From: Hans de Goede <hdegoede@redhat.com>
To: Arnd Bergmann <arnd@kernel.org>,
linux-kernel@vger.kernel.org, Martin Sebor <msebor@gcc.gnu.org>,
Jani Nikula <jani.nikula@linux.intel.com>,
Joonas Lahtinen <joonas.lahtinen@linux.intel.com>,
Rodrigo Vivi <rodrigo.vivi@intel.com>,
David Airlie <airlied@linux.ie>, Daniel Vetter <daniel@ffwll.ch>,
imre.deak@intel.com
Cc: "Arnd Bergmann" <arnd@arndb.de>,
x86@kernel.org, "Ning Sun" <ning.sun@intel.com>,
"Kalle Valo" <kvalo@codeaurora.org>,
"Simon Kelley" <simon@thekelleys.org.uk>,
"James Smart" <james.smart@broadcom.com>,
"James E.J. Bottomley" <jejb@linux.ibm.com>,
"Anders Larsen" <al@alarsen.net>, "Tejun Heo" <tj@kernel.org>,
"Serge Hallyn" <serge@hallyn.com>,
"Imre Deak" <imre.deak@intel.com>,
linux-arm-kernel@lists.infradead.org,
tboot-devel@lists.sourceforge.net,
intel-gfx@lists.freedesktop.org, dri-devel@lists.freedesktop.org,
ath11k@lists.infradead.org, linux-wireless@vger.kernel.org,
netdev@vger.kernel.org, linux-scsi@vger.kernel.org,
cgroups@vger.kernel.org, linux-security-module@vger.kernel.org,
"Ville Syrjälä" <ville.syrjala@linux.intel.com>,
"Manasi Navare" <manasi.d.navare@intel.com>,
"Uma Shankar" <uma.shankar@intel.com>,
"Ankit Nautiyal" <ankit.k.nautiyal@intel.com>,
"Gwan-gyeong Mun" <gwan-gyeong.mun@intel.com>,
"Animesh Manna" <animesh.manna@intel.com>,
"Sean Paul" <seanpaul@chromium.org>
Subject: Re: [PATCH 11/11] [RFC] drm/i915/dp: fix array overflow warning
Date: Tue, 30 Mar 2021 12:56:51 +0200 [thread overview]
Message-ID: <949db606-ac48-69ae-b0f7-b1cba6fc2d7f@redhat.com> (raw)
In-Reply-To: <20210322160253.4032422-12-arnd@kernel.org>
Hi,
On 3/22/21 5:02 PM, Arnd Bergmann wrote:
> From: Arnd Bergmann <arnd@arndb.de>
>
> gcc-11 warns that intel_dp_check_mst_status() has a local array of
> fourteen bytes and passes the last four bytes into a function that
> expects a six-byte array:
>
> drivers/gpu/drm/i915/display/intel_dp.c: In function ‘intel_dp_check_mst_status’:
> drivers/gpu/drm/i915/display/intel_dp.c:4556:22: error: ‘drm_dp_channel_eq_ok’ reading 6 bytes from a region of size 4 [-Werror=stringop-overread]
> 4556 | !drm_dp_channel_eq_ok(&esi[10], intel_dp->lane_count)) {
> | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> drivers/gpu/drm/i915/display/intel_dp.c:4556:22: note: referencing argument 1 of type ‘const u8 *’ {aka ‘const unsigned char *’}
> In file included from drivers/gpu/drm/i915/display/intel_dp.c:38:
> include/drm/drm_dp_helper.h:1459:6: note: in a call to function ‘drm_dp_channel_eq_ok’
> 1459 | bool drm_dp_channel_eq_ok(const u8 link_status[DP_LINK_STATUS_SIZE],
> | ^~~~~~~~~~~~~~~~~~~~
>
> Clearly something is wrong here, but I can't quite figure out what.
> Changing the array size to 16 bytes avoids the warning, but is
> probably the wrong solution here.
The drm displayport-helpers indeed expect a 6 bytes buffer, but they
usually only consume 4 bytes.
I don't think that changing the DP_DPRX_ESI_LEN is a good fix here,
since it is used in multiple places, but the esi array already gets
zero-ed out by its initializer, so we can just pass 2 extra 0 bytes
to give drm_dp_channel_eq_ok() call the 6 byte buffer its prototype
specifies by doing this:
diff --git a/drivers/gpu/drm/i915/display/intel_dp.c b/drivers/gpu/drm/i915/display/intel_dp.c
index 897711d9d7d3..147962d4ad06 100644
--- a/drivers/gpu/drm/i915/display/intel_dp.c
+++ b/drivers/gpu/drm/i915/display/intel_dp.c
@@ -4538,7 +4538,11 @@ intel_dp_check_mst_status(struct intel_dp *intel_dp)
drm_WARN_ON_ONCE(&i915->drm, intel_dp->active_mst_links < 0);
for (;;) {
- u8 esi[DP_DPRX_ESI_LEN] = {};
+ /*
+ * drm_dp_channel_eq_ok() expects a 6 byte large buffer, but
+ * the ESI info only contains 4 bytes, pass 2 extra 0 bytes.
+ */
+ u8 esi[DP_DPRX_ESI_LEN + 2] = {};
bool handled;
int retry;
So i915 devs, would such a fix be acceptable ?
Regards,
Hans
>
> Signed-off-by: Arnd Bergmann <arnd@arndb.de>
> ---
> drivers/gpu/drm/i915/display/intel_dp.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/drivers/gpu/drm/i915/display/intel_dp.c b/drivers/gpu/drm/i915/display/intel_dp.c
> index 8c12d5375607..830e2515f119 100644
> --- a/drivers/gpu/drm/i915/display/intel_dp.c
> +++ b/drivers/gpu/drm/i915/display/intel_dp.c
> @@ -65,7 +65,7 @@
> #include "intel_vdsc.h"
> #include "intel_vrr.h"
>
> -#define DP_DPRX_ESI_LEN 14
> +#define DP_DPRX_ESI_LEN 16
>
> /* DP DSC throughput values used for slice count calculations KPixels/s */
> #define DP_DSC_PEAK_PIXEL_RATE 2720000
>
next prev parent reply other threads:[~2021-03-30 10:57 UTC|newest]
Thread overview: 32+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-03-22 16:02 [PATCH 00/11] treewide: address gcc-11 -Wstringop-overread warnings Arnd Bergmann
2021-03-22 16:02 ` [PATCH 01/11] x86: compressed: avoid gcc-11 -Wstringop-overread warning Arnd Bergmann
2021-03-22 16:02 ` [PATCH 02/11] x86: tboot: avoid Wstringop-overread-warning Arnd Bergmann
2021-03-22 20:29 ` Ingo Molnar
2021-03-22 21:39 ` Arnd Bergmann
2021-03-22 22:07 ` Martin Sebor
2021-03-22 22:49 ` Arnd Bergmann
2021-03-22 23:13 ` Ingo Molnar
2021-03-24 9:11 ` David Laight
2021-03-24 10:39 ` David Laight
2021-03-22 16:02 ` [PATCH 03/11] security: commoncap: fix -Wstringop-overread warning Arnd Bergmann
2021-03-22 16:31 ` Christian Brauner
2021-03-24 20:50 ` James Morris
2021-03-22 16:02 ` [PATCH 04/11] ath11: Wstringop-overread warning Arnd Bergmann
2021-09-28 9:04 ` Kalle Valo
2021-03-22 16:02 ` [PATCH 05/11] qnx: avoid -Wstringop-overread warning Arnd Bergmann
2021-03-22 16:02 ` [PATCH 06/11] cgroup: fix -Wzero-length-bounds warnings Arnd Bergmann
2021-03-30 8:41 ` Michal Koutný
2021-03-30 9:00 ` Arnd Bergmann
2021-03-30 14:44 ` Michal Koutný
2021-03-22 16:02 ` [PATCH 07/11] ARM: sharpsl_param: work around -Wstringop-overread warning Arnd Bergmann
2021-03-22 16:02 ` [PATCH 08/11] atmel: avoid gcc -Wstringop-overflow warning Arnd Bergmann
2021-03-22 16:02 ` [PATCH 09/11] scsi: lpfc: fix gcc -Wstringop-overread warning Arnd Bergmann
2021-03-22 16:02 ` [PATCH 10/11] drm/i915: avoid stringop-overread warning on pri_latency Arnd Bergmann
2021-03-24 15:30 ` Jani Nikula
2021-03-24 17:22 ` Ville Syrjälä
2021-03-22 16:02 ` [PATCH 11/11] [RFC] drm/i915/dp: fix array overflow warning Arnd Bergmann
2021-03-25 8:05 ` Jani Nikula
2021-03-25 9:53 ` Arnd Bergmann
2021-03-25 14:49 ` Martin Sebor
2021-03-30 10:56 ` Hans de Goede [this message]
2021-04-06 4:53 ` [PATCH 00/11] treewide: address gcc-11 -Wstringop-overread warnings Martin K. Petersen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=949db606-ac48-69ae-b0f7-b1cba6fc2d7f@redhat.com \
--to=hdegoede@redhat.com \
--cc=airlied@linux.ie \
--cc=al@alarsen.net \
--cc=animesh.manna@intel.com \
--cc=ankit.k.nautiyal@intel.com \
--cc=arnd@arndb.de \
--cc=arnd@kernel.org \
--cc=ath11k@lists.infradead.org \
--cc=cgroups@vger.kernel.org \
--cc=daniel@ffwll.ch \
--cc=dri-devel@lists.freedesktop.org \
--cc=gwan-gyeong.mun@intel.com \
--cc=imre.deak@intel.com \
--cc=intel-gfx@lists.freedesktop.org \
--cc=james.smart@broadcom.com \
--cc=jani.nikula@linux.intel.com \
--cc=jejb@linux.ibm.com \
--cc=joonas.lahtinen@linux.intel.com \
--cc=kvalo@codeaurora.org \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-scsi@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=linux-wireless@vger.kernel.org \
--cc=manasi.d.navare@intel.com \
--cc=msebor@gcc.gnu.org \
--cc=netdev@vger.kernel.org \
--cc=ning.sun@intel.com \
--cc=rodrigo.vivi@intel.com \
--cc=seanpaul@chromium.org \
--cc=serge@hallyn.com \
--cc=simon@thekelleys.org.uk \
--cc=tboot-devel@lists.sourceforge.net \
--cc=tj@kernel.org \
--cc=uma.shankar@intel.com \
--cc=ville.syrjala@linux.intel.com \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).