From: Sasha Levin <sashal@kernel.org>
To: linux-kernel@vger.kernel.org, stable@vger.kernel.org
Cc: Hamza Mahfooz <hamza.mahfooz@amd.com>,
Aurabindo Pillai <aurabindo.pillai@amd.com>,
Alex Deucher <alexander.deucher@amd.com>,
Sasha Levin <sashal@kernel.org>,
harry.wentland@amd.com, sunpeng.li@amd.com,
Rodrigo.Siqueira@amd.com, christian.koenig@amd.com,
Xinhui.Pan@amd.com, airlied@gmail.com, daniel@ffwll.ch,
Alvin.Lee2@amd.com, Pavle.Kotarac@amd.com, alex.hung@amd.com,
hanghong.ma@amd.com, hersenwu@amd.com, paul.hsieh@amd.com,
Jimmy.Kizito@amd.com, amd-gfx@lists.freedesktop.org,
dri-devel@lists.freedesktop.org
Subject: [PATCH AUTOSEL 5.19 35/36] drm/amd/display: fix array-bounds error in dc_stream_remove_writeback()
Date: Sun, 9 Oct 2022 19:52:21 -0400 [thread overview]
Message-ID: <20221009235222.1230786-35-sashal@kernel.org> (raw)
In-Reply-To: <20221009235222.1230786-1-sashal@kernel.org>
From: Hamza Mahfooz <hamza.mahfooz@amd.com>
[ Upstream commit 5d8c3e836fc224dfe633e41f7f2856753b39a905 ]
Address the following error:
drivers/gpu/drm/amd/amdgpu/../display/dc/core/dc_stream.c: In function ‘dc_stream_remove_writeback’:
drivers/gpu/drm/amd/amdgpu/../display/dc/core/dc_stream.c:527:55: error: array subscript [0, 0] is outside array bounds of ‘struct dc_writeback_info[1]’ [-Werror=array-bounds]
527 | stream->writeback_info[j] = stream->writeback_info[i];
| ~~~~~~~~~~~~~~~~~~~~~~^~~
In file included from ./drivers/gpu/drm/amd/amdgpu/../display/dc/dc.h:1269,
from ./drivers/gpu/drm/amd/amdgpu/../display/dc/inc/core_types.h:29,
from ./drivers/gpu/drm/amd/amdgpu/../display/dc/basics/dc_common.h:29,
from drivers/gpu/drm/amd/amdgpu/../display/dc/core/dc_stream.c:27:
./drivers/gpu/drm/amd/amdgpu/../display/dc/dc_stream.h:241:34: note: while referencing ‘writeback_info’
241 | struct dc_writeback_info writeback_info[MAX_DWB_PIPES];
|
Currently, we aren't checking to see if j remains within
writeback_info[]'s bounds. So, add a check to make sure that we aren't
overflowing the buffer.
Reviewed-by: Aurabindo Pillai <aurabindo.pillai@amd.com>
Signed-off-by: Hamza Mahfooz <hamza.mahfooz@amd.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/amd/display/dc/core/dc_stream.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/gpu/drm/amd/display/dc/core/dc_stream.c b/drivers/gpu/drm/amd/display/dc/core/dc_stream.c
index de8b214132a2..5e460b16d650 100644
--- a/drivers/gpu/drm/amd/display/dc/core/dc_stream.c
+++ b/drivers/gpu/drm/amd/display/dc/core/dc_stream.c
@@ -516,7 +516,7 @@ bool dc_stream_remove_writeback(struct dc *dc,
}
/* remove writeback info for disabled writeback pipes from stream */
- for (i = 0, j = 0; i < stream->num_wb_info; i++) {
+ for (i = 0, j = 0; i < stream->num_wb_info && j < MAX_DWB_PIPES; i++) {
if (stream->writeback_info[i].wb_enabled) {
if (i != j)
/* trim the array */
--
2.35.1
next prev parent reply other threads:[~2022-10-10 0:21 UTC|newest]
Thread overview: 37+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-10-09 23:51 [PATCH AUTOSEL 5.19 01/36] drm/nouveau/nouveau_bo: fix potential memory leak in nouveau_bo_alloc() Sasha Levin
2022-10-09 23:51 ` [PATCH AUTOSEL 5.19 02/36] drm: Use size_t type for len variable in drm_copy_field() Sasha Levin
2022-10-09 23:51 ` [PATCH AUTOSEL 5.19 03/36] drm: Prevent drm_copy_field() to attempt copying a NULL pointer Sasha Levin
2022-10-09 23:51 ` [PATCH AUTOSEL 5.19 04/36] drm/komeda: Fix handling of atomic commits in the atomic_commit_tail hook Sasha Levin
2022-10-09 23:51 ` [PATCH AUTOSEL 5.19 05/36] gpu: lontium-lt9611: Fix NULL pointer dereference in lt9611_connector_init() Sasha Levin
2022-10-09 23:51 ` [PATCH AUTOSEL 5.19 06/36] drm/amd/display: fix overflow on MIN_I64 definition Sasha Levin
2022-10-09 23:51 ` [PATCH AUTOSEL 5.19 07/36] ALSA: usb-audio: Add quirk to enable Avid Mbox 3 support Sasha Levin
2022-10-09 23:51 ` [PATCH AUTOSEL 5.19 08/36] udmabuf: Set ubuf->sg = NULL if the creation of sg table fails Sasha Levin
2022-10-09 23:51 ` [PATCH AUTOSEL 5.19 09/36] platform/x86: pmc_atom: Improve quirk message to be less cryptic Sasha Levin
2022-10-09 23:51 ` [PATCH AUTOSEL 5.19 10/36] drm: bridge: dw_hdmi: only trigger hotplug event on link change Sasha Levin
2022-10-09 23:51 ` [PATCH AUTOSEL 5.19 11/36] drm/amdgpu: Skip the program of MMMC_VM_AGP_* in SRIOV on MMHUB v3_0_0 Sasha Levin
2022-10-09 23:51 ` [PATCH AUTOSEL 5.19 12/36] drm/admgpu: Skip CG/PG on SOC21 under SRIOV VF Sasha Levin
2022-10-09 23:51 ` [PATCH AUTOSEL 5.19 13/36] drm: hide unregistered connectors from GETCONNECTOR IOCTL Sasha Levin
2022-10-09 23:52 ` [PATCH AUTOSEL 5.19 14/36] ALSA: usb-audio: Register card at the last interface Sasha Levin
2022-10-09 23:52 ` [PATCH AUTOSEL 5.19 15/36] drm/vc4: vec: Fix timings for VEC modes Sasha Levin
2022-10-09 23:52 ` [PATCH AUTOSEL 5.19 16/36] ACPI: video: Change disable_backlight_sysfs_if quirks to acpi_backlight=native Sasha Levin
2022-10-10 7:35 ` Hans de Goede
2022-10-09 23:52 ` [PATCH AUTOSEL 5.19 17/36] drm: panel-orientation-quirks: Add quirk for Anbernic Win600 Sasha Levin
2022-10-09 23:52 ` [PATCH AUTOSEL 5.19 18/36] drm: panel-orientation-quirks: Add quirk for Aya Neo Air Sasha Levin
2022-10-09 23:52 ` [PATCH AUTOSEL 5.19 19/36] platform/chrome: cros_ec: Notify the PM of wake events during resume Sasha Levin
2022-10-09 23:52 ` [PATCH AUTOSEL 5.19 20/36] platform/x86: hp-wmi: Setting thermal profile fails with 0x06 Sasha Levin
2022-10-09 23:52 ` [PATCH AUTOSEL 5.19 21/36] platform/x86: msi-laptop: Change DMI match / alias strings to fix module autoloading Sasha Levin
2022-10-09 23:52 ` [PATCH AUTOSEL 5.19 22/36] ALSA: intel-dspconfig: add ES8336 support for AlderLake-PS Sasha Levin
2022-10-09 23:52 ` [PATCH AUTOSEL 5.19 23/36] ASoC: SOF: pci: Change DMI match info to support all Chrome platforms Sasha Levin
2022-10-09 23:52 ` [PATCH AUTOSEL 5.19 24/36] ASoC: SOF: add quirk to override topology mclk_id Sasha Levin
2022-10-09 23:52 ` [PATCH AUTOSEL 5.19 25/36] drm/amdgpu: SDMA update use unlocked iterator Sasha Levin
2022-10-09 23:52 ` [PATCH AUTOSEL 5.19 26/36] drm/amd/display: correct hostvm flag Sasha Levin
2022-10-09 23:52 ` [PATCH AUTOSEL 5.19 27/36] drm/amdgpu: fix initial connector audio value Sasha Levin
2022-10-09 23:52 ` [PATCH AUTOSEL 5.19 28/36] drm/meson: reorder driver deinit sequence to fix use-after-free bug Sasha Levin
2022-10-09 23:52 ` [PATCH AUTOSEL 5.19 29/36] drm/meson: explicitly remove aggregate driver at module unload time Sasha Levin
2022-10-09 23:52 ` [PATCH AUTOSEL 5.19 30/36] drm/meson: remove drm bridges at aggregate driver unbind time Sasha Levin
2022-10-09 23:52 ` [PATCH AUTOSEL 5.19 31/36] drm/exynos: Fix return type for mixer_mode_valid and hdmi_mode_valid Sasha Levin
2022-10-09 23:52 ` [PATCH AUTOSEL 5.19 32/36] drm/dp: Don't rewrite link config when setting phy test pattern Sasha Levin
2022-10-09 23:52 ` [PATCH AUTOSEL 5.19 33/36] drm/amd/display: Remove interface for periodic interrupt 1 Sasha Levin
2022-10-09 23:52 ` [PATCH AUTOSEL 5.19 34/36] drm/amd/display: polling vid stream status in hpo dp blank Sasha Levin
2022-10-09 23:52 ` Sasha Levin [this message]
2022-10-09 23:52 ` [PATCH AUTOSEL 5.19 36/36] drm/amdkfd: Fix UBSAN shift-out-of-bounds warning Sasha Levin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20221009235222.1230786-35-sashal@kernel.org \
--to=sashal@kernel.org \
--cc=Alvin.Lee2@amd.com \
--cc=Jimmy.Kizito@amd.com \
--cc=Pavle.Kotarac@amd.com \
--cc=Rodrigo.Siqueira@amd.com \
--cc=Xinhui.Pan@amd.com \
--cc=airlied@gmail.com \
--cc=alex.hung@amd.com \
--cc=alexander.deucher@amd.com \
--cc=amd-gfx@lists.freedesktop.org \
--cc=aurabindo.pillai@amd.com \
--cc=christian.koenig@amd.com \
--cc=daniel@ffwll.ch \
--cc=dri-devel@lists.freedesktop.org \
--cc=hamza.mahfooz@amd.com \
--cc=hanghong.ma@amd.com \
--cc=harry.wentland@amd.com \
--cc=hersenwu@amd.com \
--cc=linux-kernel@vger.kernel.org \
--cc=paul.hsieh@amd.com \
--cc=stable@vger.kernel.org \
--cc=sunpeng.li@amd.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox