From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from gabe.freedesktop.org (gabe.freedesktop.org [131.252.210.177]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id B918DC369C2 for ; Mon, 21 Apr 2025 21:58:44 +0000 (UTC) Received: from gabe.freedesktop.org (localhost [127.0.0.1]) by gabe.freedesktop.org (Postfix) with ESMTP id EF97110E106; Mon, 21 Apr 2025 21:58:41 +0000 (UTC) Authentication-Results: gabe.freedesktop.org; dkim=pass (2048-bit key; unprotected) header.d=kernel.org header.i=@kernel.org header.b="fFtgHgPG"; dkim-atps=neutral Received: from nyc.source.kernel.org (nyc.source.kernel.org [147.75.193.91]) by gabe.freedesktop.org (Postfix) with ESMTPS id 89CEA10E0F4; Mon, 21 Apr 2025 21:58:40 +0000 (UTC) Received: from smtp.kernel.org (transwarp.subspace.kernel.org [100.75.92.58]) by nyc.source.kernel.org (Postfix) with ESMTP id 61C7BA4BE8F; Mon, 21 Apr 2025 21:53:11 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 23DE7C4CEE4; Mon, 21 Apr 2025 21:58:39 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1745272719; bh=jTKO/ZVih+JbltPyJqGvHcdaODnrapZSlfJDyMxef4Y=; h=From:To:Cc:Subject:Date:From; b=fFtgHgPGy3B/E/XUe25ID7SWmNeqPWBZxkCVdbHHYL+A51fXREBW8icOwy2DQ1PGZ smwFCDE95c6RimcL1YJg9aTDuUYltW33fZi9YMbmACjVwDjG1z/PAFzPST6qh01MnH 9KJSw7OSA6E9BHLHw176HqTRC4XPgsDEIMZuXyGRPFfOSmsgg6pEqS/z4I5JiAvYNr ALH/HpWab/u82LXnJcB/8M/YqWo/ANNAuKYDerSBBuD6gQBtYA/ubzdJWSfczHdRIS 7wM4umVvzxVlGqeqvyjSTgjjbS9aqm1I7po1F3gwmV6MCpIxTwvLmyidAoekEfb/Xw lKL/3oJrWjufw== From: Kees Cook To: Alex Deucher Cc: Kees Cook , =?UTF-8?q?Christian=20K=C3=B6nig?= , Xinhui Pan , David Airlie , Simona Vetter , Jesse Zhang , Tim Huang , Srinivasan Shanmugam , Alexander Richards , Lijo Lazar , Mario Limonciello , "Gustavo A. R. Silva" , amd-gfx@lists.freedesktop.org, dri-devel@lists.freedesktop.org, Al Viro , linux-kernel@vger.kernel.org, linux-hardening@vger.kernel.org Subject: [PATCH] drm/amdgpu/atom: Work around vbios NULL offset false positive Date: Mon, 21 Apr 2025 14:58:34 -0700 Message-Id: <20250421215833.work.924-kees@kernel.org> X-Mailer: git-send-email 2.34.1 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 X-Developer-Signature: v=1; a=openpgp-sha256; l=2865; i=kees@kernel.org; h=from:subject:message-id; bh=jTKO/ZVih+JbltPyJqGvHcdaODnrapZSlfJDyMxef4Y=; b=owGbwMvMwCVmps19z/KJym7G02pJDBls+zvvHM+YreCqfKrQev31s18a+6e/XrJg684vsbzLU 48ZvEp82VHKwiDGxSArpsgSZOce5+Lxtj3cfa4izBxWJpAhDFycAjCRDQEMPxkXbGaK6YjXLGtc O/0tz4G3f7gCeBMVuF2kjIJqT2+zt2T47+lbZ/C35qeel/qk3j0vTpQrS/tNEXbtmxJf8EMws6S BFwA= X-Developer-Key: i=kees@kernel.org; a=openpgp; fpr=A5C3F68F229DD60F723E6E138972F4DFDC6DC026 Content-Transfer-Encoding: 8bit X-BeenThere: amd-gfx@lists.freedesktop.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Discussion list for AMD gfx List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: amd-gfx-bounces@lists.freedesktop.org Sender: "amd-gfx" GCC really does not want to consider NULL (or near-NULL) addresses as valid, so calculations based off of NULL end up getting range-tracked into being an offset wthin a 0 byte array. It gets especially mad about this: if (vbios_str == NULL) vbios_str += sizeof(BIOS_ATOM_PREFIX) - 1; ... if (vbios_str != NULL && *vbios_str == 0) vbios_str++; It sees this as being "sizeof(BIOS_ATOM_PREFIX) - 1" byte offset from NULL, when building with -Warray-bounds (and the coming -fdiagnostic-details flag): In function 'atom_get_vbios_pn', inlined from 'amdgpu_atom_parse' at drivers/gpu/drm/amd/amdgpu/atom.c:1553:2: drivers/gpu/drm/amd/amdgpu/atom.c:1447:34: error: array subscript 0 is outside array bounds of 'unsigned char[0]' [-Werror=array-bounds=] 1447 | if (vbios_str != NULL && *vbios_str == 0) | ^~~~~~~~~~ 'amdgpu_atom_parse': events 1-2 1444 | if (vbios_str == NULL) | ^ | | | (1) when the condition is evaluated to true ...... 1447 | if (vbios_str != NULL && *vbios_str == 0) | ~~~~~~~~~~ | | | (2) out of array bounds here In function 'amdgpu_atom_parse': cc1: note: source object is likely at address zero As there isn't a sane way to convince it otherwise, hide vbios_str from GCC's optimizer to avoid the warning so we can get closer to enabling -Warray-bounds globally. Signed-off-by: Kees Cook --- Cc: Alex Deucher Cc: "Christian König" Cc: Xinhui Pan Cc: David Airlie Cc: Simona Vetter Cc: Jesse Zhang Cc: Tim Huang Cc: Srinivasan Shanmugam Cc: Alexander Richards Cc: Lijo Lazar Cc: Mario Limonciello Cc: "Gustavo A. R. Silva" Cc: amd-gfx@lists.freedesktop.org Cc: dri-devel@lists.freedesktop.org --- drivers/gpu/drm/amd/amdgpu/atom.c | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/gpu/drm/amd/amdgpu/atom.c b/drivers/gpu/drm/amd/amdgpu/atom.c index 81d195d366ce..427b073de2fc 100644 --- a/drivers/gpu/drm/amd/amdgpu/atom.c +++ b/drivers/gpu/drm/amd/amdgpu/atom.c @@ -1444,6 +1444,7 @@ static void atom_get_vbios_pn(struct atom_context *ctx) if (vbios_str == NULL) vbios_str += sizeof(BIOS_ATOM_PREFIX) - 1; } + OPTIMIZER_HIDE_VAR(vbios_str); if (vbios_str != NULL && *vbios_str == 0) vbios_str++; -- 2.34.1