lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <0608aa11-2165-7693-6cdc-1c7ef8228622@amd.com>
Date:   Thu, 6 Oct 2022 15:51:46 -0400
From:   Hamza Mahfooz <hamza.mahfooz@....com>
To:     Linus Torvalds <torvalds@...ux-foundation.org>,
        "Sudip Mukherjee (Codethink)" <sudipm.mukherjee@...il.com>,
        Kees Cook <keescook@...omium.org>,
        Nathan Chancellor <nathan@...nel.org>
Cc:     Alex Deucher <alexander.deucher@....com>,
        Harry Wentland <harry.wentland@....com>,
        Leo Li <sunpeng.li@....com>,
        Rodrigo Siqueira <Rodrigo.Siqueira@....com>,
        Christian König <christian.koenig@....com>,
        "Pan, Xinhui" <Xinhui.Pan@....com>,
        David Airlie <airlied@...il.com>,
        Daniel Vetter <daniel@...ll.ch>, amd-gfx@...ts.freedesktop.org,
        dri-devel@...ts.freedesktop.org, linux-kernel@...r.kernel.org
Subject: Re: mainline build failure due to 5d8c3e836fc2 ("drm/amd/display: fix
 array-bounds error in dc_stream_remove_writeback()")

Hey Linus,

On 2022-10-06 15:39, Linus Torvalds wrote:
> On Thu, Oct 6, 2022 at 1:51 AM Sudip Mukherjee (Codethink)
> <sudipm.mukherjee@...il.com> wrote:
>>
>> This is only seen with gcc-11, gcc-12 builds are ok.
> 
> Hmm. This seems to be some odd gcc issue.
> 
> I *think* that what is going on is that the test
> 
>          j = 0 ; j < MAX_DWB_PIPES
> 
> makes gcc decide that "hey, j is in the range [0,MAX_DWB_PIPES[", and
> then since MAX_DWB_PIPES is 1, that simplifies to "j must be zero".
> Good range analysis so far.
> 
> But for 'i', we start off with that lower bound of 0, but the upper
> bound is not fixed (the test for "i" is: "i < stream->num_wb_info").
> 
> And then that "if (i != j)", so now gcc decides that it can simplify
> that to "if (i != 0)", and then simplifies *that* to "oh, the lower
> bound of 'i' in that code is actually 1.
> 
> So then it decides that "stream->writeback_info[i]" must be out of bounds.
> 
> Of course, the *reality* is that stream->num_wb_info should be <=
> MAX_DWB_PIPES, and as such (with the current MAX_DWB_PIPES value of 1)
> it's not that 'i' can be 1, it's that the code in question cannot be
> reached at all.
> 
> What confuses me is that error message ("array subscript [0, 0] is
> outside array bounds of 'struct dc_writeback_info[1]') which seems to
> be aware that the value is actually 0.
> 
> So this seems to be some gcc-11 range analysis bug, but I don't know
> what the fix is. I suspect some random code change would magically
> just make gcc realize it's ok after all, but since it all depends on
> random gcc confusion, I don't know what the random code change would
> be.
> 
> The fix *MAY* be to just add a '&& i < MAX_DWB_PIPES' to that loop
> too, and then gcc will see that both i and j are always 0, and that
> the code is unreachable and not warn about it. Hmm? Can you test that?
> 
> And the reason gcc-12 builds are ok probably isn't that gcc-12 gets
> this right, it's simply that gcc-12 gets so many *opther* things wrong
> that we already disabled -Warray-bounds with gcc-12 entirely.
> 
> If somebody cannot come up with a fix, I suspect the solution is "gcc
> array bounds analysis is terminally buggy" and we just need to disable
> it for gcc-11 too.

It seems that Stephen has a fix for this that works for multiple 
versions of GCC, see: 
https://lore.kernel.org/all/20221006191245.11bb0e2c@canb.auug.org.au/

> 
> Kees, any idea? Who else might be interested in fixing a -Warray-bounds issue?
> 
>                   Linus

-- 
Hamza

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ