From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: stable@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
patches@lists.linux.dev, Harry Wentland <harry.wentland@amd.com>,
Tom Chung <chiahsuan.chung@amd.com>,
Alex Hung <alex.hung@amd.com>,
Daniel Wheeler <daniel.wheeler@amd.com>,
Alex Deucher <alexander.deucher@amd.com>,
Sasha Levin <sashal@kernel.org>
Subject: [PATCH 6.1 044/101] drm/amd/display: Check msg_id before processing transcation
Date: Thu, 5 Sep 2024 11:41:16 +0200 [thread overview]
Message-ID: <20240905093717.863014492@linuxfoundation.org> (raw)
In-Reply-To: <20240905093716.075835938@linuxfoundation.org>
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Alex Hung <alex.hung@amd.com>
[ Upstream commit fa71face755e27dc44bc296416ebdf2c67163316 ]
[WHY & HOW]
HDCP_MESSAGE_ID_INVALID (-1) is not a valid msg_id nor is it a valid
array index, and it needs checking before used.
This fixes 4 OVERRUN issues reported by Coverity.
Reviewed-by: Harry Wentland <harry.wentland@amd.com>
Acked-by: Tom Chung <chiahsuan.chung@amd.com>
Signed-off-by: Alex Hung <alex.hung@amd.com>
Tested-by: Daniel Wheeler <daniel.wheeler@amd.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/amd/display/dc/hdcp/hdcp_msg.c | 17 +++++++++++++++--
1 file changed, 15 insertions(+), 2 deletions(-)
diff --git a/drivers/gpu/drm/amd/display/dc/hdcp/hdcp_msg.c b/drivers/gpu/drm/amd/display/dc/hdcp/hdcp_msg.c
index 4233955e3c47..c9851492ec84 100644
--- a/drivers/gpu/drm/amd/display/dc/hdcp/hdcp_msg.c
+++ b/drivers/gpu/drm/amd/display/dc/hdcp/hdcp_msg.c
@@ -131,13 +131,21 @@ static bool hdmi_14_process_transaction(
const uint8_t hdcp_i2c_addr_link_primary = 0x3a; /* 0x74 >> 1*/
const uint8_t hdcp_i2c_addr_link_secondary = 0x3b; /* 0x76 >> 1*/
struct i2c_command i2c_command;
- uint8_t offset = hdcp_i2c_offsets[message_info->msg_id];
+ uint8_t offset;
struct i2c_payload i2c_payloads[] = {
- { true, 0, 1, &offset },
+ { true, 0, 1, 0 },
/* actual hdcp payload, will be filled later, zeroed for now*/
{ 0 }
};
+ if (message_info->msg_id == HDCP_MESSAGE_ID_INVALID) {
+ DC_LOG_ERROR("%s: Invalid message_info msg_id - %d\n", __func__, message_info->msg_id);
+ return false;
+ }
+
+ offset = hdcp_i2c_offsets[message_info->msg_id];
+ i2c_payloads[0].data = &offset;
+
switch (message_info->link) {
case HDCP_LINK_SECONDARY:
i2c_payloads[0].address = hdcp_i2c_addr_link_secondary;
@@ -311,6 +319,11 @@ static bool dp_11_process_transaction(
struct dc_link *link,
struct hdcp_protection_message *message_info)
{
+ if (message_info->msg_id == HDCP_MESSAGE_ID_INVALID) {
+ DC_LOG_ERROR("%s: Invalid message_info msg_id - %d\n", __func__, message_info->msg_id);
+ return false;
+ }
+
return dpcd_access_helper(
link,
message_info->length,
--
2.43.0
next prev parent reply other threads:[~2024-09-05 10:01 UTC|newest]
Thread overview: 110+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-09-05 9:40 [PATCH 6.1 000/101] 6.1.109-rc1 review Greg Kroah-Hartman
2024-09-05 9:40 ` [PATCH 6.1 001/101] drm: panel-orientation-quirks: Add quirk for OrangePi Neo Greg Kroah-Hartman
2024-09-05 9:40 ` [PATCH 6.1 002/101] scsi: ufs: core: Bypass quick recovery if force reset is needed Greg Kroah-Hartman
2024-09-05 9:40 ` [PATCH 6.1 003/101] ALSA: hda/generic: Add a helper to mute speakers at suspend/shutdown Greg Kroah-Hartman
2024-09-05 9:40 ` [PATCH 6.1 004/101] ALSA: hda/conexant: Mute speakers at suspend / shutdown Greg Kroah-Hartman
2024-09-05 9:40 ` [PATCH 6.1 005/101] i2c: Fix conditional for substituting empty ACPI functions Greg Kroah-Hartman
2024-09-05 9:40 ` [PATCH 6.1 006/101] dma-debug: avoid deadlock between dma debug vs printk and netconsole Greg Kroah-Hartman
2024-09-05 9:40 ` [PATCH 6.1 007/101] net: usb: qmi_wwan: add MeiG Smart SRM825L Greg Kroah-Hartman
2024-09-05 9:40 ` [PATCH 6.1 008/101] ASoC: amd: yc: Support mic on Lenovo Thinkpad E14 Gen 6 Greg Kroah-Hartman
2024-09-05 9:40 ` [PATCH 6.1 009/101] mptcp: make pm_remove_addrs_and_subflows static Greg Kroah-Hartman
2024-09-05 9:40 ` [PATCH 6.1 010/101] mptcp: pm: fix RM_ADDR ID for the initial subflow Greg Kroah-Hartman
2024-09-05 9:40 ` [PATCH 6.1 011/101] PCI/MSI: Fix UAF in msi_capability_init Greg Kroah-Hartman
2024-09-05 9:40 ` [PATCH 6.1 012/101] f2fs: fix to truncate preallocated blocks in f2fs_file_open() Greg Kroah-Hartman
2024-09-05 9:40 ` [PATCH 6.1 013/101] mptcp: pm: fullmesh: select the right ID later Greg Kroah-Hartman
2024-09-05 9:40 ` [PATCH 6.1 014/101] mptcp: pm: avoid possible UaF when selecting endp Greg Kroah-Hartman
2024-09-05 9:40 ` [PATCH 6.1 015/101] mptcp: pm: reuse ID 0 after delete and re-add Greg Kroah-Hartman
2024-09-05 9:40 ` [PATCH 6.1 016/101] mptcp: pm: fix ID 0 endp usage after multiple re-creations Greg Kroah-Hartman
2024-09-05 9:40 ` [PATCH 6.1 017/101] selftests: mptcp: join: validate fullmesh endp on 1st sf Greg Kroah-Hartman
2024-09-05 9:40 ` [PATCH 6.1 018/101] selftests: mptcp: join: check re-using ID of closed subflow Greg Kroah-Hartman
2024-09-05 9:40 ` [PATCH 6.1 019/101] selftests: mptcp: add explicit test case for remove/readd Greg Kroah-Hartman
2024-09-05 9:40 ` [PATCH 6.1 020/101] selftests: mptcp: join: test for flush/re-add endpoints Greg Kroah-Hartman
2024-09-05 9:40 ` [PATCH 6.1 021/101] selftests: mptcp: join: check re-using ID of unused ADD_ADDR Greg Kroah-Hartman
2024-09-05 9:40 ` [PATCH 6.1 022/101] selftests: mptcp: join: check re-adding init endp with != id Greg Kroah-Hartman
2024-09-05 9:40 ` [PATCH 6.1 023/101] mptcp: pr_debug: add missing \n at the end Greg Kroah-Hartman
2024-09-05 9:40 ` [PATCH 6.1 024/101] mptcp: avoid duplicated SUB_CLOSED events Greg Kroah-Hartman
2024-09-05 9:40 ` [PATCH 6.1 025/101] selftests: mptcp: join: check removing ID 0 endpoint Greg Kroah-Hartman
2024-09-05 9:40 ` [PATCH 6.1 026/101] selftests: mptcp: join: no extra msg if no counter Greg Kroah-Hartman
2024-09-05 9:40 ` [PATCH 6.1 027/101] selftests: mptcp: join: check re-re-adding ID 0 endp Greg Kroah-Hartman
2024-09-05 9:41 ` [PATCH 6.1 028/101] selftests: mptcp: join: cannot rm sf if closed Greg Kroah-Hartman
2024-09-05 9:41 ` [PATCH 6.1 029/101] drm/amdgpu: Fix uninitialized variable warning in amdgpu_afmt_acr Greg Kroah-Hartman
2024-09-05 9:41 ` [PATCH 6.1 030/101] drm/amd/display: Assign linear_pitch_alignment even for VM Greg Kroah-Hartman
2024-09-05 9:41 ` [PATCH 6.1 031/101] drm/amdgpu: fix overflowed array index read warning Greg Kroah-Hartman
2024-09-05 9:41 ` [PATCH 6.1 032/101] drm/amdgpu/pm: Check the return value of smum_send_msg_to_smc Greg Kroah-Hartman
2024-09-05 9:41 ` [PATCH 6.1 033/101] drm/amd/pm: fix uninitialized variable warning Greg Kroah-Hartman
2024-09-05 9:41 ` [PATCH 6.1 034/101] drm/amd/pm: fix uninitialized variable warning for smu8_hwmgr Greg Kroah-Hartman
2024-09-05 9:41 ` [PATCH 6.1 035/101] drm/amd/pm: fix warning using uninitialized value of max_vid_step Greg Kroah-Hartman
2024-09-05 9:41 ` [PATCH 6.1 036/101] drm/amd/pm: Fix negative array index read Greg Kroah-Hartman
2024-09-05 9:41 ` [PATCH 6.1 037/101] drm/amd/pm: fix the Out-of-bounds read warning Greg Kroah-Hartman
2024-09-05 9:41 ` [PATCH 6.1 038/101] drm/amd/pm: fix uninitialized variable warnings for vega10_hwmgr Greg Kroah-Hartman
2024-09-05 9:41 ` [PATCH 6.1 039/101] drm/amdgpu: avoid reading vf2pf info size from FB Greg Kroah-Hartman
2024-09-05 9:41 ` [PATCH 6.1 040/101] drm/amd/display: Check gpio_id before used as array index Greg Kroah-Hartman
2024-09-05 9:41 ` [PATCH 6.1 041/101] drm/amd/display: Stop amdgpu_dm initialize when stream nums greater than 6 Greg Kroah-Hartman
2024-09-05 9:41 ` [PATCH 6.1 042/101] drm/amd/display: Add array index check for hdcp ddc access Greg Kroah-Hartman
2024-09-05 9:41 ` [PATCH 6.1 043/101] drm/amd/display: Check num_valid_sets before accessing reader_wm_sets[] Greg Kroah-Hartman
2024-09-05 9:41 ` Greg Kroah-Hartman [this message]
2024-09-05 9:41 ` [PATCH 6.1 045/101] drm/amd/display: Fix Coverity INTEGER_OVERFLOW within dal_gpio_service_create Greg Kroah-Hartman
2024-09-05 9:41 ` [PATCH 6.1 046/101] drm/amd/display: Spinlock before reading event Greg Kroah-Hartman
2024-09-05 9:41 ` [PATCH 6.1 047/101] drm/amd/display: Ensure index calculation will not overflow Greg Kroah-Hartman
2024-09-05 9:41 ` [PATCH 6.1 048/101] drm/amd/display: Skip inactive planes within ModeSupportAndSystemConfiguration Greg Kroah-Hartman
2024-09-05 9:41 ` [PATCH 6.1 049/101] drm/amd/amdgpu: Check tbo resource pointer Greg Kroah-Hartman
2024-09-05 9:41 ` [PATCH 6.1 050/101] drm/amd/pm: fix uninitialized variable warnings for vangogh_ppt Greg Kroah-Hartman
2024-09-05 9:41 ` [PATCH 6.1 051/101] drm/amdgpu/pm: Fix uninitialized variable warning for smu10 Greg Kroah-Hartman
2024-09-05 9:41 ` [PATCH 6.1 052/101] drm/amdgpu/pm: Fix uninitialized variable agc_btc_response Greg Kroah-Hartman
2024-09-05 9:41 ` [PATCH 6.1 053/101] drm/amdgpu: Fix out-of-bounds write warning Greg Kroah-Hartman
2024-09-05 9:41 ` [PATCH 6.1 054/101] drm/amdgpu: Fix out-of-bounds read of df_v1_7_channel_number Greg Kroah-Hartman
2024-09-05 9:41 ` [PATCH 6.1 055/101] drm/amdgpu: fix ucode out-of-bounds read warning Greg Kroah-Hartman
2024-09-05 9:41 ` [PATCH 6.1 056/101] drm/amdgpu: fix mc_data " Greg Kroah-Hartman
2024-09-05 9:41 ` [PATCH 6.1 057/101] drm/amdkfd: Reconcile the definition and use of oem_id in struct kfd_topology_device Greg Kroah-Hartman
2024-09-05 9:41 ` [PATCH 6.1 058/101] apparmor: fix possible NULL pointer dereference Greg Kroah-Hartman
2024-09-05 9:41 ` [PATCH 6.1 059/101] wifi: ath11k: initialize ret in ath11k_qmi_load_file_target_mem() Greg Kroah-Hartman
2024-09-05 9:41 ` [PATCH 6.1 060/101] drm/amdgpu/pm: Check input value for CUSTOM profile mode setting on legacy SOCs Greg Kroah-Hartman
2024-09-05 9:41 ` [PATCH 6.1 061/101] drm/amdgpu: fix dereference after null check Greg Kroah-Hartman
2024-09-05 9:41 ` [PATCH 6.1 062/101] drm/amdgpu: fix the waring dereferencing hive Greg Kroah-Hartman
2024-09-05 9:41 ` [PATCH 6.1 063/101] drm/amd/pm: check specific index for aldebaran Greg Kroah-Hartman
2024-09-05 9:41 ` [PATCH 6.1 064/101] drm/amdgpu: the warning dereferencing obj for nbio_v7_4 Greg Kroah-Hartman
2024-09-05 9:41 ` [PATCH 6.1 065/101] drm/amd/pm: check negtive return for table entries Greg Kroah-Hartman
2024-09-05 9:41 ` [PATCH 6.1 066/101] wifi: rtw89: ser: avoid multiple deinit on same CAM Greg Kroah-Hartman
2024-09-05 9:41 ` [PATCH 6.1 067/101] drm/amdgpu: update type of buf size to u32 for eeprom functions Greg Kroah-Hartman
2024-09-05 9:41 ` [PATCH 6.1 068/101] wifi: iwlwifi: remove fw_running op Greg Kroah-Hartman
2024-09-05 9:41 ` [PATCH 6.1 069/101] cpufreq: scmi: Avoid overflow of target_freq in fast switch Greg Kroah-Hartman
2024-09-05 9:41 ` [PATCH 6.1 070/101] PCI: al: Check IORESOURCE_BUS existence during probe Greg Kroah-Hartman
2024-09-05 9:41 ` [PATCH 6.1 071/101] hwspinlock: Introduce hwspin_lock_bust() Greg Kroah-Hartman
2024-09-05 9:41 ` [PATCH 6.1 072/101] RDMA/efa: Properly handle unexpected AQ completions Greg Kroah-Hartman
2024-09-05 9:41 ` [PATCH 6.1 073/101] ionic: fix potential irq name truncation Greg Kroah-Hartman
2024-09-05 9:41 ` [PATCH 6.1 074/101] pwm: xilinx: Fix u32 overflow issue in 32-bit width PWM mode Greg Kroah-Hartman
2024-09-05 9:41 ` [PATCH 6.1 075/101] rcu/nocb: Remove buggy bypass lock contention mitigation Greg Kroah-Hartman
2024-09-05 9:41 ` [PATCH 6.1 076/101] usbip: Dont submit special requests twice Greg Kroah-Hartman
2024-09-05 9:41 ` [PATCH 6.1 077/101] usb: typec: ucsi: Fix null pointer dereference in trace Greg Kroah-Hartman
2024-09-05 9:41 ` [PATCH 6.1 078/101] fsnotify: clear PARENT_WATCHED flags lazily Greg Kroah-Hartman
2024-09-05 9:41 ` [PATCH 6.1 079/101] regmap: spi: Fix potential off-by-one when calculating reserved size Greg Kroah-Hartman
2024-09-05 9:41 ` [PATCH 6.1 080/101] smack: tcp: ipv4, fix incorrect labeling Greg Kroah-Hartman
2024-09-05 9:41 ` [PATCH 6.1 081/101] net/mlx5e: SHAMPO, Fix incorrect page release Greg Kroah-Hartman
2024-09-05 9:41 ` [PATCH 6.1 082/101] drm/meson: plane: Add error handling Greg Kroah-Hartman
2024-09-05 9:41 ` [PATCH 6.1 083/101] drm/bridge: tc358767: Check if fully initialized before signalling HPD event via IRQ Greg Kroah-Hartman
2024-09-05 9:41 ` [PATCH 6.1 084/101] dmaengine: altera-msgdma: use irq variant of spin_lock/unlock while invoking callbacks Greg Kroah-Hartman
2024-09-05 9:41 ` [PATCH 6.1 085/101] dmaengine: altera-msgdma: properly free descriptor in msgdma_free_descriptor Greg Kroah-Hartman
2024-09-05 9:41 ` [PATCH 6.1 086/101] hwmon: (k10temp) Check return value of amd_smn_read() Greg Kroah-Hartman
2024-09-05 9:41 ` [PATCH 6.1 087/101] wifi: cfg80211: make hash table duplicates more survivable Greg Kroah-Hartman
2024-09-05 9:42 ` [PATCH 6.1 088/101] driver: iio: add missing checks on iio_infos callback access Greg Kroah-Hartman
2024-09-05 9:42 ` [PATCH 6.1 089/101] block: remove the blk_flush_integrity call in blk_integrity_unregister Greg Kroah-Hartman
2024-09-05 9:42 ` [PATCH 6.1 090/101] drm/amd/display: added NULL check at start of dc_validate_stream Greg Kroah-Hartman
2024-09-05 9:42 ` [PATCH 6.1 091/101] drm/amd/display: Correct the defined value for AMDGPU_DMUB_NOTIFICATION_MAX Greg Kroah-Hartman
2024-09-05 9:42 ` [PATCH 6.1 092/101] drm/amd/display: Skip wbscl_set_scaler_filter if filter is null Greg Kroah-Hartman
2024-09-05 9:42 ` [PATCH 6.1 093/101] media: uvcvideo: Enforce alignment of frame and interval Greg Kroah-Hartman
2024-09-05 9:42 ` [PATCH 6.1 094/101] virtio_net: Fix napi_skb_cache_put warning Greg Kroah-Hartman
2024-09-05 9:42 ` [PATCH 6.1 095/101] Bluetooth: SCO: Fix possible circular locking dependency on sco_connect_cfm Greg Kroah-Hartman
2024-09-05 9:42 ` [PATCH 6.1 096/101] Bluetooth: SCO: fix sco_conn related locking and validity issues Greg Kroah-Hartman
2024-09-05 9:42 ` [PATCH 6.1 097/101] ext4: fix inode tree inconsistency caused by ENOMEM Greg Kroah-Hartman
2024-09-05 9:42 ` [PATCH 6.1 098/101] udf: Limit file size to 4TB Greg Kroah-Hartman
2024-09-05 9:42 ` [PATCH 6.1 099/101] ext4: reject casefold inode flag without casefold feature Greg Kroah-Hartman
2024-09-05 9:42 ` [PATCH 6.1 100/101] ext4: handle redirtying in ext4_bio_write_page() Greg Kroah-Hartman
2024-09-05 9:42 ` [PATCH 6.1 101/101] i2c: Use IS_REACHABLE() for substituting empty ACPI functions Greg Kroah-Hartman
2024-09-05 13:51 ` [PATCH 6.1 000/101] 6.1.109-rc1 review Pavel Machek
2024-09-05 14:18 ` Mark Brown
2024-09-05 21:08 ` Florian Fainelli
2024-09-06 0:25 ` Shuah Khan
2024-09-06 6:44 ` Naresh Kamboju
2024-09-06 10:02 ` Jon Hunter
2024-09-06 11:43 ` Peter Schneider
2024-09-06 22:32 ` Ron Economos
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20240905093717.863014492@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=alex.hung@amd.com \
--cc=alexander.deucher@amd.com \
--cc=chiahsuan.chung@amd.com \
--cc=daniel.wheeler@amd.com \
--cc=harry.wentland@amd.com \
--cc=patches@lists.linux.dev \
--cc=sashal@kernel.org \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).