Re: [PATCH] drm/managed: Fix off-by-one in warning

From: Sam Ravnborg <sam@ravnborg.org>
To: Daniel Vetter <daniel.vetter@ffwll.ch>
Cc: kernel test robot <lkp@intel.com>,
	"Rafael J. Wysocki" <rafael@kernel.org>,
	Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
	DRI Development <dri-devel@lists.freedesktop.org>,
	Laurent Pinchart <laurent.pinchart@ideasonboard.com>,
	Thomas Zimmermann <tzimmermann@suse.de>,
	Daniel Vetter <daniel.vetter@intel.com>,
	Dan Carpenter <dan.carpenter@oracle.com>
Subject: Re: [PATCH] drm/managed: Fix off-by-one in warning
Date: Sat, 28 Mar 2020 19:49:42 +0100	[thread overview]
Message-ID: <20200328184942.GA28087@ravnborg.org> (raw)
In-Reply-To: <20200328162358.18500-1-daniel.vetter@ffwll.ch>

Hi Daniel.

On Sat, Mar 28, 2020 at 05:23:58PM +0100, Daniel Vetter wrote:
> I'm thinking this is the warning that fired in the 0day report, but I
> can't double-check yet since 0day didn't upload its source tree
> anywhere I can check. And all the drivers I can easily test don't use
> drm_dev_alloc anymore ...
> 
> Also if I'm correct supreme amounts of bad luck because usually kslap
> (for bigger structures) gives us something quite a bit bigger than
> what we asked for.
> 
> Reported-by: kernel test robot <lkp@intel.com>
> Fixes: c6603c740e0e ("drm: add managed resources tied to drm_device")
> Cc: Sam Ravnborg <sam@ravnborg.org>
> Cc: Thomas Zimmermann <tzimmermann@suse.de>
> Cc: Dan Carpenter <dan.carpenter@oracle.com>
> Cc: Laurent Pinchart <laurent.pinchart@ideasonboard.com>
> Cc: Neil Armstrong <narmstrong@baylibre.com
> Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
> Cc: "Rafael J. Wysocki" <rafael@kernel.org>
> Signed-off-by: Daniel Vetter <daniel.vetter@intel.com>
> ---
>  drivers/gpu/drm/drm_managed.c | 3 +--
>  1 file changed, 1 insertion(+), 2 deletions(-)
> 
> diff --git a/drivers/gpu/drm/drm_managed.c b/drivers/gpu/drm/drm_managed.c
> index 4955241ceb4c..9cebfe370a65 100644
> --- a/drivers/gpu/drm/drm_managed.c
> +++ b/drivers/gpu/drm/drm_managed.c
> @@ -139,8 +139,7 @@ void drmm_add_final_kfree(struct drm_device *dev, void *container)
>  {
>  	WARN_ON(dev->managed.final_kfree);
>  	WARN_ON(dev < (struct drm_device *) container);
> -	WARN_ON(dev + 1 >=
> -		(struct drm_device *) (container + ksize(container)));
> +	WARN_ON(dev + 1 > (struct drm_device *) (container + ksize(container)));

I do not think this is the right fix...
The original code would trigger if
1) the container only had a drm_device - and nothing else
2) and the allocated size was the same

And the modification will now allow for a container with the exact size
of drm_device.

I checked all users in my tree - no-one only had a drm_device.
The minimum was one extra pointer.

Another thing that could trigger the warning was if any users
did not specify a pointer to memory allocated by k(z)alloc()
But I could not find any.

tiny/st7735r.c looked suspisius, but I think it is also OK,
because struct st7735r_priv is allocated, but the poitner specified in
st7735r_priv.dbidev. But dbidev is the first field - so OK.

So no better clue...

	Sam
_______________________________________________
dri-devel mailing list
dri-devel@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/dri-devel