NACK[U]: [PATCH 0/2][SRU][Unstable/Mantic/Lunar] UBSAN: shift-out-of-bounds in amd_sfh

Andrea Righi andrea.righi at canonical.com
Mon Jul 17 06:14:11 UTC 2023


On Fri, Jul 14, 2023 at 04:11:24PM +0800, You-Sheng Yang wrote:
> BugLink: https://bugs.launchpad.net/bugs/2027773
> 
> [Impact]
> 
> UBSAN: shift-out-of-bounds in drivers/hid/amd-sfh-hid/sfh1_1/amd_sfh_desc.c:149:50
> [ 7.928631] shift exponent 103 is too large for 64-bit type 'long unsigned int'
> [ 9.877309] Workqueue: events amd_sfh_work_buffer \[amd_sfh]
> [ 9.877327] Call Trace:
> [ 9.877331] \<TASK>
> [ 9.877335] dump_stack_lvl+0x49/0x63
> [ 9.877346] dump_stack+0x10/0x16
> [ 9.877348] ubsan_epilogue+0x9/0x36
> [ 9.877357] __ubsan_handle_shift_out_of_bounds.cold+0x61/0xef
> [ 9.877363] ? _raw_spin_lock+0x17/0x50
> [ 9.877369] ? raw_spin_rq_lock_nested+0x2e/0xa0
> [ 9.877378] ? psi_group_change+0x1e2/0x4a0
> [ 9.877385] float_to_int.cold+0x18/0xc8 \[amd_sfh]
> [ 9.877394] ? get_feature_rep+0xb0/0xb0 \[amd_sfh]
> [ 9.877402] get_input_rep+0x219/0x2f0 \[amd_sfh]
> [ 9.877409] ? up+0x37/0x70
> [ 9.877414] ? hid_input_report+0x104/0x170 \[hid]
> [ 9.877428] amd_sfh_work_buffer+0x94/0x150 \[amd_sfh]
> [ 9.877436] process_one_work+0x21f/0x3f0
> [ 9.877443] worker_thread+0x50/0x3e0
> [ 9.877446] ? process_one_work+0x3f0/0x3f0
> [ 9.877449] kthread+0xfd/0x130
> [ 9.877452] ? kthread_complete_and_exit+0x20/0x20
> [ 9.877454] ret_from_fork+0x22/0x30
> [ 9.877463] \</TASK>
> 
> [Fix]
> 
> Fixes in:
> * commit c1685a862a4b ("HID: amd_sfh: Rename the float32 variable")
> * commit 878543661764 ("HID: amd_sfh: Fix for shift-out-of-bounds")
> 
> [Test Case]
> 
> The affected platform should no longer has such error dumped in kernel dmesg at
> boot.
> 
> [Where problems could occur]
> 
> This renamed a variable and corrected the way shift offset is calculated. No
> known side effect.
> 
> [Other Info]
> 
> The affects kernel >= v6.0 and < v6.5, so Unstable/Mantis/Lunar/OEM-6.1 are
> nominated for fix.

Already applied to mantic/linux-unstable via periodic upstream rebase.

-Andrea



More information about the kernel-team mailing list