From nobody Wed Dec 17 12:47:19 2025 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 3FFABEE49A8 for ; Mon, 21 Aug 2023 07:40:03 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233762AbjHUHkD (ORCPT ); Mon, 21 Aug 2023 03:40:03 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:33184 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233758AbjHUHkA (ORCPT ); Mon, 21 Aug 2023 03:40:00 -0400 Received: from mail.nfschina.com (unknown [42.101.60.195]) by lindbergh.monkeyblade.net (Postfix) with SMTP id CF735D7; Mon, 21 Aug 2023 00:39:40 -0700 (PDT) Received: from localhost.localdomain (unknown [180.167.10.98]) by mail.nfschina.com (Maildata Gateway V2.8.8) with ESMTPA id AED8C6062130A; Mon, 21 Aug 2023 15:39:37 +0800 (CST) X-MD-Sfrom: suhui@nfschina.com X-MD-SrcIP: 180.167.10.98 From: Su Hui To: alexander.deucher@amd.com, christian.koenig@amd.com, Xinhui.Pan@amd.com, airlied@gmail.com, daniel@ffwll.ch Cc: Hawking.Zhang@amd.com, le.ma@amd.com, lijo.lazar@amd.com, yifan1.zhang@amd.com, candice.li@amd.com, guchun.chen@amd.com, Yuliang.Shi@amd.com, amd-gfx@lists.freedesktop.org, dri-devel@lists.freedesktop.org, linux-kernel@vger.kernel.org, kernel-janitors@vger.kernel.org, christophe.jaillet@wanadoo.fr, Su Hui Subject: [PATCH v2] drm/amdgpu: Avoid possible buffer overflow Date: Mon, 21 Aug 2023 15:37:28 +0800 Message-Id: <20230821073727.225341-1-suhui@nfschina.com> X-Mailer: git-send-email 2.30.2 MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Type: text/plain; charset="utf-8" smatch error: drivers/gpu/drm/amd/amdgpu/amdgpu_discovery.c:1257 amdgpu_discovery_reg_bas= e_init() error: testing array offset 'adev->vcn.num_vcn_inst' after use. change the assignment order to avoid buffer overflow. Fixes: c40bdfb2ffa4 ("drm/amdgpu: fix incorrect VCN revision in SRIOV") Signed-off-by: Su Hui --- changes in v2: - fix the error about ip->revision (thanks to Christophe JAILLET). drivers/gpu/drm/amd/amdgpu/amdgpu_discovery.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_discovery.c b/drivers/gpu/dr= m/amd/amdgpu/amdgpu_discovery.c index 8e1cfc87122d..b07bfd106a9b 100644 --- a/drivers/gpu/drm/amd/amdgpu/amdgpu_discovery.c +++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_discovery.c @@ -1250,11 +1250,10 @@ static int amdgpu_discovery_reg_base_init(struct am= dgpu_device *adev) * 0b10 : encode is disabled * 0b01 : decode is disabled */ - adev->vcn.vcn_config[adev->vcn.num_vcn_inst] =3D - ip->revision & 0xc0; - ip->revision &=3D ~0xc0; if (adev->vcn.num_vcn_inst < AMDGPU_MAX_VCN_INSTANCES) { + adev->vcn.vcn_config[adev->vcn.num_vcn_inst] =3D + ip->revision & 0xc0; adev->vcn.num_vcn_inst++; adev->vcn.inst_mask |=3D (1U << ip->instance_number); @@ -1265,6 +1264,7 @@ static int amdgpu_discovery_reg_base_init(struct amdg= pu_device *adev) adev->vcn.num_vcn_inst + 1, AMDGPU_MAX_VCN_INSTANCES); } + ip->revision &=3D ~0xc0; } if (le16_to_cpu(ip->hw_id) =3D=3D SDMA0_HWID || le16_to_cpu(ip->hw_id) =3D=3D SDMA1_HWID || --=20 2.30.2