| Message ID | 20250119025828.1168419-1-suhui@nfschina.com (mailing list archive) |
|---|---|
| State | New |
| Headers | show |
| Series | drm/panthor: avoid garbage value in panthor_ioctl_dev_query() | expand |
On Sun, Jan 19, 2025 at 10:58:29AM +0800, Su Hui wrote: > 'priorities_info' is uninitialized, and the uninitialized value is copied > to user object when calling PANTHOR_UOBJ_SET(). Using memset to initialize > 'priorities_info' to avoid this garbage value problem. > > Fixes: f70000ef2352 ("drm/panthor: Add DEV_QUERY_GROUP_PRIORITIES_INFO dev query") > Signed-off-by: Su Hui <suhui@nfschina.com> Reviewed-by: Dan Carpenter <dan.carpenter@linaro.org> How did you find this bug? regards, dan carpenter
On 2025/1/20 15:21, Dan Carpenter wrote: > On Sun, Jan 19, 2025 at 10:58:29AM +0800, Su Hui wrote: >> 'priorities_info' is uninitialized, and the uninitialized value is copied >> to user object when calling PANTHOR_UOBJ_SET(). Using memset to initialize >> 'priorities_info' to avoid this garbage value problem. >> >> Fixes: f70000ef2352 ("drm/panthor: Add DEV_QUERY_GROUP_PRIORITIES_INFO dev query") >> Signed-off-by: Su Hui <suhui@nfschina.com> > Reviewed-by: Dan Carpenter <dan.carpenter@linaro.org> > > How did you find this bug? Clang found this bug, run command like this: scan-build --use-cc=clang make CC=clang drivers/gpu/drm/panthor/panthor_drv.o There will be some warnings, one is this: drivers/gpu/drm/panthor/panthor_drv.c:807:22: warning: The left expression of the compound assignment is an uninitialized value. The computed value will also be garbage [core.uninitialized.Assign] 807 | arg->allowed_mask |= BIT(prio); | ~~~~~~~~~~~~~~~~~ ^ regards, su hui
On Sun, 19 Jan 2025 10:58:29 +0800 Su Hui <suhui@nfschina.com> wrote: > 'priorities_info' is uninitialized, and the uninitialized value is copied > to user object when calling PANTHOR_UOBJ_SET(). Using memset to initialize > 'priorities_info' to avoid this garbage value problem. > > Fixes: f70000ef2352 ("drm/panthor: Add DEV_QUERY_GROUP_PRIORITIES_INFO dev query") > Signed-off-by: Su Hui <suhui@nfschina.com> Reviewed-by: Boris Brezillon <boris.brezillon@collabora.com> > --- > drivers/gpu/drm/panthor/panthor_drv.c | 1 + > 1 file changed, 1 insertion(+) > > diff --git a/drivers/gpu/drm/panthor/panthor_drv.c b/drivers/gpu/drm/panthor/panthor_drv.c > index 0b3fbee3d37a..44f5c72d46c3 100644 > --- a/drivers/gpu/drm/panthor/panthor_drv.c > +++ b/drivers/gpu/drm/panthor/panthor_drv.c > @@ -802,6 +802,7 @@ static void panthor_query_group_priorities_info(struct drm_file *file, > { > int prio; > > + memset(arg, 0, sizeof(*arg)); > for (prio = PANTHOR_GROUP_PRIORITY_REALTIME; prio >= 0; prio--) { > if (!group_priority_permit(file, prio)) > arg->allowed_mask |= BIT(prio);
On 19/01/2025 02:58, Su Hui wrote: > 'priorities_info' is uninitialized, and the uninitialized value is copied > to user object when calling PANTHOR_UOBJ_SET(). Using memset to initialize > 'priorities_info' to avoid this garbage value problem. > > Fixes: f70000ef2352 ("drm/panthor: Add DEV_QUERY_GROUP_PRIORITIES_INFO dev query") > Signed-off-by: Su Hui <suhui@nfschina.com> Reviewed-by: Steven Price <steven.price@arm.com> > --- > drivers/gpu/drm/panthor/panthor_drv.c | 1 + > 1 file changed, 1 insertion(+) > > diff --git a/drivers/gpu/drm/panthor/panthor_drv.c b/drivers/gpu/drm/panthor/panthor_drv.c > index 0b3fbee3d37a..44f5c72d46c3 100644 > --- a/drivers/gpu/drm/panthor/panthor_drv.c > +++ b/drivers/gpu/drm/panthor/panthor_drv.c > @@ -802,6 +802,7 @@ static void panthor_query_group_priorities_info(struct drm_file *file, > { > int prio; > > + memset(arg, 0, sizeof(*arg)); > for (prio = PANTHOR_GROUP_PRIORITY_REALTIME; prio >= 0; prio--) { > if (!group_priority_permit(file, prio)) > arg->allowed_mask |= BIT(prio);
diff --git a/drivers/gpu/drm/panthor/panthor_drv.c b/drivers/gpu/drm/panthor/panthor_drv.c index 0b3fbee3d37a..44f5c72d46c3 100644 --- a/drivers/gpu/drm/panthor/panthor_drv.c +++ b/drivers/gpu/drm/panthor/panthor_drv.c @@ -802,6 +802,7 @@ static void panthor_query_group_priorities_info(struct drm_file *file, { int prio; + memset(arg, 0, sizeof(*arg)); for (prio = PANTHOR_GROUP_PRIORITY_REALTIME; prio >= 0; prio--) { if (!group_priority_permit(file, prio)) arg->allowed_mask |= BIT(prio);
'priorities_info' is uninitialized, and the uninitialized value is copied to user object when calling PANTHOR_UOBJ_SET(). Using memset to initialize 'priorities_info' to avoid this garbage value problem. Fixes: f70000ef2352 ("drm/panthor: Add DEV_QUERY_GROUP_PRIORITIES_INFO dev query") Signed-off-by: Su Hui <suhui@nfschina.com> --- drivers/gpu/drm/panthor/panthor_drv.c | 1 + 1 file changed, 1 insertion(+)