From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <owner-linux-mm@kvack.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 49BB8C54764
	for <linux-mm@archiver.kernel.org>; Mon, 19 Feb 2024 12:53:45 +0000 (UTC)
Received: by kanga.kvack.org (Postfix)
	id 8DDA86B0075; Mon, 19 Feb 2024 07:53:44 -0500 (EST)
Received: by kanga.kvack.org (Postfix, from userid 40)
	id 88DBA6B007B; Mon, 19 Feb 2024 07:53:44 -0500 (EST)
X-Delivered-To: int-list-linux-mm@kvack.org
Received: by kanga.kvack.org (Postfix, from userid 63042)
	id 7558B6B007D; Mon, 19 Feb 2024 07:53:44 -0500 (EST)
X-Delivered-To: linux-mm@kvack.org
Received: from relay.hostedemail.com (smtprelay0016.hostedemail.com [216.40.44.16])
	by kanga.kvack.org (Postfix) with ESMTP id 6305E6B0075
	for <linux-mm@kvack.org>; Mon, 19 Feb 2024 07:53:44 -0500 (EST)
Received: from smtpin01.hostedemail.com (a10.router.float.18 [10.200.18.1])
	by unirelay08.hostedemail.com (Postfix) with ESMTP id E8C2A140362
	for <linux-mm@kvack.org>; Mon, 19 Feb 2024 12:53:43 +0000 (UTC)
X-FDA: 81808545126.01.D658315
Received: from frasgout.his.huawei.com (frasgout.his.huawei.com [185.176.79.56])
	by imf07.hostedemail.com (Postfix) with ESMTP id D61594000C
	for <linux-mm@kvack.org>; Mon, 19 Feb 2024 12:53:40 +0000 (UTC)
Authentication-Results: imf07.hostedemail.com;
	dkim=none;
	dmarc=pass (policy=quarantine) header.from=huawei.com;
	spf=pass (imf07.hostedemail.com: domain of jonathan.cameron@huawei.com designates 185.176.79.56 as permitted sender) smtp.mailfrom=jonathan.cameron@huawei.com
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com;
	s=arc-20220608; t=1708347221;
	h=from:from:sender:reply-to:subject:subject:date:date:
	 message-id:message-id:to:to:cc:cc:mime-version:mime-version:
	 content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references;
	bh=SZgq4llkHHYE5jPwNFJ29zBawK87RJAapZfsBS7Mmzo=;
	b=PXMZFJ2shvI044+urSgNMzp66S8O0dQM2tCsCXhM/2tIUbsdpXtnltLQn34t3CuMLIPvLB
	+NiFDa6Nb5TzGhnGWJKHSH0pAFVwJy5gISQFJSbWGyfhiyjskR+QtJ0yL6FKdRSacWHEmc
	HLPsZRAV6CH2LVHJCCWi/1nbklmP/kI=
ARC-Authentication-Results: i=1;
	imf07.hostedemail.com;
	dkim=none;
	dmarc=pass (policy=quarantine) header.from=huawei.com;
	spf=pass (imf07.hostedemail.com: domain of jonathan.cameron@huawei.com designates 185.176.79.56 as permitted sender) smtp.mailfrom=jonathan.cameron@huawei.com
ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1708347221; a=rsa-sha256;
	cv=none;
	b=len24xzaV4vHeKPN+7z5VNIeWUKJLAwvnfEiVEWNHypEoLNKLLJtocpHdmbPr9Jd5RWpZe
	zrhsQJh+X1gVJPDvKqopLJyvUl71QjseWazr+OrV649Pvhoxkpk2mgGSStcRIepqz8u/oK
	n4EOsM+WPJl3m/WfnEjWBAuDbKNlgAk=
Received: from mail.maildlp.com (unknown [172.18.186.231])
	by frasgout.his.huawei.com (SkyGuard) with ESMTP id 4Tdj6W6YJJz6K63b;
	Mon, 19 Feb 2024 20:49:39 +0800 (CST)
Received: from lhrpeml500005.china.huawei.com (unknown [7.191.163.240])
	by mail.maildlp.com (Postfix) with ESMTPS id 55327140B38;
	Mon, 19 Feb 2024 20:53:36 +0800 (CST)
Received: from localhost (10.202.227.76) by lhrpeml500005.china.huawei.com
 (7.191.163.240) with Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.35; Mon, 19 Feb
 2024 12:53:35 +0000
Date: Mon, 19 Feb 2024 12:53:34 +0000
From: Jonathan Cameron <Jonathan.Cameron@Huawei.com>
To: Robert Richter <rrichter@amd.com>
CC: Dan Williams <dan.j.williams@intel.com>, kernel test robot
	<lkp@intel.com>, Alison Schofield <alison.schofield@intel.com>, "Vishal
 Verma" <vishal.l.verma@intel.com>, Ira Weiny <ira.weiny@intel.com>, "Dave
 Jiang" <dave.jiang@intel.com>, Davidlohr Bueso <dave@stgolabs.net>, "Rafael
 J. Wysocki" <rafael@kernel.org>, Andrew Morton <akpm@linux-foundation.org>,
	<oe-kbuild-all@lists.linux.dev>, Linux Memory Management List
	<linux-mm@kvack.org>, <linux-cxl@vger.kernel.org>,
	<linux-kernel@vger.kernel.org>, Len Brown <lenb@kernel.org>,
	<linux-acpi@vger.kernel.org>
Subject: Re: [PATCH v5] lib/firmware_table: Provide buffer length argument
 to cdat_table_parse()
Message-ID: <20240219125334.000036cd@Huawei.com>
In-Reply-To: <ZdEnopFO0Tl3t2O1@rric.localdomain>
References: <20240216155844.406996-4-rrichter@amd.com>
	<202402171817.i0WShbft-lkp@intel.com>
	<ZdEnopFO0Tl3t2O1@rric.localdomain>
Organization: Huawei Technologies Research and Development (UK) Ltd.
X-Mailer: Claws Mail 4.1.0 (GTK 3.24.33; x86_64-w64-mingw32)
MIME-Version: 1.0
Content-Type: text/plain; charset="US-ASCII"
Content-Transfer-Encoding: 7bit
X-Originating-IP: [10.202.227.76]
X-ClientProxiedBy: lhrpeml100005.china.huawei.com (7.191.160.25) To
 lhrpeml500005.china.huawei.com (7.191.163.240)
X-Rspamd-Queue-Id: D61594000C
X-Rspam-User: 
X-Rspamd-Server: rspam04
X-Stat-Signature: 3c69kxzozzo8kfkaipj3ccz3qi1m6rrj
X-HE-Tag: 1708347220-286125
X-HE-Meta: U2FsdGVkX1+HWPYhkWqkvsfxiq29uYzNk3+K11u+h3GBfCjJ4hZT9nFr6GpeJkt8LuBLW+cMEjvUxyeQPhslgYV5boZ8+MpW4ps97vYvfeLrw7a0dTxMXmDTyH+uD3MXw/SkolX6YzxGVMjeJ908uG88dteC/x6DhRoV3Wy03vnrVUv7umk1UKQVOlqHka4XLgFqncv28Y2Kfi5k2ohyM+zmLRK1WwXX0RkD+PHcd9aKBi87hh6AWoYtl3GbOLtiRl9xx1Nf37l71kqEdhXW6RxNp76cZrs50Uhw02NYlc7o5VSc4ZZR5dCvjRsNjntQ+z9oiPKdUhmrkoGReIcD7Gl6HW/lmX9dn8qNma7G5OVBQ4Zasudni7ra6snsOOu3NoHKPw5oUp5yn7ZXcxuM+cEZX3D+Tk8BdP1qFPCSSl98kFNhYuBFIm8LATrWBSkfsYDka3GpW2WiREqVwaJr9PZZibgwECRvubJVwlPFeGlnkmdvNyMczcZfER5Ehs5m3CCUmRoFGjVxnSZyXpFtq4JVQ2i70ughDaNfQ7WIILLRh+JDAxIa6vbUqb8w/wtHuCbIDLAU/p38I/1aebdS28vcQ7OVAyXZBFoKnjeJwFKo+cSBubtzoGxY0suaqhET7TmXqzwnv5x/gHsk/1X83rVeXWaJ3YQgnsEHYVjkH3Ae+3EHXXI5O7AjJcALp8Mh6Cpy8Hm7BKbbo4h8WPruZj3XNHk4GnMQqjtkK74w7HYYlscM41zVA/hgVq/GchWxDjOIbhRKAqTZA6KEjignK0VhPpbImW0JfjptjUlsnInBHuYMBHT2Z6Npz5/+XyXwLC6fwTxO5SOMfFYl8ShEWfKz/BzbAXF3O3PfRIEPSU5aRMRa72qnNrRpH/8gwL9a7g9ftNgDl7JSVUdoG78BcLApSK0omh+VV6UzAnkpEKxOiVCAsNUxtg==
X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4
Sender: owner-linux-mm@kvack.org
Precedence: bulk
X-Loop: owner-majordomo@kvack.org
List-ID: <linux-mm.kvack.org>
List-Subscribe: <mailto:majordomo@kvack.org>
List-Unsubscribe: <mailto:majordomo@kvack.org>

On Sat, 17 Feb 2024 22:39:46 +0100
Robert Richter <rrichter@amd.com> wrote:

> On 17.02.24 18:43:37, kernel test robot wrote:
> > Hi Robert,
> > 
> > kernel test robot noticed the following build warnings:
> > 
> > [auto build test WARNING on 6be99530c92c6b8ff7a01903edc42393575ad63b]
> > 
> > url:    https://github.com/intel-lab-lkp/linux/commits/Robert-Richter/cxl-pci-Rename-DOE-mailbox-handle-to-doe_mb/20240217-000206
> > base:   6be99530c92c6b8ff7a01903edc42393575ad63b
> > patch link:    https://lore.kernel.org/r/20240216155844.406996-4-rrichter%40amd.com
> > patch subject: [PATCH v4 3/3] lib/firmware_table: Provide buffer length argument to cdat_table_parse()
> > config: arc-allyesconfig (https://download.01.org/0day-ci/archive/20240217/202402171817.i0WShbft-lkp@intel.com/config)
> > compiler: arceb-elf-gcc (GCC) 13.2.0
> > reproduce (this is a W=1 build): (https://download.01.org/0day-ci/archive/20240217/202402171817.i0WShbft-lkp@intel.com/reproduce)  
> 
> >    In file included from include/linux/device.h:15,
> >                     from drivers/cxl/core/pci.c:5:
> >    drivers/cxl/core/pci.c: In function 'read_cdat_data':  
> > >> drivers/cxl/core/pci.c:672:31: warning: format '%lu' expects argument of type 'long unsigned int', but argument 3 has type 'size_t' {aka 'unsigned int'} [-Wformat=]  
> >      672 |                 dev_warn(dev, "Malformed CDAT table length (%lu:%lu), discarding trailing data\n",
> >          |                               ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~  
> 
> Fix below, it basically uses %zu for both format strings.
> 
> -Robert
> 
> 
> From 08685053a91e370fd1263b921aa3e8942025c4e4 Mon Sep 17 00:00:00 2001
> From: Robert Richter <rrichter@amd.com>
> Date: Sun, 7 Jan 2024 18:13:16 +0100
> Subject: [PATCH v5] lib/firmware_table: Provide buffer length argument to
>  cdat_table_parse()
> 
> There exist card implementations with a CDAT table using a fixed size
> buffer, but with entries filled in that do not fill the whole table
> length size. Then, the last entry in the CDAT table may not mark the
> end of the CDAT table buffer specified by the length field in the CDAT
> header. It can be shorter with trailing unused (zero'ed) data. The
> actual table length is determined while reading all CDAT entries of
> the table with DOE.
> 
> If the table is greater than expected (containing zero'ed trailing
> data), the CDAT parser fails with:
> 
>  [   48.691717] Malformed DSMAS table length: (24:0)
>  [   48.702084] [CDAT:0x00] Invalid zero length
>  [   48.711460] cxl_port endpoint1: Failed to parse CDAT: -22
> 
> In addition, a check of the table buffer length is missing to prevent
> an out-of-bound access then parsing the CDAT table.
> 
> Hardening code against device returning borked table. Fix that by
> providing an optional buffer length argument to
> acpi_parse_entries_array() that can be used by cdat_table_parse() to
> propagate the buffer size down to its users to check the buffer
> length. This also prevents a possible out-of-bound access mentioned.
> 
> Add a check to warn about a malformed CDAT table length.
> 
> Cc: "Rafael J. Wysocki" <rafael@kernel.org>
> Cc: Len Brown <lenb@kernel.org>
> Signed-off-by: Robert Richter <rrichter@amd.com>
> Reviewed-by: Dave Jiang <dave.jiang@intel.com>
> Signed-off-by: Robert Richter <rrichter@amd.com>

Reviewed-by: Jonathan Cameron <Jonathan.Cameron@huawei.com>