Message ID | 20231107234726.854248-1-ttabi@nvidia.com (mailing list archive) |
---|---|
State | New, archived |
Headers | show |
Series | nouveau/gsp: fix UBSAN array bounds warning in PACKED_REGISTRY_TABLE | expand |
On 11/8/23 00:47, Timur Tabi wrote: > Change PACKED_REGISTRY_TABLE so that its last member is a variable-length > array instead of a zero-length array. UBSAN treats zero-length arrays > literally and warns if they are dereferenced. Changing the "[0]" to "[]" > tells the compiler that the array is variable-length. Do you also intend to fix this upstream? (And with upstream I mean the open-gpu-kernel-modules in this case.) > > This fixes the following warning in function r535_gsp_rpc_set_registry > when CONFIG_UBSAN_BOUNDS is enabled: > > UBSAN: array-index-out-of-bounds in drivers/gpu/drm/nouveau/nvkm/ > subdev/gsp/r535.c:1066:33 > index 2 is out of range for type 'PACKED_REGISTRY_ENTRY [*]' > > Fixes: b5bad8c16b9b ("nouveau/gsp: move to 535.113.01") > Signed-off-by: Timur Tabi <ttabi@nvidia.com> > --- > .../include/nvrm/535.113.01/nvidia/generated/g_os_nvoc.h | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/drivers/gpu/drm/nouveau/include/nvrm/535.113.01/nvidia/generated/g_os_nvoc.h b/drivers/gpu/drm/nouveau/include/nvrm/535.113.01/nvidia/generated/g_os_nvoc.h > index 754c6af42f30..1d236c68fa30 100644 > --- a/drivers/gpu/drm/nouveau/include/nvrm/535.113.01/nvidia/generated/g_os_nvoc.h > +++ b/drivers/gpu/drm/nouveau/include/nvrm/535.113.01/nvidia/generated/g_os_nvoc.h > @@ -38,7 +38,7 @@ typedef struct PACKED_REGISTRY_TABLE > { > NvU32 size; > NvU32 numEntries; > - PACKED_REGISTRY_ENTRY entries[0]; > + PACKED_REGISTRY_ENTRY entries[]; > } PACKED_REGISTRY_TABLE; > > #endif
On Wed, 2023-11-08 at 00:52 +0100, Danilo Krummrich wrote: > On 11/8/23 00:47, Timur Tabi wrote: > > Change PACKED_REGISTRY_TABLE so that its last member is a variable- > > length > > array instead of a zero-length array. UBSAN treats zero-length arrays > > literally and warns if they are dereferenced. Changing the "[0]" to > > "[]" > > tells the compiler that the array is variable-length. > > Do you also intend to fix this upstream? (And with upstream I mean the > open-gpu-kernel-modules in this case.) Hmmm, I hadn't thought about that. I would need to repro (or see a repro) with OpenRM to justify changing it. OpenRM doesn't build the registry the way Nouveau does.
diff --git a/drivers/gpu/drm/nouveau/include/nvrm/535.113.01/nvidia/generated/g_os_nvoc.h b/drivers/gpu/drm/nouveau/include/nvrm/535.113.01/nvidia/generated/g_os_nvoc.h index 754c6af42f30..1d236c68fa30 100644 --- a/drivers/gpu/drm/nouveau/include/nvrm/535.113.01/nvidia/generated/g_os_nvoc.h +++ b/drivers/gpu/drm/nouveau/include/nvrm/535.113.01/nvidia/generated/g_os_nvoc.h @@ -38,7 +38,7 @@ typedef struct PACKED_REGISTRY_TABLE { NvU32 size; NvU32 numEntries; - PACKED_REGISTRY_ENTRY entries[0]; + PACKED_REGISTRY_ENTRY entries[]; } PACKED_REGISTRY_TABLE; #endif
Change PACKED_REGISTRY_TABLE so that its last member is a variable-length array instead of a zero-length array. UBSAN treats zero-length arrays literally and warns if they are dereferenced. Changing the "[0]" to "[]" tells the compiler that the array is variable-length. This fixes the following warning in function r535_gsp_rpc_set_registry when CONFIG_UBSAN_BOUNDS is enabled: UBSAN: array-index-out-of-bounds in drivers/gpu/drm/nouveau/nvkm/ subdev/gsp/r535.c:1066:33 index 2 is out of range for type 'PACKED_REGISTRY_ENTRY [*]' Fixes: b5bad8c16b9b ("nouveau/gsp: move to 535.113.01") Signed-off-by: Timur Tabi <ttabi@nvidia.com> --- .../include/nvrm/535.113.01/nvidia/generated/g_os_nvoc.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)