[PATCH 0/2][SRU][Unstable/Mantic/Lunar] UBSAN: shift-out-of-bounds in amd_sfh

[You-Sheng Yang]

BugLink: https://bugs.launchpad.net/bugs/2027773

[Impact]

UBSAN: shift-out-of-bounds in drivers/hid/amd-sfh-hid/sfh1_1/amd_sfh_desc.c:149:50
[ 7.928631] shift exponent 103 is too large for 64-bit type 'long unsigned int'
[ 9.877309] Workqueue: events amd_sfh_work_buffer \[amd_sfh]
[ 9.877327] Call Trace:
[ 9.877331] \<TASK>
[ 9.877335] dump_stack_lvl+0x49/0x63
[ 9.877346] dump_stack+0x10/0x16
[ 9.877348] ubsan_epilogue+0x9/0x36
[ 9.877357] __ubsan_handle_shift_out_of_bounds.cold+0x61/0xef
[ 9.877363] ? _raw_spin_lock+0x17/0x50
[ 9.877369] ? raw_spin_rq_lock_nested+0x2e/0xa0
[ 9.877378] ? psi_group_change+0x1e2/0x4a0
[ 9.877385] float_to_int.cold+0x18/0xc8 \[amd_sfh]
[ 9.877394] ? get_feature_rep+0xb0/0xb0 \[amd_sfh]
[ 9.877402] get_input_rep+0x219/0x2f0 \[amd_sfh]
[ 9.877409] ? up+0x37/0x70
[ 9.877414] ? hid_input_report+0x104/0x170 \[hid]
[ 9.877428] amd_sfh_work_buffer+0x94/0x150 \[amd_sfh]
[ 9.877436] process_one_work+0x21f/0x3f0
[ 9.877443] worker_thread+0x50/0x3e0
[ 9.877446] ? process_one_work+0x3f0/0x3f0
[ 9.877449] kthread+0xfd/0x130
[ 9.877452] ? kthread_complete_and_exit+0x20/0x20
[ 9.877454] ret_from_fork+0x22/0x30
[ 9.877463] \</TASK>

[Fix]

Fixes in:
* commit c1685a862a4b ("HID: amd_sfh: Rename the float32 variable")
* commit 878543661764 ("HID: amd_sfh: Fix for shift-out-of-bounds")

[Test Case]

The affected platform should no longer has such error dumped in kernel dmesg at
boot.

[Where problems could occur]

This renamed a variable and corrected the way shift offset is calculated. No
known side effect.

[Other Info]

The affects kernel >= v6.0 and < v6.5, so Unstable/Mantis/Lunar/OEM-6.1 are
nominated for fix.


Basavaraj Natikar (2):
  HID: amd_sfh: Rename the float32 variable
  HID: amd_sfh: Fix for shift-out-of-bounds

 drivers/hid/amd-sfh-hid/sfh1_1/amd_sfh_desc.c | 30 ++++++++++++++-----
 1 file changed, 23 insertions(+), 7 deletions(-)

-- 
2.40.1