APPLIED: [SRU][N][PATCH 0/3] UBSAN: array-index-out-of-bounds in /build/linux-Z1RxaK/linux-6.8.0/drivers/gpu/drm/amd/amdgpu/../pm/powerplay/hwmgr/processpptables.c:1249:61 (LP: #2078041)

Stefan Bader stefan.bader at canonical.com
Fri Aug 30 15:12:06 UTC 2024 

On 28.08.24 10:54, Juerg Haefliger wrote:
> BugLink: https://bugs.launchpad.net/bugs/2078041
> 
> [Impact]
> 
> [   38.630689] ------------[ cut here ]------------
> [   38.630701] UBSAN: array-index-out-of-bounds in /build/linux-Z1RxaK/linux-6.8.0/drivers/gpu/drm/amd/amdgpu/../pm/powerplay/hwmgr/processpptables.c:1249:61
> [   38.630714] index 1 is out of range for type 'ATOM_PPLIB_VCE_Clock_Voltage_Limit_Record [1]'
> [   38.630722] CPU: 1 PID: 459 Comm: (udev-worker) Not tainted 6.8.0-41-generic #41-Ubuntu
> [   38.630730] Hardware name: HP HP Laptop 17-ca0xxx/84D0, BIOS F.66 11/27/2023
> [   38.630734] Call Trace:
> [   38.630739]  <TASK>
> [   38.630745]  dump_stack_lvl+0x76/0xa0
> [   38.630763]  dump_stack+0x10/0x20
> [   38.630770]  __ubsan_handle_out_of_bounds+0xc6/0x110
> [   38.630782]  init_clock_voltage_dependency+0xa19/0xac0 [amdgpu]
> [   38.631592]  pp_tables_initialize+0x116/0x440 [amdgpu]
> [   38.631592]  hwmgr_hw_init+0x7b/0x1e0 [amdgpu]
> [   38.631592]  pp_hw_init+0x16/0x50 [amdgpu]
> [   38.631592]  amdgpu_device_ip_init+0x49c/0x860 [amdgpu]
> [   38.631592]  amdgpu_device_init+0x9b3/0x1180 [amdgpu]
> [   38.631592]  amdgpu_driver_load_kms+0x1a/0x1c0 [amdgpu]
> [   38.631592]  amdgpu_pci_probe+0x1c1/0x600 [amdgpu]
> [   38.631592]  local_pci_probe+0x47/0xb0
> [   38.631592]  pci_call_probe+0x55/0x1a0
> [   38.631592]  pci_device_probe+0x84/0x120
> [   38.631592]  really_probe+0x1c7/0x410
> [   38.631592]  __driver_probe_device+0x8c/0x180
> [   38.631592]  driver_probe_device+0x24/0xd0
> [   38.631592]  __driver_attach+0x10b/0x210
> [   38.631592]  ? __pfx___driver_attach+0x10/0x10
> [   38.631592]  bus_for_each_dev+0x8d/0xf0
> [   38.631592]  driver_attach+0x1e/0x30
> [   38.631592]  bus_add_driver+0x156/0x260
> [   38.631592]  driver_register+0x5e/0x130
> [   38.631592]  ? __pfx_amdgpu_init+0x10/0x10 [amdgpu]
> [   38.631592]  __pci_register_driver+0x5e/0x70
> [   38.631592]  amdgpu_init+0x69/0xff0 [amdgpu]
> [   38.631592]  do_one_initcall+0x5e/0x340
> [   38.631592]  do_init_module+0x97/0x290
> [   38.631592]  load_module+0xba1/0xcf0
> [   38.631592]  init_module_from_file+0x96/0x100
> [   38.631592]  ? init_module_from_file+0x96/0x100
> [   38.631592]  idempotent_init_module+0x11c/0x2b0
> [   38.631592]  __x64_sys_finit_module+0x64/0xd0
> [   38.631592]  x64_sys_call+0x1d6e/0x25c0
> [   38.631592]  do_syscall_64+0x7f/0x180
> [   38.631592]  ? syscall_exit_to_user_mode+0x89/0x260
> [   38.631592]  ? do_syscall_64+0x8c/0x180
> [   38.631592]  ? __seccomp_filter+0x368/0x570
> [   38.631592]  ? do_sys_openat2+0x9f/0xe0
> [   38.631592]  ? ext4_llseek+0xc3/0x130
> [   38.631592]  ? ksys_lseek+0x80/0xd0
> [   38.631592]  ? syscall_exit_to_user_mode+0x89/0x260
> [   38.631592]  ? do_syscall_64+0x8c/0x180
> [   38.631592]  ? do_syscall_64+0x8c/0x180
> [   38.631592]  ? do_syscall_64+0x8c/0x180
> [   38.631592]  ? irqentry_exit_to_user_mode+0x7e/0x260
> [   38.631592]  ? irqentry_exit+0x43/0x50
> [   38.631592]  entry_SYSCALL_64_after_hwframe+0x78/0x80
> [   38.631592] RIP: 0033:0x77a78712725d
> [   38.631592] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 90 f3 0f 1e fa 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 8b bb 0d 00 f7 d8 64 89 01 48
> [   38.631592] RSP: 002b:00007ffd96dace28 EFLAGS: 00000246 ORIG_RAX: 0000000000000139
> [   38.631592] RAX: ffffffffffffffda RBX: 0000650a3a770990 RCX: 000077a78712725d
> [   38.631592] RDX: 0000000000000004 RSI: 000077a78742a07d RDI: 0000000000000021
> [   38.631592] RBP: 00007ffd96dacee0 R08: 0000000000000040 R09: 00007ffd96dace70
> [   38.631592] R10: 000077a787203b20 R11: 0000000000000246 R12: 000077a78742a07d
> [   38.631592] R13: 0000000000020000 R14: 0000650a3a770010 R15: 0000650a3a773c10
> [   38.631592]  </TASK>
> [   38.652542] ---[ end trace ]---
> 
> [Test Case]
> 
> Compile-tested only.
> 
> [Where Problems Could Occur]
> 
> Limited to AMD GPU drivers, so people with that HW might encounter any type of issues.
> 
> [Notes]
> 
> Trace is from dmesg in bug 2077920.
> 
> Alex Deucher (2):
>    drm/amdgpu/pptable: convert some variable sized arrays to [] style
>    drm/amdgpu: convert some variable sized arrays to [] style
> 
> Tasos Sahanidis (1):
>    drm/amdgpu/pptable: Fix UBSAN array-index-out-of-bounds
> 
>   drivers/gpu/drm/amd/include/pptable.h | 91 ++++++++++++++-------------
>   1 file changed, 49 insertions(+), 42 deletions(-)
> 

Applied to noble:linux/master-next. Thanks.

-Stefan

-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_0xE8675DEECBEECEA3.asc
Type: application/pgp-keys
Size: 48643 bytes
Desc: OpenPGP public key
URL: <https://lists.ubuntu.com/archives/kernel-team/attachments/20240830/e2909ac2/attachment-0001.key>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ubuntu.com/archives/kernel-team/attachments/20240830/e2909ac2/attachment-0001.sig>

More information about the kernel-team mailing list