| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <202510030646.pqNWfKQ0-lkp@intel.com>
Date: Fri, 3 Oct 2025 07:19:05 +0800
From: kernel test robot <lkp@...el.com>
To: Bhanu Seshu Kumar Valluri <bhanuseshukumar@...il.com>,
Alex Deucher <alexander.deucher@....com>,
Christian König <christian.koenig@....com>,
David Airlie <airlied@...il.com>, Simona Vetter <simona@...ll.ch>,
Harry Wentland <harry.wentland@....com>,
Leo Li <sunpeng.li@....com>, Rodrigo Siqueira <siqueira@...lia.com>,
Tao Zhou <tao.zhou1@....com>, Hawking Zhang <Hawking.Zhang@....com>,
ganglxie <ganglxie@....com>, Lijo Lazar <lijo.lazar@....com>,
Candice Li <candice.li@....com>,
Victor Skvortsov <victor.skvortsov@....com>,
Roman Li <roman.li@....com>, Alvin Lee <Alvin.Lee2@....com>,
Karthi Kandasamy <karthi.kandasamy@....com>,
David Rosca <david.rosca@....com>,
Marek Olšák <marek.olsak@....com>,
Jocelyn Falempe <jfalempe@...hat.com>,
André Almeida <andrealmeid@...lia.com>,
Mario Limonciello <mario.limonciello@....com>
Cc: oe-kbuild-all@...ts.linux.dev, amd-gfx@...ts.freedesktop.org,
dri-devel@...ts.freedesktop.org, linux-kernel@...r.kernel.org,
khalid@...nel.org, linux-kernel-mentees@...ts.linuxfoundation.org,
skhan@...uxfoundation.org, david.hunter.linux@...il.com,
bhanuseshukumar@...il.com
Subject: Re: [PATCH] drm: amd: Use kmalloc_array to prevent overflow of
dynamic size calculation
Hi Bhanu,
kernel test robot noticed the following build warnings:
[auto build test WARNING on amd-pstate/linux-next]
[also build test WARNING on amd-pstate/bleeding-edge v6.17]
[cannot apply to linus/master next-20251002]
[If your patch is applied to the wrong git tree, kindly drop us a note.
And when submitting patch, we suggest to use '--base' as documented in
https://git-scm.com/docs/git-format-patch#_base_tree_information]
url: https://github.com/intel-lab-lkp/linux/commits/Bhanu-Seshu-Kumar-Valluri/drm-amd-Use-kmalloc_array-to-prevent-overflow-of-dynamic-size-calculation/20251002-102458
base: https://git.kernel.org/pub/scm/linux/kernel/git/superm1/linux.git linux-next
patch link: https://lore.kernel.org/r/20251002022241.77823-1-bhanuseshukumar%40gmail.com
patch subject: [PATCH] drm: amd: Use kmalloc_array to prevent overflow of dynamic size calculation
config: x86_64-randconfig-003-20251003 (https://download.01.org/0day-ci/archive/20251003/202510030646.pqNWfKQ0-lkp@intel.com/config)
compiler: gcc-14 (Debian 14.2.0-19) 14.2.0
reproduce (this is a W=1 build): (https://download.01.org/0day-ci/archive/20251003/202510030646.pqNWfKQ0-lkp@intel.com/reproduce)
If you fix the issue in a separate patch/commit (i.e. not just a new version of
the same patch/commit), kindly add following tags
| Reported-by: kernel test robot <lkp@...el.com>
| Closes: https://lore.kernel.org/oe-kbuild-all/202510030646.pqNWfKQ0-lkp@intel.com/
All warnings (new ones prefixed by >>):
In file included from include/linux/percpu.h:5,
from arch/x86/include/asm/msr.h:16,
from arch/x86/include/asm/tsc.h:11,
from arch/x86/include/asm/timex.h:6,
from include/linux/timex.h:67,
from include/linux/time32.h:13,
from include/linux/time.h:60,
from include/linux/stat.h:19,
from include/linux/fs.h:11,
from include/linux/debugfs.h:15,
from drivers/gpu/drm/amd/amdgpu/amdgpu_ras.c:24:
drivers/gpu/drm/amd/amdgpu/amdgpu_ras.c: In function 'amdgpu_ras_badpages_read':
>> drivers/gpu/drm/amd/amdgpu/amdgpu_ras.c:2569:37: warning: 'kmalloc_array_noprof' sizes specified with 'sizeof' in the earlier argument and not in the later argument [-Wcalloc-transposed-args]
2569 | *bps = kmalloc_array(sizeof(struct ras_badpage), data->count, GFP_KERNEL);
| ^~~~~~
include/linux/alloc_tag.h:239:16: note: in definition of macro 'alloc_hooks_tag'
239 | typeof(_do_alloc) _res; \
| ^~~~~~~~~
include/linux/slab.h:950:49: note: in expansion of macro 'alloc_hooks'
950 | #define kmalloc_array(...) alloc_hooks(kmalloc_array_noprof(__VA_ARGS__))
| ^~~~~~~~~~~
drivers/gpu/drm/amd/amdgpu/amdgpu_ras.c:2569:16: note: in expansion of macro 'kmalloc_array'
2569 | *bps = kmalloc_array(sizeof(struct ras_badpage), data->count, GFP_KERNEL);
| ^~~~~~~~~~~~~
drivers/gpu/drm/amd/amdgpu/amdgpu_ras.c:2569:37: note: earlier argument should specify number of elements, later size of each element
2569 | *bps = kmalloc_array(sizeof(struct ras_badpage), data->count, GFP_KERNEL);
| ^~~~~~
include/linux/alloc_tag.h:239:16: note: in definition of macro 'alloc_hooks_tag'
239 | typeof(_do_alloc) _res; \
| ^~~~~~~~~
include/linux/slab.h:950:49: note: in expansion of macro 'alloc_hooks'
950 | #define kmalloc_array(...) alloc_hooks(kmalloc_array_noprof(__VA_ARGS__))
| ^~~~~~~~~~~
drivers/gpu/drm/amd/amdgpu/amdgpu_ras.c:2569:16: note: in expansion of macro 'kmalloc_array'
2569 | *bps = kmalloc_array(sizeof(struct ras_badpage), data->count, GFP_KERNEL);
| ^~~~~~~~~~~~~
>> drivers/gpu/drm/amd/amdgpu/amdgpu_ras.c:2569:37: warning: 'kmalloc_array_noprof' sizes specified with 'sizeof' in the earlier argument and not in the later argument [-Wcalloc-transposed-args]
2569 | *bps = kmalloc_array(sizeof(struct ras_badpage), data->count, GFP_KERNEL);
| ^~~~~~
include/linux/alloc_tag.h:243:24: note: in definition of macro 'alloc_hooks_tag'
243 | _res = _do_alloc; \
| ^~~~~~~~~
include/linux/slab.h:950:49: note: in expansion of macro 'alloc_hooks'
950 | #define kmalloc_array(...) alloc_hooks(kmalloc_array_noprof(__VA_ARGS__))
| ^~~~~~~~~~~
drivers/gpu/drm/amd/amdgpu/amdgpu_ras.c:2569:16: note: in expansion of macro 'kmalloc_array'
2569 | *bps = kmalloc_array(sizeof(struct ras_badpage), data->count, GFP_KERNEL);
| ^~~~~~~~~~~~~
drivers/gpu/drm/amd/amdgpu/amdgpu_ras.c:2569:37: note: earlier argument should specify number of elements, later size of each element
2569 | *bps = kmalloc_array(sizeof(struct ras_badpage), data->count, GFP_KERNEL);
| ^~~~~~
include/linux/alloc_tag.h:243:24: note: in definition of macro 'alloc_hooks_tag'
243 | _res = _do_alloc; \
| ^~~~~~~~~
include/linux/slab.h:950:49: note: in expansion of macro 'alloc_hooks'
950 | #define kmalloc_array(...) alloc_hooks(kmalloc_array_noprof(__VA_ARGS__))
| ^~~~~~~~~~~
drivers/gpu/drm/amd/amdgpu/amdgpu_ras.c:2569:16: note: in expansion of macro 'kmalloc_array'
2569 | *bps = kmalloc_array(sizeof(struct ras_badpage), data->count, GFP_KERNEL);
| ^~~~~~~~~~~~~
>> drivers/gpu/drm/amd/amdgpu/amdgpu_ras.c:2569:37: warning: 'kmalloc_array_noprof' sizes specified with 'sizeof' in the earlier argument and not in the later argument [-Wcalloc-transposed-args]
2569 | *bps = kmalloc_array(sizeof(struct ras_badpage), data->count, GFP_KERNEL);
| ^~~~~~
include/linux/alloc_tag.h:246:24: note: in definition of macro 'alloc_hooks_tag'
246 | _res = _do_alloc; \
| ^~~~~~~~~
include/linux/slab.h:950:49: note: in expansion of macro 'alloc_hooks'
950 | #define kmalloc_array(...) alloc_hooks(kmalloc_array_noprof(__VA_ARGS__))
| ^~~~~~~~~~~
drivers/gpu/drm/amd/amdgpu/amdgpu_ras.c:2569:16: note: in expansion of macro 'kmalloc_array'
2569 | *bps = kmalloc_array(sizeof(struct ras_badpage), data->count, GFP_KERNEL);
| ^~~~~~~~~~~~~
drivers/gpu/drm/amd/amdgpu/amdgpu_ras.c:2569:37: note: earlier argument should specify number of elements, later size of each element
2569 | *bps = kmalloc_array(sizeof(struct ras_badpage), data->count, GFP_KERNEL);
| ^~~~~~
include/linux/alloc_tag.h:246:24: note: in definition of macro 'alloc_hooks_tag'
246 | _res = _do_alloc; \
| ^~~~~~~~~
include/linux/slab.h:950:49: note: in expansion of macro 'alloc_hooks'
950 | #define kmalloc_array(...) alloc_hooks(kmalloc_array_noprof(__VA_ARGS__))
| ^~~~~~~~~~~
drivers/gpu/drm/amd/amdgpu/amdgpu_ras.c:2569:16: note: in expansion of macro 'kmalloc_array'
2569 | *bps = kmalloc_array(sizeof(struct ras_badpage), data->count, GFP_KERNEL);
| ^~~~~~~~~~~~~
vim +2569 drivers/gpu/drm/amd/amdgpu/amdgpu_ras.c
2546
2547 /* return 0 on success.
2548 * caller need free bps.
2549 */
2550 static int amdgpu_ras_badpages_read(struct amdgpu_device *adev,
2551 struct ras_badpage **bps, unsigned int *count)
2552 {
2553 struct amdgpu_ras *con = amdgpu_ras_get_context(adev);
2554 struct ras_err_handler_data *data;
2555 int i = 0;
2556 int ret = 0, status;
2557
2558 if (!con || !con->eh_data || !bps || !count)
2559 return -EINVAL;
2560
2561 mutex_lock(&con->recovery_lock);
2562 data = con->eh_data;
2563 if (!data || data->count == 0) {
2564 *bps = NULL;
2565 ret = -EINVAL;
2566 goto out;
2567 }
2568
> 2569 *bps = kmalloc_array(sizeof(struct ras_badpage), data->count, GFP_KERNEL);
2570 if (!*bps) {
2571 ret = -ENOMEM;
2572 goto out;
2573 }
2574
2575 for (; i < data->count; i++) {
2576 (*bps)[i] = (struct ras_badpage){
2577 .bp = data->bps[i].retired_page,
2578 .size = AMDGPU_GPU_PAGE_SIZE,
2579 .flags = AMDGPU_RAS_RETIRE_PAGE_RESERVED,
2580 };
2581 status = amdgpu_vram_mgr_query_page_status(&adev->mman.vram_mgr,
2582 data->bps[i].retired_page << AMDGPU_GPU_PAGE_SHIFT);
2583 if (status == -EBUSY)
2584 (*bps)[i].flags = AMDGPU_RAS_RETIRE_PAGE_PENDING;
2585 else if (status == -ENOENT)
2586 (*bps)[i].flags = AMDGPU_RAS_RETIRE_PAGE_FAULT;
2587 }
2588
2589 *count = data->count;
2590 out:
2591 mutex_unlock(&con->recovery_lock);
2592 return ret;
2593 }
2594
--
0-DAY CI Kernel Test Service
https://github.com/intel/lkp-tests/wiki
Powered by blists - more mailing lists