[PATCH] drm/amdgpu: fix UBSAN: Undefined behaviour for amdgpu_fence.c
Leo Liu
leo.liu at amd.com
Tue Jun 26 12:33:06 UTC 2018
On 06/25/2018 04:32 PM, James Zhu wrote:
>
>
> On 2018-06-25 04:19 PM, Leo Liu wrote:
>> [ 3.866656] index 2 is out of range for type 'amdgpu_uvd_inst [2]'
>> [ 3.866667] CPU: 0 PID: 59 Comm: kworker/0:1 Not tainted
>> 4.16.0-rc7+ #3
>> [ 3.866677] Hardware name: Gigabyte Technology Co., Ltd.
>> GA-990FXA-UD7/GA-990FXA-UD7, BIOS F9 06/08/2012
>> [ 3.866693] Workqueue: events work_for_cpu_fn
>> [ 3.866702] Call Trace:
>> [ 3.866710] dump_stack+0x85/0xc5
>> [ 3.866719] ubsan_epilogue+0x9/0x40
>> [ 3.866727] __ubsan_handle_out_of_bounds+0x89/0x90
>> [ 3.866737] ? rcu_read_lock_sched_held+0x58/0x60
>> [ 3.866746] ? __kmalloc+0x26c/0x2d0
>> [ 3.866846] amdgpu_fence_driver_start_ring+0x259/0x280 [amdgpu]
>> [ 3.866896] amdgpu_ring_init+0x12c/0x710 [amdgpu]
>> [ 3.866906] ? sprintf+0x42/0x50
>> [ 3.866956] amdgpu_gfx_kiq_init_ring+0x1bc/0x3a0 [amdgpu]
>> [ 3.867009] gfx_v8_0_sw_init+0x1ad3/0x2360 [amdgpu]
>> [ 3.867062] ? smu7_init+0xec/0x160 [amdgpu]
>> [ 3.867109] amdgpu_device_init+0x112c/0x1dc0 [amdgpu]
>>
>> The problem is the ring->me might be more than 1 for ring.
> for UVD and UVD_ENC ring type, after initialization, ring->me is less
> than AMDGPU_MAX_UVD_INSTANCES
> (which is set 2 in current code base)
The problem has nothing to do with UVD. From the bt, the ring->me might
be set as 2 when calling amdgpu_gfx_kiq_init_ring when initialize the
gfx ring.
Regards,
Leo
> James
>>
>> v2: simplified with ring type
>>
>> Signed-off-by: Leo Liu <leo.liu at amd.com>
>> ---
>> drivers/gpu/drm/amd/amdgpu/amdgpu_fence.c | 2 +-
>> 1 file changed, 1 insertion(+), 1 deletion(-)
>>
>> diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_fence.c
>> b/drivers/gpu/drm/amd/amdgpu/amdgpu_fence.c
>> index 39ec6b8890a1..e74d620d9699 100644
>> --- a/drivers/gpu/drm/amd/amdgpu/amdgpu_fence.c
>> +++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_fence.c
>> @@ -376,7 +376,7 @@ int amdgpu_fence_driver_start_ring(struct
>> amdgpu_ring *ring,
>> struct amdgpu_device *adev = ring->adev;
>> uint64_t index;
>> - if (ring != &adev->uvd.inst[ring->me].ring) {
>> + if (ring->funcs->type != AMDGPU_RING_TYPE_UVD) {
>> ring->fence_drv.cpu_addr = &adev->wb.wb[ring->fence_offs];
>> ring->fence_drv.gpu_addr = adev->wb.gpu_addr +
>> (ring->fence_offs * 4);
>> } else {
>
> _______________________________________________
> amd-gfx mailing list
> amd-gfx at lists.freedesktop.org
> https://lists.freedesktop.org/mailman/listinfo/amd-gfx
More information about the amd-gfx
mailing list