| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <87lfuou27c.fsf@intel.com>
Date: Mon, 16 Sep 2019 10:31:35 +0300
From: Jani Nikula <jani.nikula@...el.com>
To: Dan Carpenter <dan.carpenter@...cle.com>, kbuild@...org
Cc: kbuild-all@...org, linux-kernel@...r.kernel.org,
Chris Wilson <chris@...is-wilson.co.uk>,
intel-gfx@...ts.freedesktop.org,
Ville Syrjälä <ville.syrjala@...ux.intel.com>
Subject: Re: drivers/gpu/drm/i915/display/intel_display.c:3934 skl_plane_stride() error: testing array offset 'color_plane' after use.
On Sat, 14 Sep 2019, Dan Carpenter <dan.carpenter@...cle.com> wrote:
> tree: https://kernel.googlesource.com/pub/scm/linux/kernel/git/torvalds/linux.git master
> head: a7f89616b7376495424f682b6086e0c391a89a1d
> commit: df0566a641f959108c152be748a0a58794280e0e drm/i915: move modesetting core code under display/
> date: 3 months ago
>
> If you fix the issue, kindly add following tag
> Reported-by: kbuild test robot <lkp@...el.com>
> Reported-by: Dan Carpenter <dan.carpenter@...cle.com>
>
> New smatch warnings:
> drivers/gpu/drm/i915/display/intel_display.c:3934 skl_plane_stride() error: testing array offset 'color_plane' after use.
> drivers/gpu/drm/i915/display/intel_display.c:16328 intel_sanitize_encoder() error: we previously assumed 'crtc' could be null (see line 16318)
Odd, what changed to provoke the warnings now? Or is the smatch test
new?
Anyway, Cc: Ville & intel-gfx.
BR,
Jani.
>
> git remote add linus https://kernel.googlesource.com/pub/scm/linux/kernel/git/torvalds/linux.git
> git remote update linus
> git checkout df0566a641f959108c152be748a0a58794280e0e
> vim +/color_plane +3934 drivers/gpu/drm/i915/display/intel_display.c
>
> b3cf5c06ca5001 drivers/gpu/drm/i915/intel_display.c Ville Syrjälä 2018-09-25 3926
> df79cf44191029 drivers/gpu/drm/i915/intel_display.c Ville Syrjälä 2018-09-11 3927 u32 skl_plane_stride(const struct intel_plane_state *plane_state,
> 5d2a19507cb665 drivers/gpu/drm/i915/intel_display.c Ville Syrjälä 2018-09-07 3928 int color_plane)
> d21967740f4b7d drivers/gpu/drm/i915/intel_display.c Ville Syrjälä 2016-01-28 3929 {
> df79cf44191029 drivers/gpu/drm/i915/intel_display.c Ville Syrjälä 2018-09-11 3930 const struct drm_framebuffer *fb = plane_state->base.fb;
> df79cf44191029 drivers/gpu/drm/i915/intel_display.c Ville Syrjälä 2018-09-11 3931 unsigned int rotation = plane_state->base.rotation;
> 5d2a19507cb665 drivers/gpu/drm/i915/intel_display.c Ville Syrjälä 2018-09-07 3932 u32 stride = plane_state->color_plane[color_plane].stride;
> ^^^^^^^^^^^
> Out of bounds read?
>
> 1b500535c513ac drivers/gpu/drm/i915/intel_display.c Ville Syrjälä 2017-03-07 3933
> 5d2a19507cb665 drivers/gpu/drm/i915/intel_display.c Ville Syrjälä 2018-09-07 @3934 if (color_plane >= fb->format->num_planes)
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> Tested too late.
>
> 1b500535c513ac drivers/gpu/drm/i915/intel_display.c Ville Syrjälä 2017-03-07 3935 return 0;
> 1b500535c513ac drivers/gpu/drm/i915/intel_display.c Ville Syrjälä 2017-03-07 3936
> b3cf5c06ca5001 drivers/gpu/drm/i915/intel_display.c Ville Syrjälä 2018-09-25 3937 return stride / skl_plane_stride_mult(fb, color_plane, rotation);
> d21967740f4b7d drivers/gpu/drm/i915/intel_display.c Ville Syrjälä 2016-01-28 3938 }
> d21967740f4b7d drivers/gpu/drm/i915/intel_display.c Ville Syrjälä 2016-01-28 3939
>
> ---
> 0-DAY kernel test infrastructure Open Source Technology Center
> https://lists.01.org/pipermail/kbuild-all Intel Corporation
--
Jani Nikula, Intel Open Source Graphics Center
Powered by blists - more mailing lists