From patchwork Wed Oct 19 07:32:40 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: David Gow X-Patchwork-Id: 4463 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a5d:4ac7:0:0:0:0:0 with SMTP id y7csp182911wrs; Wed, 19 Oct 2022 00:43:23 -0700 (PDT) X-Google-Smtp-Source: AMsMyM4MQ49JRUnwif/Srn24h9TnZPPXF2Zj39w+4tOLhMIHtsU00AwJOSJYs6ax+Ei4yQGJIgHr X-Received: by 2002:a17:902:848c:b0:17a:b4c0:a02b with SMTP id c12-20020a170902848c00b0017ab4c0a02bmr7023001plo.122.1666165402713; Wed, 19 Oct 2022 00:43:22 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1666165402; cv=none; d=google.com; s=arc-20160816; b=JT0Fat+E7XK0igk7q1e+O2KUeWfBihkd+LbZThPa8B56kBei+4kvQQwxDsb8JOsAbj 1dLQ+wKqemciFON4Ok/hWUSM2Y2YLfuZy9nWB6DtidIyh7MNPuJaqT9vtua5++VR3vDt FsMczSwd7yF99rTjp1aiez80DNBTQSsuTE4rZ+inPnJSTLcYmHKVpjxi8sywz28NjoBk NIq2lpIGk+WzpCg0S0sJ0NYlQD2zx4l6TBnHuG2cK5ImbUDsFlwdbOwf3oy14T69EyZL A5ZWzU+SS23olP1fxb/vhJDnT4FqTgbtbZ0QTAHgCYPOH1CLd7fGKvtFQwQFn60beFUC YsnA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:from:subject:message-id:mime-version:date :dkim-signature; bh=OFBlhkYS8e4Y++xggTk7x762ubjdCZQL5LyxpmWeUCA=; b=iG/l7WhqelNv/gwhi6017DZ7NtAl0QOyv1NwH+eT2CSluX2bfeRv7kLAErgHfXbIX6 PLdtO9UH93wuF8uFoZDhN62GdxCIOLIeg2/gYwriOl2sMU7giEUcPaT3w3wJbYNjflIq 50qad8SoWVVkmUq2rlLSSbxaO5ng6CTrmWR/67SoZWyqg7tLsa0TbPoILS/cTjgo/w9d Rd9Ml6P3b27R+TmVjEgsIFkSoNDMJYyad1mWJ56TBaVUicRF/UuKXGGmCmxR/G6Jbo5T lH4P/NvrI8VjM8mkU2S2qK7V/OiByG5yu5tm9hDbNd5vjf2Y/cJP9ejLEWZjWqpn0WqG YDJw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20210112 header.b=Ozsq01M1; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id nl5-20020a17090b384500b00205dfd2c794si24830176pjb.167.2022.10.19.00.43.10; Wed, 19 Oct 2022 00:43:22 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20210112 header.b=Ozsq01M1; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230018AbiJSHdF (ORCPT + 99 others); Wed, 19 Oct 2022 03:33:05 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:41706 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230008AbiJSHdD (ORCPT ); Wed, 19 Oct 2022 03:33:03 -0400 Received: from mail-pj1-x1049.google.com (mail-pj1-x1049.google.com [IPv6:2607:f8b0:4864:20::1049]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id A40FE61121 for ; Wed, 19 Oct 2022 00:33:02 -0700 (PDT) Received: by mail-pj1-x1049.google.com with SMTP id u12-20020a17090a410c00b0020b7d65a875so8009826pjf.9 for ; Wed, 19 Oct 2022 00:33:02 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20210112; h=cc:to:from:subject:message-id:mime-version:date:from:to:cc:subject :date:message-id:reply-to; bh=OFBlhkYS8e4Y++xggTk7x762ubjdCZQL5LyxpmWeUCA=; b=Ozsq01M1gRGtGtoH/cesMFHrQcZgb+x4tyXdANAkVr2929UYFp/CQCJNXnoeFXDiNU BZzmFTWGkBpJuzxNNTEUt8mg3kaO/D4gk78C8xiYyqpZN5wlBBvwHPrU/+3GTP7Q3aVF GUn+1EEzrZprmxQZAO7uIhpSmiGFbxtWtGzAb3ReiY4nqkAzN09e1ovJBDEs/q4o5knY 3Y54xYIdGEZXD/yShY+i5YkBn74VennWUUnxZEZN1CDFNTvNUGzk4Aqu3wN6j3pmmeRq MIa8VNaNxL+7+TQnDMEKpKDjXF7BmcCe8b84+M2DjcOL7+la4vlYESzSQBniYQYrWIg0 3OLA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=cc:to:from:subject:message-id:mime-version:date:x-gm-message-state :from:to:cc:subject:date:message-id:reply-to; bh=OFBlhkYS8e4Y++xggTk7x762ubjdCZQL5LyxpmWeUCA=; b=wQqgG2r1guTPLp8SKJ81J156gHi73LOVL9K7p71iQLfdaSPnClFRXI+NwLG7laxDTo aicqooRz4mdsk2TMxB0140ZnBHnwqQCHH2QhjO7/9PmUINE/dQsZFlzlVSiKs/iKByCq Gfx9g+7nvOuV8iB0k4vhRNsVoUgqjGx1kzY2Te70NpUMZ/iYXjY2K+mWm0+yRepBkTb+ 1V5ejFldMnRp6Igde0E3MACu9b1gPjvoS/M6NjCxV9L+wA2JGqhvTzD3X+JfBQwGZ20b pUhoEO5szdKZo46cw3Z2YsnEk96rH2jP49fPEeHD/jon9EI0PWKpwp1nEg5nnIR+AUk4 NAuQ== X-Gm-Message-State: ACrzQf24ufewIpCKgRzdo01gKh7nvlvAhe1J98Ywa6UufPBiOrPkpOx5 37p4xOsTnFahQb6stb+PQ9Ie9BXiQfa5jw== X-Received: from slicestar.c.googlers.com ([fda3:e722:ac3:cc00:4f:4b78:c0a8:20a1]) (user=davidgow job=sendgmr) by 2002:a17:90a:c986:b0:205:f08c:a82b with SMTP id w6-20020a17090ac98600b00205f08ca82bmr2707194pjt.1.1666164781481; Wed, 19 Oct 2022 00:33:01 -0700 (PDT) Date: Wed, 19 Oct 2022 15:32:40 +0800 Mime-Version: 1.0 X-Mailer: git-send-email 2.38.0.413.g74048e4d9e-goog Message-ID: <20221019073239.3779180-1-davidgow@google.com> Subject: [PATCH] drm: tests: Fix a buffer overflow in format_helper_test From: David Gow To: " =?utf-8?b?Sm9zw6kgRXhww7NzaXRv?= " , David Airlie , Daniel Vetter , Thomas Zimmermann , Maxime Ripard , Naresh Kamboju Cc: David Gow , " =?utf-8?q?Ma=C3=ADra_Canal?= " , dri-devel@lists.freedesktop.org, Sam Ravnborg , linux-kernel@vger.kernel.org, kunit-dev@googlegroups.com, Linux Kernel Functional Testing X-Spam-Status: No, score=-9.6 required=5.0 tests=BAYES_00,DKIMWL_WL_MED, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_NONE, SPF_HELO_NONE,SPF_PASS,USER_IN_DEF_DKIM_WL autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1747101053729990201?= X-GMAIL-MSGID: =?utf-8?q?1747101053729990201?= The xrgb2101010 format conversion test (unlike for other formats) does an endianness conversion on the results. However, it always converts TEST_BUF_SIZE 32-bit integers, which results in reading from (and writing to) more memory than in present in the result buffer. Instead, use the buffer size, divided by sizeof(u32). The issue could be reproduced with KASAN: ./tools/testing/kunit/kunit.py run --kunitconfig drivers/gpu/drm/tests \ --kconfig_add CONFIG_KASAN=y --kconfig_add CONFIG_KASAN_VMALLOC=y \ --kconfig_add CONFIG_KASAN_KUNIT_TEST=y \ drm_format_helper_test.*xrgb2101010 Reported-by: Linux Kernel Functional Testing Fixes: 453114319699 ("drm/format-helper: Add KUnit tests for drm_fb_xrgb8888_to_xrgb2101010()") Signed-off-by: David Gow Reviewed-by: Maíra Canal Reviewed-by: Javier Martinez Canillas Reviewed-by: José Expósito --- This is a fix for the issue reported here: https://lore.kernel.org/dri-devel/CA+G9fYsuc9G+RO81E=vHMqxYStsmLURLdOB0NF26kJ1=K8pRZA@mail.gmail.com/ Note that it may conflict with the KUNIT_EXPECT_MEMEQ() series here: https://lore.kernel.org/linux-kselftest/20221018190541.189780-1-mairacanal@riseup.net/ Cheers, -- David --- drivers/gpu/drm/tests/drm_format_helper_test.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/gpu/drm/tests/drm_format_helper_test.c b/drivers/gpu/drm/tests/drm_format_helper_test.c index 8d86c250c2ec..2191e57f2297 100644 --- a/drivers/gpu/drm/tests/drm_format_helper_test.c +++ b/drivers/gpu/drm/tests/drm_format_helper_test.c @@ -438,7 +438,7 @@ static void drm_test_fb_xrgb8888_to_xrgb2101010(struct kunit *test) iosys_map_set_vaddr(&src, xrgb8888); drm_fb_xrgb8888_to_xrgb2101010(&dst, &result->dst_pitch, &src, &fb, ¶ms->clip); - buf = le32buf_to_cpu(test, buf, TEST_BUF_SIZE); + buf = le32buf_to_cpu(test, buf, dst_size / sizeof(u32)); KUNIT_EXPECT_EQ(test, memcmp(buf, result->expected, dst_size), 0); }