ubsan report on gfx_v8_0_get_cu_info

Dave Airlie airlied at gmail.com
Tue May 3 00:40:51 UTC 2016 

While trying to track down some crashes on my Fiji I enabled UBSAN and
got this, this led me to look at the function mentioned, and wow
totally undefined code land.

The code loops over num_shader_engines with i, then uses i * 16 in a
calc for a left-shift. On Fiji at least num_shader_engines is 4, so
clearly we are going to see shifts > 32 with that.

The userspace ABI seems limited to a 32-bit value as well here, which
to me seems to point out
something stinks in either the UABI design or the calculations here.

Dave.


[  733.803161] ================================================================================
[  733.803169] UBSAN: Undefined behaviour in
/home/airlied/devel/kernel/linux-2.6/drivers/gpu/drm/amd/amdgpu/gfx_v8_0.c:5188:29
[  733.803172] shift exponent 32 is too large for 32-bit type 'unsigned int'
[  733.803176] CPU: 0 PID: 1787 Comm: Xorg Not tainted 4.6.0-rc6+ #94
[  733.803178] Hardware name: Gigabyte Technology Co., Ltd.
GA-A75M-UD2H/GA-A75M-UD2H, BIOS F6 09/28/2012
[  733.803180]  0000000000000000 ffff880232753a78 ffffffff814628e5
0000000000000006
[  733.803184]  ffff880232753aa0 0000000000000003 ffff880232753a90
ffffffff814a5ce9
[  733.803188]  ffffffffa0390e5e ffff880232753b30 ffffffff814a6576
0000000000000202
[  733.803191] Call Trace:
[  733.803198]  [<ffffffff814628e5>] dump_stack+0x68/0x99
[  733.803200]  [<ffffffff814a5ce9>] ubsan_epilogue+0xd/0x3a
[  733.803203]  [<ffffffff814a6576>]
__ubsan_handle_shift_out_of_bounds+0x11f/0x148
[  733.803207]  [<ffffffff81003233>] ? syscall_trace_enter_phase2+0x240/0x3a9
[  733.803210]  [<ffffffff818b1cb1>] ? _raw_spin_unlock_irqrestore+0x3a/0x48
[  733.803268]  [<ffffffffa02bb9f2>] gfx_v8_0_get_cu_info+0x22b/0x2d1 [amdgpu]
[  733.803318]  [<ffffffffa02bb9f2>] ? gfx_v8_0_get_cu_info+0x22b/0x2d1 [amdgpu]
[  733.803363]  [<ffffffffa022357c>] amdgpu_info_ioctl+0xe91/0xf64 [amdgpu]
[  733.803405]  [<ffffffffa0094442>] drm_ioctl+0x379/0x524 [drm]
[  733.803408]  [<ffffffff815c88d3>] ? __pm_runtime_resume+0x84/0x91
[  733.803452]  [<ffffffffa02226eb>] ? amdgpu_debugfs_cleanup+0x6/0x6 [amdgpu]
[  733.803456]  [<ffffffff810f234b>] ? trace_hardirqs_on_caller+0x1f8/0x227
[  733.803458]  [<ffffffff810f2387>] ? trace_hardirqs_on+0xd/0xf
[  733.803503]  [<ffffffffa021e191>] amdgpu_drm_ioctl+0x99/0xe1 [amdgpu]
[  733.803506]  [<ffffffff8127d3ab>] vfs_ioctl+0x5a/0x6f
[  733.803508]  [<ffffffff8127dbcf>] do_vfs_ioctl+0x724/0x7bb
[  733.803511]  [<ffffffff813d3b1a>] ? security_file_ioctl+0x43/0x57
[  733.803514]  [<ffffffff8128bdcd>] ? __fget_light+0xca/0x111
[  733.803516]  [<ffffffff8127dcb8>] SyS_ioctl+0x52/0x74
[  733.803518]  [<ffffffff810035f9>] do_syscall_64+0x85/0x12c
[  733.803521]  [<ffffffff818b231a>] entry_SYSCALL64_slow_path+0x25/0x25
[  733.803523] =============================================================================
~
~
~

More information about the dri-devel mailing list