[ Smatch checking is paused while we raise funding. #SadFace
https://lore.kernel.org/all/[email protected]/ -dan ]
Hello Jonathan Kim,
Commit e0f85f4690d0 ("drm/amdkfd: add debug set and clear address
watch points operation") from May 6, 2022 (linux-next), leads to the
following Smatch static checker warning:
drivers/gpu/drm/amd/amdgpu/../amdkfd/kfd_debug.c:448
kfd_dbg_trap_clear_dev_address_watch()
error: buffer overflow 'pdd->watch_points' 4 <= u32max
user_rl='0-3,2147483648-u32max' uncapped
drivers/gpu/drm/amd/amdgpu/../amdkfd/kfd_debug.c
433 int kfd_dbg_trap_clear_dev_address_watch(struct kfd_process_device *pdd,
434 uint32_t watch_id)
435 {
436 int r;
437
438 if (!kfd_dbg_owns_dev_watch_id(pdd, watch_id))
kfd_dbg_owns_dev_watch_id() doesn't check for negative values so
if watch_id is larger than INT_MAX it leads to a buffer overflow.
(Negative shifts are undefined).
439 return -EINVAL;
440
441 if (!pdd->dev->kfd->shared_resources.enable_mes) {
442 r = debug_lock_and_unmap(pdd->dev->dqm);
443 if (r)
444 return r;
445 }
446
447 amdgpu_gfx_off_ctrl(pdd->dev->adev, false);
--> 448 pdd->watch_points[watch_id] =
pdd->dev->kfd2kgd->clear_address_watch(
449 pdd->dev->adev,
450 watch_id);
451 amdgpu_gfx_off_ctrl(pdd->dev->adev, true);
452
453 if (!pdd->dev->kfd->shared_resources.enable_mes)
454 r = debug_map_and_unlock(pdd->dev->dqm);
455 else
456 r = kfd_dbg_set_mes_debug_mode(pdd, true);
457
458 kfd_dbg_clear_dev_watch_id(pdd, watch_id);
459
460 return r;
461 }
regards,
dan carpenter
