Re: [PATCH 11/11] [RFC] drm/i915/dp: fix array overflow warning

[PATCH 00/11] treewide: address gcc-11 -Wstringop-overread warnings · Arnd Bergmann <arnd@kernel.org> · 2021-03-22
[PATCH 01/11] x86: compressed: avoid gcc-11 -Wstringop-overread warning · Arnd Bergmann <arnd@kernel.org> · 2021-03-22
[PATCH 06/11] cgroup: fix -Wzero-length-bounds warnings · Arnd Bergmann <arnd@kernel.org> · 2021-03-22
Re: [PATCH 06/11] cgroup: fix -Wzero-length-bounds warnings · Michal Koutný <mkoutny@suse.com> · 2021-03-30
Re: [PATCH 06/11] cgroup: fix -Wzero-length-bounds warnings · Arnd Bergmann <arnd@kernel.org> · 2021-03-30
Re: [PATCH 06/11] cgroup: fix -Wzero-length-bounds warnings · Michal Koutný <mkoutny@suse.com> · 2021-03-30
[PATCH 07/11] ARM: sharpsl_param: work around -Wstringop-overread warning · Arnd Bergmann <arnd@kernel.org> · 2021-03-22
[PATCH 05/11] qnx: avoid -Wstringop-overread warning · Arnd Bergmann <arnd@kernel.org> · 2021-03-22
[PATCH 04/11] ath11: Wstringop-overread warning · Arnd Bergmann <arnd@kernel.org> · 2021-03-22
Re: [PATCH 04/11] ath11: Wstringop-overread warning · Kalle Valo <hidden> · 2021-09-28
[PATCH 08/11] atmel: avoid gcc -Wstringop-overflow warning · Arnd Bergmann <arnd@kernel.org> · 2021-03-22
[PATCH 03/11] security: commoncap: fix -Wstringop-overread warning · Arnd Bergmann <arnd@kernel.org> · 2021-03-22
Re: [PATCH 03/11] security: commoncap: fix -Wstringop-overread warning · Christian Brauner <hidden> · 2021-03-22
Re: [PATCH 03/11] security: commoncap: fix -Wstringop-overread warning · James Morris <jmorris@namei.org> · 2021-03-24
[PATCH 10/11] drm/i915: avoid stringop-overread warning on pri_latency · Arnd Bergmann <arnd@kernel.org> · 2021-03-22
Re: [PATCH 10/11] drm/i915: avoid stringop-overread warning on pri_latency · Jani Nikula <jani.nikula@linux.intel.com> · 2021-03-24
Re: [PATCH 10/11] drm/i915: avoid stringop-overread warning on pri_latency · Ville Syrjälä <hidden> · 2021-03-24
[PATCH 09/11] scsi: lpfc: fix gcc -Wstringop-overread warning · Arnd Bergmann <arnd@kernel.org> · 2021-03-22
[PATCH 11/11] [RFC] drm/i915/dp: fix array overflow warning · Arnd Bergmann <arnd@kernel.org> · 2021-03-22
Re: [PATCH 11/11] [RFC] drm/i915/dp: fix array overflow warning · Jani Nikula <jani.nikula@linux.intel.com> · 2021-03-25
Re: [PATCH 11/11] [RFC] drm/i915/dp: fix array overflow warning · Arnd Bergmann <arnd@kernel.org> · 2021-03-25
Re: [PATCH 11/11] [RFC] drm/i915/dp: fix array overflow warning · Martin Sebor <hidden> · 2021-03-25
Re: [PATCH 11/11] [RFC] drm/i915/dp: fix array overflow warning · Hans de Goede <hidden> · 2021-03-30
[PATCH 02/11] x86: tboot: avoid Wstringop-overread-warning · Arnd Bergmann <arnd@kernel.org> · 2021-03-22
Re: [PATCH 02/11] x86: tboot: avoid Wstringop-overread-warning · Ingo Molnar <mingo@kernel.org> · 2021-03-22
Re: [PATCH 02/11] x86: tboot: avoid Wstringop-overread-warning · Arnd Bergmann <arnd@kernel.org> · 2021-03-22
Re: [PATCH 02/11] x86: tboot: avoid Wstringop-overread-warning · Martin Sebor <hidden> · 2021-03-22
Re: [PATCH 02/11] x86: tboot: avoid Wstringop-overread-warning · Arnd Bergmann <arnd@kernel.org> · 2021-03-22
Re: [PATCH 02/11] x86: tboot: avoid Wstringop-overread-warning · Ingo Molnar <mingo@kernel.org> · 2021-03-22
RE: [PATCH 02/11] x86: tboot: avoid Wstringop-overread-warning · David Laight <hidden> · 2021-03-24
RE: [PATCH 02/11] x86: tboot: avoid Wstringop-overread-warning · David Laight <hidden> · 2021-03-24
Re: [PATCH 00/11] treewide: address gcc-11 -Wstringop-overread warnings · "Martin K. Petersen" <martin.petersen@oracle.com> · 2021-04-06

From: Hans de Goede <hidden>
Date: 2021-03-30 10:57:35
Also in: ath11k, cgroups, dri-devel, intel-gfx, linux-arm-kernel, linux-scsi, linux-security-module, lkml, netdev
Subsystem: drm drivers, intel drm display for xe and i915 drivers, intel drm i915 driver (meteor lake, dg2 and older excluding poulsbo, moorestown and derivative), the rest · Maintainers: David Airlie, Simona Vetter, Jani Nikula, Rodrigo Vivi, Joonas Lahtinen, Tvrtko Ursulin, Linus Torvalds

Hi,

On 3/22/21 5:02 PM, Arnd Bergmann wrote:

From: Arnd Bergmann <arnd@arndb.de>

gcc-11 warns that intel_dp_check_mst_status() has a local array of
fourteen bytes and passes the last four bytes into a function that
expects a six-byte array:

drivers/gpu/drm/i915/display/intel_dp.c: In function ‘intel_dp_check_mst_status’:
drivers/gpu/drm/i915/display/intel_dp.c:4556:22: error: ‘drm_dp_channel_eq_ok’ reading 6 bytes from a region of size 4 [-Werror=stringop-overread]
 4556 |                     !drm_dp_channel_eq_ok(&esi[10], intel_dp->lane_count)) {
      |                      ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
drivers/gpu/drm/i915/display/intel_dp.c:4556:22: note: referencing argument 1 of type ‘const u8 *’ {aka ‘const unsigned char *’}
In file included from drivers/gpu/drm/i915/display/intel_dp.c:38:
include/drm/drm_dp_helper.h:1459:6: note: in a call to function ‘drm_dp_channel_eq_ok’
 1459 | bool drm_dp_channel_eq_ok(const u8 link_status[DP_LINK_STATUS_SIZE],
      |      ^~~~~~~~~~~~~~~~~~~~

Clearly something is wrong here, but I can't quite figure out what.
Changing the array size to 16 bytes avoids the warning, but is
probably the wrong solution here.

The drm displayport-helpers indeed expect a 6 bytes buffer, but they
usually only consume 4 bytes.

I don't think that changing the DP_DPRX_ESI_LEN is a good fix here,
since it is used in multiple places, but the esi array already gets
zero-ed out by its initializer, so we can just pass 2 extra 0 bytes
to give drm_dp_channel_eq_ok() call the 6 byte buffer its prototype
specifies by doing this:

diff --git a/drivers/gpu/drm/i915/display/intel_dp.c b/drivers/gpu/drm/i915/display/intel_dp.c
index 897711d9d7d3..147962d4ad06 100644
--- a/drivers/gpu/drm/i915/display/intel_dp.c
+++ b/drivers/gpu/drm/i915/display/intel_dp.c

@@ -4538,7 +4538,11 @@ intel_dp_check_mst_status(struct intel_dp *intel_dp)
 	drm_WARN_ON_ONCE(&i915->drm, intel_dp->active_mst_links < 0);
 
 	for (;;) {
-		u8 esi[DP_DPRX_ESI_LEN] = {};
+		/*
+		 * drm_dp_channel_eq_ok() expects a 6 byte large buffer, but
+		 * the ESI info only contains 4 bytes, pass 2 extra 0 bytes.
+		 */
+		u8 esi[DP_DPRX_ESI_LEN + 2] = {};
 		bool handled;
 		int retry;

So i915 devs, would such a fix be acceptable ?

Regards,

Hans

quoted hunk ↗ jump to hunk

Signed-off-by: Arnd Bergmann <arnd@arndb.de>
---
 drivers/gpu/drm/i915/display/intel_dp.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/gpu/drm/i915/display/intel_dp.c b/drivers/gpu/drm/i915/display/intel_dp.c
index 8c12d5375607..830e2515f119 100644
--- a/drivers/gpu/drm/i915/display/intel_dp.c
+++ b/drivers/gpu/drm/i915/display/intel_dp.c

@@ -65,7 +65,7 @@
 #include "intel_vdsc.h"
 #include "intel_vrr.h"
 
-#define DP_DPRX_ESI_LEN 14
+#define DP_DPRX_ESI_LEN 16
 
 /* DP DSC throughput values used for slice count calculations KPixels/s */
 #define DP_DSC_PEAK_PIXEL_RATE			2720000

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help