v1vVCHwr5uVfBFZaimVvWb684ArbWM2crjsfhiMaMDPvn6aFK0CsGIzT2IHZxf5yQd DUaBjlJjMvQjzdwOWeFPFJXET4D+8dnd7P+5Nl0hS7HwjVJ7bJsM9QHTKrwzPQzLQtPy zbbaZk3ffCJylfPbIlByAflgKxIgdcVH0aIfEqgBtueGW84V67hCzDjMpTOqar+7UQBL JdvzvjAR5gCgkmy5hkU5CE9W09iuvmKPgSBFUX/W1QO59J9OENUhX84xh0GeV4aD4L0Y hxhIB71+C8TG7fjFxhZzJCJWOboGbs5AkESXvdwtODcKWQE4rQagZr4iYmud2Zd9MIoB LboA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=CNfyjNv8; spf=pass (google.com: domain of linux-wireless-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-wireless-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id cf5si14469211ejb.346.2021.03.30.03.57.40; Tue, 30 Mar 2021 03:58:07 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-wireless-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=CNfyjNv8; spf=pass (google.com: domain of linux-wireless-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-wireless-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231607AbhC3K5E (ORCPT + 99 others); Tue, 30 Mar 2021 06:57:04 -0400 Received: from us-smtp-delivery-124.mimecast.com ([216.205.24.124]:35818 "EHLO us-smtp-delivery-124.mimecast.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231835AbhC3K44 (ORCPT ); Tue, 30 Mar 2021 06:56:56 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1617101815; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=rYqzNHiuAl/aoLjb89NUxhkCMXfILPBrl172tqHnnHE=; b=CNfyjNv8F23LnMAJNDnUNFKhwn/+7qb3AMe4+LBSVke3MjdtxoflURxkmkRK1pxz29h/wa vnfIkHKNay0CZroZ6iXTvyo6Xn63R2rHoOCxuLAkmRYilhPRBTOBrNjn4OI/wGtZljeK1R LcBsMTqOVdAh6cAaCzlQRs3q0Qh8TMU= Received: from mail-ed1-f69.google.com (mail-ed1-f69.google.com [209.85.208.69]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-259-ANVnPm96MbSxruzHq9CUaQ-1; Tue, 30 Mar 2021 06:56:54 -0400 X-MC-Unique: ANVnPm96MbSxruzHq9CUaQ-1 Received: by mail-ed1-f69.google.com with SMTP id o24so9985312edt.15 for ; Tue, 30 Mar 2021 03:56:53 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:to:cc:references:from:message-id:date :user-agent:mime-version:in-reply-to:content-language :content-transfer-encoding; bh=rYqzNHiuAl/aoLjb89NUxhkCMXfILPBrl172tqHnnHE=; b=qWJ0njSp16H9y7PNWil/UayD+HF74FbcoPuIxH4sTwkbCVO5pNyOTXrIpMdo0eIjaU 2RDEouH+3xfYZb4xg4uRMheI0l2r0kVycDOcGujBvdfaFaPpjQcsT3xl5Xe3SvHLjGp+ plVjN8mm0IBZb/GdLchRrGYgtOdh4uIfbBoZlg+wcEmObHIa26AA2aR1r4wz0xZF7bIp PKPMtyffE4o4Da0NxWDI8gVAWU6tULUrhLsOt74IAeuCAT7In7ORtoyIusqURmQWBDIC 6kmq0p9VMzvomElVnLStvxk9nbi9/OXIT3MfgOdto4DEWJe6+gLBlTKFuKvyz/ES75NG DITQ== X-Gm-Message-State: AOAM532lzZwuAqcWifXWaFnymJ1eu1LGMekrU51YnhQuvwAy5dV6E1/w TRjbwXO4j8RsB5iazkjfJd3/Ec9qntB4WGDAcDusJoM2CBdpw1ujH5uboRluYyY7MQ3fFIKxa8/ +TY/UIJZqdQIrd2VNY7YIIefLRHk= X-Received: by 2002:a05:6402:270e:: with SMTP id y14mr32945883edd.283.1617101812709; Tue, 30 Mar 2021 03:56:52 -0700 (PDT) X-Received: by 2002:a05:6402:270e:: with SMTP id y14mr32945855edd.283.1617101812562; Tue, 30 Mar 2021 03:56:52 -0700 (PDT) Received: from x1.localdomain (2001-1c00-0c1e-bf00-1054-9d19-e0f0-8214.cable.dynamic.v6.ziggo.nl. [2001:1c00:c1e:bf00:1054:9d19:e0f0:8214]) by smtp.gmail.com with ESMTPSA id gq9sm5631143ejb.62.2021.03.30.03.56.51 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Tue, 30 Mar 2021 03:56:52 -0700 (PDT) Subject: Re: [PATCH 11/11] [RFC] drm/i915/dp: fix array overflow warning To: Arnd Bergmann , linux-kernel@vger.kernel.org, Martin Sebor , Jani Nikula , Joonas Lahtinen , Rodrigo Vivi , David Airlie , Daniel Vetter , imre.deak@intel.com Cc: Arnd Bergmann , x86@kernel.org, Ning Sun , Kalle Valo , Simon Kelley , James Smart , "James E.J. Bottomley" , Anders Larsen , Tejun Heo , Serge Hallyn , Imre Deak , linux-arm-kernel@lists.infradead.org, tboot-devel@lists.sourceforge.net, intel-gfx@lists.freedesktop.org, dri-devel@lists.freedesktop.org, ath11k@lists.infradead.org, linux-wireless@vger.kernel.org, netdev@vger.kernel.org, linux-scsi@vger.kernel.org, cgroups@vger.kernel.org, linux-security-module@vger.kernel.org, =?UTF-8?B?VmlsbGUgU3lyasOkbMOk?= , Manasi Navare , Uma Shankar , Ankit Nautiyal , Gwan-gyeong Mun , Animesh Manna , Sean Paul References: <20210322160253.4032422-1-arnd@kernel.org> <20210322160253.4032422-12-arnd@kernel.org> From: Hans de Goede Message-ID: <949db606-ac48-69ae-b0f7-b1cba6fc2d7f@redhat.com> Date: Tue, 30 Mar 2021 12:56:51 +0200 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Thunderbird/78.7.0 MIME-Version: 1.0 In-Reply-To: <20210322160253.4032422-12-arnd@kernel.org> Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 8bit Precedence: bulk List-ID: X-Mailing-List: linux-wireless@vger.kernel.org Hi, On 3/22/21 5:02 PM, Arnd Bergmann wrote: > From: Arnd Bergmann > > gcc-11 warns that intel_dp_check_mst_status() has a local array of > fourteen bytes and passes the last four bytes into a function that > expects a six-byte array: > > drivers/gpu/drm/i915/display/intel_dp.c: In function ‘intel_dp_check_mst_status’: > drivers/gpu/drm/i915/display/intel_dp.c:4556:22: error: ‘drm_dp_channel_eq_ok’ reading 6 bytes from a region of size 4 [-Werror=stringop-overread] > 4556 | !drm_dp_channel_eq_ok(&esi[10], intel_dp->lane_count)) { > | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > drivers/gpu/drm/i915/display/intel_dp.c:4556:22: note: referencing argument 1 of type ‘const u8 *’ {aka ‘const unsigned char *’} > In file included from drivers/gpu/drm/i915/display/intel_dp.c:38: > include/drm/drm_dp_helper.h:1459:6: note: in a call to function ‘drm_dp_channel_eq_ok’ > 1459 | bool drm_dp_channel_eq_ok(const u8 link_status[DP_LINK_STATUS_SIZE], > | ^~~~~~~~~~~~~~~~~~~~ > > Clearly something is wrong here, but I can't quite figure out what. > Changing the array size to 16 bytes avoids the warning, but is > probably the wrong solution here. The drm displayport-helpers indeed expect a 6 bytes buffer, but they usually only consume 4 bytes. I don't think that changing the DP_DPRX_ESI_LEN is a good fix here, since it is used in multiple places, but the esi array already gets zero-ed out by its initializer, so we can just pass 2 extra 0 bytes to give drm_dp_channel_eq_ok() call the 6 byte buffer its prototype specifies by doing this: diff --git a/drivers/gpu/drm/i915/display/intel_dp.c b/drivers/gpu/drm/i915/display/intel_dp.c index 897711d9d7d3..147962d4ad06 100644 --- a/drivers/gpu/drm/i915/display/intel_dp.c +++ b/drivers/gpu/drm/i915/display/intel_dp.c @@ -4538,7 +4538,11 @@ intel_dp_check_mst_status(struct intel_dp *intel_dp) drm_WARN_ON_ONCE(&i915->drm, intel_dp->active_mst_links < 0); for (;;) { - u8 esi[DP_DPRX_ESI_LEN] = {}; + /* + * drm_dp_channel_eq_ok() expects a 6 byte large buffer, but + * the ESI info only contains 4 bytes, pass 2 extra 0 bytes. + */ + u8 esi[DP_DPRX_ESI_LEN + 2] = {}; bool handled; int retry; So i915 devs, would such a fix be acceptable ? Regards, Hans > > Signed-off-by: Arnd Bergmann > --- > drivers/gpu/drm/i915/display/intel_dp.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/drivers/gpu/drm/i915/display/intel_dp.c b/drivers/gpu/drm/i915/display/intel_dp.c > index 8c12d5375607..830e2515f119 100644 > --- a/drivers/gpu/drm/i915/display/intel_dp.c > +++ b/drivers/gpu/drm/i915/display/intel_dp.c > @@ -65,7 +65,7 @@ > #include "intel_vdsc.h" > #include "intel_vrr.h" > > -#define DP_DPRX_ESI_LEN 14 > +#define DP_DPRX_ESI_LEN 16 > > /* DP DSC throughput values used for slice count calculations KPixels/s */ > #define DP_DSC_PEAK_PIXEL_RATE 2720000 >