[PATCH v2] drm/amdgpu: Fix UBSAN shift-out-of-bounds for gfx v9_0

[Christian König]

Am 15.08.22 um 13:08 schrieb Candice Li:
> Check shift number to avoid doing a shift operation when the number
> of bits shifted equal to or greater than number of bits in the operand.
>
> v2: Only calculate shift number for non-zero data and fix build warning.

Well that doesn't sounds like a good idea to me because we just ignore 
illegal data here.

Regards,
Christian.

>
> Signed-off-by: Candice Li <candice.li at amd.com>
> ---
>   drivers/gpu/drm/amd/amdgpu/gfx_v9_0.c | 8 ++++++--
>   1 file changed, 6 insertions(+), 2 deletions(-)
>
> diff --git a/drivers/gpu/drm/amd/amdgpu/gfx_v9_0.c b/drivers/gpu/drm/amd/amdgpu/gfx_v9_0.c
> index 7f187558220e9a..c398c21d906069 100644
> --- a/drivers/gpu/drm/amd/amdgpu/gfx_v9_0.c
> +++ b/drivers/gpu/drm/amd/amdgpu/gfx_v9_0.c
> @@ -2495,6 +2495,7 @@ static void gfx_v9_0_setup_rb(struct amdgpu_device *adev)
>   {
>   	int i, j;
>   	u32 data;
> +	int shift_num = 0;
>   	u32 active_rbs = 0;
>   	u32 rb_bitmap_width_per_sh = adev->gfx.config.max_backends_per_se /
>   					adev->gfx.config.max_sh_per_se;
> @@ -2504,8 +2505,11 @@ static void gfx_v9_0_setup_rb(struct amdgpu_device *adev)
>   		for (j = 0; j < adev->gfx.config.max_sh_per_se; j++) {
>   			gfx_v9_0_select_se_sh(adev, i, j, 0xffffffff);
>   			data = gfx_v9_0_get_rb_active_bitmap(adev);
> -			active_rbs |= data << ((i * adev->gfx.config.max_sh_per_se + j) *
> -					       rb_bitmap_width_per_sh);
> +			if (data) {
> +				shift_num = MIN(((i * adev->gfx.config.max_sh_per_se + j) *
> +						  rb_bitmap_width_per_sh), __builtin_clz(data));
> +				active_rbs |= data << shift_num;
> +			}
>   		}
>   	}
>   	gfx_v9_0_select_se_sh(adev, 0xffffffff, 0xffffffff, 0xffffffff);