mirror of
https://github.com/torvalds/linux.git
synced 2026-04-19 15:24:02 -04:00
4076ea2419
Both Coverity and GCC with -Wstringop-overflow noticed that
nvif_outp_acquire_dp() accidentally defined its second argument with 1
additional element:
drivers/gpu/drm/nouveau/dispnv50/disp.c: In function 'nv50_pior_atomic_enable':
drivers/gpu/drm/nouveau/dispnv50/disp.c:1813:17: error: 'nvif_outp_acquire_dp' accessing 16 bytes in a region of size 15 [-Werror=stringop-overflow=]
1813 | nvif_outp_acquire_dp(&nv_encoder->outp, nv_encoder->dp.dpcd, 0, 0, false, false);
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
drivers/gpu/drm/nouveau/dispnv50/disp.c:1813:17: note: referencing argument 2 of type 'u8[16]' {aka 'unsigned char[16]'}
drivers/gpu/drm/nouveau/include/nvif/outp.h:24:5: note: in a call to function 'nvif_outp_acquire_dp'
24 | int nvif_outp_acquire_dp(struct nvif_outp *, u8 dpcd[16],
| ^~~~~~~~~~~~~~~~~~~~
Avoid these warnings by defining the argument size using the matching
define (DP_RECEIVER_CAP_SIZE, 15) instead of having it be a literal
(and incorrect) value (16).
Reported-by: coverity-bot <keescook+coverity-bot@chromium.org>
Addresses-Coverity-ID: 1527269 ("Memory - corruptions")
Addresses-Coverity-ID: 1527268 ("Memory - corruptions")
Link: https://lore.kernel.org/lkml/202211100848.FFBA2432@keescook/
Link: https://lore.kernel.org/lkml/202211100848.F4C2819BB@keescook/
Fixes: 8134437213 ("drm/nouveau/disp: move DP link config into acquire")
Reviewed-by: Lyude Paul <lyude@redhat.com>
Cc: Ben Skeggs <bskeggs@redhat.com>
Cc: Karol Herbst <kherbst@redhat.com>
Cc: David Airlie <airlied@gmail.com>
Cc: Daniel Vetter <daniel@ffwll.ch>
Cc: Dave Airlie <airlied@redhat.com>
Cc: "Gustavo A. R. Silva" <gustavo@embeddedor.com>
Cc: dri-devel@lists.freedesktop.org
Cc: nouveau@lists.freedesktop.org
Signed-off-by: Kees Cook <keescook@chromium.org>
Link: https://lore.kernel.org/r/20221127183036.never.139-kees@kernel.org
35 lines
1.3 KiB
C
35 lines
1.3 KiB
C
/* SPDX-License-Identifier: MIT */
|
|
#ifndef __NVIF_OUTP_H__
|
|
#define __NVIF_OUTP_H__
|
|
#include <nvif/object.h>
|
|
#include <nvif/if0012.h>
|
|
#include <drm/display/drm_dp.h>
|
|
struct nvif_disp;
|
|
|
|
struct nvif_outp {
|
|
struct nvif_object object;
|
|
|
|
struct {
|
|
int id;
|
|
int link;
|
|
} or;
|
|
};
|
|
|
|
int nvif_outp_ctor(struct nvif_disp *, const char *name, int id, struct nvif_outp *);
|
|
void nvif_outp_dtor(struct nvif_outp *);
|
|
int nvif_outp_load_detect(struct nvif_outp *, u32 loadval);
|
|
int nvif_outp_acquire_rgb_crt(struct nvif_outp *);
|
|
int nvif_outp_acquire_tmds(struct nvif_outp *, int head,
|
|
bool hdmi, u8 max_ac_packet, u8 rekey, u8 scdc, bool hda);
|
|
int nvif_outp_acquire_lvds(struct nvif_outp *, bool dual, bool bpc8);
|
|
int nvif_outp_acquire_dp(struct nvif_outp *outp, u8 dpcd[DP_RECEIVER_CAP_SIZE],
|
|
int link_nr, int link_bw, bool hda, bool mst);
|
|
void nvif_outp_release(struct nvif_outp *);
|
|
int nvif_outp_infoframe(struct nvif_outp *, u8 type, struct nvif_outp_infoframe_v0 *, u32 size);
|
|
int nvif_outp_hda_eld(struct nvif_outp *, int head, void *data, u32 size);
|
|
int nvif_outp_dp_aux_pwr(struct nvif_outp *, bool enable);
|
|
int nvif_outp_dp_retrain(struct nvif_outp *);
|
|
int nvif_outp_dp_mst_vcpi(struct nvif_outp *, int head,
|
|
u8 start_slot, u8 num_slots, u16 pbn, u16 aligned_pbn);
|
|
#endif
|