From: Kyle Meyer <kyle.meyer@hpe.com>
To: steve.wahl@hpe.com, justin.ernst@hpe.com,
dimitri.sivanich@hpe.com, russ.anderson@hpe.com,
tglx@linutronix.de, mingo@redhat.com, bp@alien8.de,
dave.hansen@linux.intel.com, x86@kernel.org, hpa@zytor.com,
linux-kernel@vger.kernel.org
Subject: Re: [PATCH] x86/platform/uv: Fix UBSAN array-index-out-of-bounds
Date: Thu, 21 Aug 2025 12:55:50 -0500 [thread overview]
Message-ID: <aKddpjJnmcuhrH6T@hpe.com> (raw)
In-Reply-To: <20250709192641.128872-1-kyle.meyer@hpe.com>
On Wed, Jul 09, 2025 at 02:26:41PM -0500, Kyle Meyer wrote:
> When UBSAN is enabled, multiple array-index-out-of-bounds messages are
> written to the ring buffer:
>
> [ 0.000000] [ T0] UBSAN: array-index-out-of-bounds in arch/x86/kernel/apic/x2apic_uv_x.c:276:23
> [ 0.000000] [ T0] index 1 is out of range for type '<unknown> [1]'
> ...
> [ 0.000000] [ T0] UBSAN: array-index-out-of-bounds in arch/x86/kernel/apic/x2apic_uv_x.c:277:32
> [ 0.000000] [ T0] index 1 is out of range for type '<unknown> [1]'
> ...
> [ 0.000000] [ T0] UBSAN: array-index-out-of-bounds in arch/x86/kernel/apic/x2apic_uv_x.c:282:16
> [ 0.000000] [ T0] index 1 is out of range for type '<unknown> [1]'
> ...
> [ 0.515850] [ T1] UBSAN: array-index-out-of-bounds in arch/x86/kernel/apic/x2apic_uv_x.c:1344:23
> [ 0.519851] [ T1] index 1 is out of range for type '<unknown> [1]'
> ...
> [ 0.603850] [ T1] UBSAN: array-index-out-of-bounds in arch/x86/kernel/apic/x2apic_uv_x.c:1345:32
> [ 0.607850] [ T1] index 1 is out of range for type '<unknown> [1]'
> ...
> [ 0.691850] [ T1] UBSAN: array-index-out-of-bounds in arch/x86/kernel/apic/x2apic_uv_x.c:1353:20
> [ 0.695850] [ T1] index 1 is out of range for type '<unknown> [1]'
>
> One-element arrays have been deprecated [1]. Switch entry
> in struct uv_systab to a flexible array member to fix UBSAN
> array-index-out-of-bounds messages.
>
> [1] https://docs.kernel.org/process/deprecated.html#zero-length-and-one-element-arrays
>
> Signed-off-by: Kyle Meyer <kyle.meyer@hpe.com>
> ---
>
> sizeof(struct uv_systab) is passed to early_memremap() and ioremap(). The
> flexible array member is not referenced until the entire UV system table is
> remapped, so this changes to sizeof(struct uv_systab) would have no impact
> anyway.
>
> arch/x86/include/asm/uv/bios.h | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/arch/x86/include/asm/uv/bios.h b/arch/x86/include/asm/uv/bios.h
> index 6989b824fd32..d0b62e255290 100644
> --- a/arch/x86/include/asm/uv/bios.h
> +++ b/arch/x86/include/asm/uv/bios.h
> @@ -122,7 +122,7 @@ struct uv_systab {
> struct {
> u32 type:8; /* type of entry */
> u32 offset:24; /* byte offset from struct start to entry */
> - } entry[1]; /* additional entries follow */
> + } entry[]; /* additional entries follow */
> };
> extern struct uv_systab *uv_systab;
>
> --
> 2.50.0
>
Just a friendly ping.
Thanks,
Kyle Meyer
prev parent reply other threads:[~2025-08-21 17:56 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-07-09 19:26 [PATCH] x86/platform/uv: Fix UBSAN array-index-out-of-bounds Kyle Meyer
2025-08-21 17:55 ` Kyle Meyer [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=aKddpjJnmcuhrH6T@hpe.com \
--to=kyle.meyer@hpe.com \
--cc=bp@alien8.de \
--cc=dave.hansen@linux.intel.com \
--cc=dimitri.sivanich@hpe.com \
--cc=hpa@zytor.com \
--cc=justin.ernst@hpe.com \
--cc=linux-kernel@vger.kernel.org \
--cc=mingo@redhat.com \
--cc=russ.anderson@hpe.com \
--cc=steve.wahl@hpe.com \
--cc=tglx@linutronix.de \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.