* [Bug 214853] New: [amdgpu] UBSAN shows several null-ptr-deref in ../dc/bios/command_table2.c some array-index-out-of-bounds in ../dc/bios/bios_parser2.c and an invalid-load in ../amdgpu_dm/amdgpu_dm.c
@ 2021-10-27 21:00 bugzilla-daemon
2021-10-27 21:02 ` [Bug 214853] " bugzilla-daemon
` (3 more replies)
0 siblings, 4 replies; 5+ messages in thread
From: bugzilla-daemon @ 2021-10-27 21:00 UTC (permalink / raw)
To: dri-devel
https://bugzilla.kernel.org/show_bug.cgi?id=214853
Bug ID: 214853
Summary: [amdgpu] UBSAN shows several null-ptr-deref in
../dc/bios/command_table2.c some
array-index-out-of-bounds in ../dc/bios/bios_parser2.c
and an invalid-load in ../amdgpu_dm/amdgpu_dm.c
Product: Drivers
Version: 2.5
Kernel Version: 5.15-rc7
Hardware: All
OS: Linux
Tree: Mainline
Status: NEW
Severity: normal
Priority: P1
Component: Video(DRI - non Intel)
Assignee: drivers_video-dri@kernel-bugs.osdl.org
Reporter: erhard_f@mailbox.org
CC: christian.koenig@amd.com
Regression: No
Created attachment 299337
--> https://bugzilla.kernel.org/attachment.cgi?id=299337&action=edit
kernel dmesg (kernel 5.15-rc7, AMD FX-8370)
[...]
UBSAN: null-ptr-deref in
drivers/gpu/drm/amd/amdgpu/../display/dc/bios/command_table2.c:872:3
member access within null pointer of type 'struct
atom_master_list_of_command_functions_v2_1'
CPU: 3 PID: 234 Comm: systemd-udevd Not tainted 5.15.0-rc7-bdver2 #11
Hardware name: Gigabyte Technology Co., Ltd. To be filled by O.E.M./970-GAMING,
BIOS F2 04/06/2016
Call Trace:
dump_stack_lvl+0x8d/0xd9
ubsan_epilogue+0x5/0x44
__ubsan_handle_type_mismatch_v1+0x45/0x4a
dal_firmware_parser_init_cmd_tbl+0x31c/0x37c [amdgpu]
bios_parser2_construct+0x16f/0x9cb [amdgpu]
firmware_parser_create+0x36/0x4c [amdgpu]
dal_bios_parser_create+0xc/0x20 [amdgpu]
dc_create+0x25d/0x764 [amdgpu]
dm_hw_init+0x28a/0x697 [amdgpu]
? dev_printk_emit+0x4c/0x66
amdgpu_device_init+0x1847/0x1e13 [amdgpu]
amdgpu_driver_load_kms+0x47/0x33d [amdgpu]
amdgpu_pci_probe+0xeb/0x1a6 [amdgpu]
pci_device_probe+0xa1/0x121
really_probe+0xe4/0x331
__driver_probe_device+0x84/0xe1
driver_probe_device+0x1a/0x6d
__driver_attach+0xac/0xc3
? driver_attach+0x15/0x15
bus_for_each_dev+0x8c/0xc0
bus_add_driver+0xf5/0x1f2
driver_register+0x66/0xe7
? 0xffffffffc0ff2000
do_one_initcall+0x109/0x1f4
? 0xffffffffc0ff2000
do_init_module+0x5c/0x1f1
load_module+0x193f/0x1ca9
? kernel_read_file_from_fd+0x5b/0x7e
__se_sys_finit_module+0xa7/0xce
do_syscall_64+0x79/0xa3
? lockdep_hardirqs_on_prepare+0xf6/0x1e3
entry_SYSCALL_64_after_hwframe+0x44/0xae
RIP: 0033:0x7fa99ef681e9
Code: 00 00 b8 ca 00 00 00 0f 05 eb ac 66 0f 1f 44 00 00 48 89 f8 48 89 f7 48
89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01
c3 48 8b 0d 4f fc 0b 00 f7 d8 64 89 01 48
RSP: 002b:00007fff06041ba8 EFLAGS: 00000246 ORIG_RAX: 0000000000000139
RAX: ffffffffffffffda RBX: 000055f2d378be20 RCX: 00007fa99ef681e9
RDX: 0000000000000000 RSI: 00007fa99f0af97f RDI: 0000000000000018
RBP: 0000000000020000 R08: 0000000000000000 R09: fffffffffffffeb8
R10: 0000000000000018 R11: 0000000000000246 R12: 0000000000000000
R13: 000055f2d38eba60 R14: 00007fa99f0af97f R15: 0000000000000000
================================================================================
================================================================================
UBSAN: array-index-out-of-bounds in
drivers/gpu/drm/amd/amdgpu/../display/dc/bios/bios_parser2.c:384:3
index 8 is out of range for type 'struct atom_gpio_pin_assignment [8]'
CPU: 3 PID: 234 Comm: systemd-udevd Not tainted 5.15.0-rc7-bdver2 #11
Hardware name: Gigabyte Technology Co., Ltd. To be filled by O.E.M./970-GAMING,
BIOS F2 04/06/2016
Call Trace:
dump_stack_lvl+0x8d/0xd9
ubsan_epilogue+0x5/0x44
__ubsan_handle_out_of_bounds+0x9e/0xa0
get_gpio_i2c_info+0xe0/0x17e [amdgpu]
bios_parser_get_i2c_info+0x5b/0xfa [amdgpu]
dal_ddc_service_create+0xa7/0x1a8 [amdgpu]
dcn20_resource_construct+0x106e/0x10ba [amdgpu]
? find_held_lock+0x41/0xc1
? slab_post_alloc_hook+0x5f/0x8a
dcn20_create_resource_pool+0x39/0x6f [amdgpu]
dc_create_resource_pool+0x164/0x213 [amdgpu]
? dal_gpio_service_create+0x8f/0x193 [amdgpu]
dc_create+0x2b3/0x764 [amdgpu]
dm_hw_init+0x28a/0x697 [amdgpu]
? dev_printk_emit+0x4c/0x66
amdgpu_device_init+0x1847/0x1e13 [amdgpu]
amdgpu_driver_load_kms+0x47/0x33d [amdgpu]
amdgpu_pci_probe+0xeb/0x1a6 [amdgpu]
pci_device_probe+0xa1/0x121
really_probe+0xe4/0x331
__driver_probe_device+0x84/0xe1
driver_probe_device+0x1a/0x6d
__driver_attach+0xac/0xc3
? driver_attach+0x15/0x15
bus_for_each_dev+0x8c/0xc0
bus_add_driver+0xf5/0x1f2
driver_register+0x66/0xe7
? 0xffffffffc0ff2000
do_one_initcall+0x109/0x1f4
? 0xffffffffc0ff2000
do_init_module+0x5c/0x1f1
load_module+0x193f/0x1ca9
? kernel_read_file_from_fd+0x5b/0x7e
__se_sys_finit_module+0xa7/0xce
do_syscall_64+0x79/0xa3
? lockdep_hardirqs_on_prepare+0xf6/0x1e3
entry_SYSCALL_64_after_hwframe+0x44/0xae
RIP: 0033:0x7fa99ef681e9
Code: 00 00 b8 ca 00 00 00 0f 05 eb ac 66 0f 1f 44 00 00 48 89 f8 48 89 f7 48
89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01
c3 48 8b 0d 4f fc 0b 00 f7 d8 64 89 01 48
RSP: 002b:00007fff06041ba8 EFLAGS: 00000246 ORIG_RAX: 0000000000000139
RAX: ffffffffffffffda RBX: 000055f2d378be20 RCX: 00007fa99ef681e9
RDX: 0000000000000000 RSI: 00007fa99f0af97f RDI: 0000000000000018
RBP: 0000000000020000 R08: 0000000000000000 R09: fffffffffffffeb8
R10: 0000000000000018 R11: 0000000000000246 R12: 0000000000000000
R13: 000055f2d38eba60 R14: 00007fa99f0af97f R15: 0000000000000000
[...]
=
UBSAN: invalid-load in
drivers/gpu/drm/amd/amdgpu/../display/amdgpu_dm/amdgpu_dm.c:5865:85
load of value 170 is not a valid value for type 'bool' (aka '_Bool')
CPU: 5 PID: 234 Comm: systemd-udevd Not tainted 5.15.0-rc7-bdver2 #11
Hardware name: Gigabyte Technology Co., Ltd. To be filled by O.E.M./970-GAMING,
BIOS F2 04/06/2016
Call Trace:
dump_stack_lvl+0x8d/0xd9
ubsan_epilogue+0x5/0x44
__ubsan_handle_load_invalid_value+0x9e/0xa0
create_validate_stream_for_sink+0x6bb/0x777 [amdgpu]
? lockdep_hardirqs_on_prepare+0xf6/0x1e3
amdgpu_dm_connector_mode_valid+0x70/0x1b9 [amdgpu]
? drm_connector_list_update+0xba/0x121 [drm]
drm_connector_mode_valid+0x34/0x42 [drm_kms_helper]
drm_helper_probe_single_connector_modes+0x4d7/0x88e [drm_kms_helper]
? drm_client_modeset_probe+0x1fa/0x14c9 [drm]
drm_client_modeset_probe+0x232/0x14c9 [drm]
? add_chain_block+0x165/0x22f
? __lock_acquire+0xc7c/0x1e4d
? rcu_read_lock_sched_held+0x45/0xa5
? lock_acquire+0xcb/0x210
? drm_fb_helper_initial_config+0x32/0x4f [drm_kms_helper]
__drm_fb_helper_initial_config_and_unlock+0x3e/0x5f0 [drm_kms_helper]
amdgpu_fbdev_init+0xee/0x110 [amdgpu]
amdgpu_device_init+0x1996/0x1e13 [amdgpu]
amdgpu_driver_load_kms+0x47/0x33d [amdgpu]
amdgpu_pci_probe+0xeb/0x1a6 [amdgpu]
pci_device_probe+0xa1/0x121
really_probe+0xe4/0x331
__driver_probe_device+0x84/0xe1
driver_probe_device+0x1a/0x6d
__driver_attach+0xac/0xc3
? driver_attach+0x15/0x15
bus_for_each_dev+0x8c/0xc0
bus_add_driver+0xf5/0x1f2
driver_register+0x66/0xe7
? 0xffffffffc0ff2000
do_one_initcall+0x109/0x1f4
? 0xffffffffc0ff2000
do_init_module+0x5c/0x1f1
load_module+0x193f/0x1ca9
? kernel_read_file_from_fd+0x5b/0x7e
__se_sys_finit_module+0xa7/0xce
do_syscall_64+0x79/0xa3
? lockdep_hardirqs_on_prepare+0xf6/0x1e3
entry_SYSCALL_64_after_hwframe+0x44/0xae
RIP: 0033:0x7fa99ef681e9
Code: 00 00 b8 ca 00 00 00 0f 05 eb ac 66 0f 1f 44 00 00 48 89 f8 48 89 f7 48
89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01
c3 48 8b 0d 4f fc 0b 00 f7 d8 64 89 01 48
RSP: 002b:00007fff06041ba8 EFLAGS: 00000246 ORIG_RAX: 0000000000000139
RAX: ffffffffffffffda RBX: 000055f2d378be20 RCX: 00007fa99ef681e9
RDX: 0000000000000000 RSI: 00007fa99f0af97f RDI: 0000000000000018
RBP: 0000000000020000 R08: 0000000000000000 R09: fffffffffffffeb8
R10: 0000000000000018 R11: 0000000000000246 R12: 0000000000000000
R13: 000055f2d38eba60 R14: 00007fa99f0af97f R15: 0000000000000000
--
You may reply to this email to add a comment.
You are receiving this mail because:
You are watching the assignee of the bug.
^ permalink raw reply [flat|nested] 5+ messages in thread
* [Bug 214853] [amdgpu] UBSAN shows several null-ptr-deref in ../dc/bios/command_table2.c some array-index-out-of-bounds in ../dc/bios/bios_parser2.c and an invalid-load in ../amdgpu_dm/amdgpu_dm.c
2021-10-27 21:00 [Bug 214853] New: [amdgpu] UBSAN shows several null-ptr-deref in ../dc/bios/command_table2.c some array-index-out-of-bounds in ../dc/bios/bios_parser2.c and an invalid-load in ../amdgpu_dm/amdgpu_dm.c bugzilla-daemon
@ 2021-10-27 21:02 ` bugzilla-daemon
2022-05-09 11:04 ` bugzilla-daemon
` (2 subsequent siblings)
3 siblings, 0 replies; 5+ messages in thread
From: bugzilla-daemon @ 2021-10-27 21:02 UTC (permalink / raw)
To: dri-devel
https://bugzilla.kernel.org/show_bug.cgi?id=214853
--- Comment #1 from Erhard F. (erhard_f@mailbox.org) ---
Created attachment 299339
--> https://bugzilla.kernel.org/attachment.cgi?id=299339&action=edit
kernel config (kernel 5.15-rc7, AMD FX-8370)
# lspci
00:00.0 Host bridge: Advanced Micro Devices, Inc. [AMD/ATI] RD9x0/RX980 Host
Bridge (rev 02)
00:00.2 IOMMU: Advanced Micro Devices, Inc. [AMD/ATI] RD890S/RD990 I/O Memory
Management Unit (IOMMU)
00:02.0 PCI bridge: Advanced Micro Devices, Inc. [AMD/ATI] RD890/RD9x0/RX980
PCI to PCI bridge (PCI Express GFX port 0)
00:04.0 PCI bridge: Advanced Micro Devices, Inc. [AMD/ATI] RD890/RD9x0/RX980
PCI to PCI bridge (PCI Express GPP Port 0)
00:06.0 PCI bridge: Advanced Micro Devices, Inc. [AMD/ATI] RD890/RD9x0/RX980
PCI to PCI bridge (PCI Express GPP Port 2)
00:09.0 PCI bridge: Advanced Micro Devices, Inc. [AMD/ATI] RD890/RD9x0/RX980
PCI to PCI bridge (PCI Express GPP Port 4)
00:11.0 SATA controller: Advanced Micro Devices, Inc. [AMD/ATI]
SB7x0/SB8x0/SB9x0 SATA Controller [AHCI mode] (rev 40)
00:12.0 USB controller: Advanced Micro Devices, Inc. [AMD/ATI]
SB7x0/SB8x0/SB9x0 USB OHCI0 Controller
00:12.2 USB controller: Advanced Micro Devices, Inc. [AMD/ATI]
SB7x0/SB8x0/SB9x0 USB EHCI Controller
00:13.0 USB controller: Advanced Micro Devices, Inc. [AMD/ATI]
SB7x0/SB8x0/SB9x0 USB OHCI0 Controller
00:13.2 USB controller: Advanced Micro Devices, Inc. [AMD/ATI]
SB7x0/SB8x0/SB9x0 USB EHCI Controller
00:14.0 SMBus: Advanced Micro Devices, Inc. [AMD/ATI] SBx00 SMBus Controller
(rev 42)
00:14.2 Audio device: Advanced Micro Devices, Inc. [AMD/ATI] SBx00 Azalia
(Intel HDA) (rev 40)
00:14.3 ISA bridge: Advanced Micro Devices, Inc. [AMD/ATI] SB7x0/SB8x0/SB9x0
LPC host controller (rev 40)
00:14.4 PCI bridge: Advanced Micro Devices, Inc. [AMD/ATI] SBx00 PCI to PCI
Bridge (rev 40)
00:14.5 USB controller: Advanced Micro Devices, Inc. [AMD/ATI]
SB7x0/SB8x0/SB9x0 USB OHCI2 Controller
00:15.0 PCI bridge: Advanced Micro Devices, Inc. [AMD/ATI] SB700/SB800/SB900
PCI to PCI bridge (PCIE port 0)
00:16.0 USB controller: Advanced Micro Devices, Inc. [AMD/ATI]
SB7x0/SB8x0/SB9x0 USB OHCI0 Controller
00:16.2 USB controller: Advanced Micro Devices, Inc. [AMD/ATI]
SB7x0/SB8x0/SB9x0 USB EHCI Controller
00:18.0 Host bridge: Advanced Micro Devices, Inc. [AMD] Family 15h Processor
Function 0
00:18.1 Host bridge: Advanced Micro Devices, Inc. [AMD] Family 15h Processor
Function 1
00:18.2 Host bridge: Advanced Micro Devices, Inc. [AMD] Family 15h Processor
Function 2
00:18.3 Host bridge: Advanced Micro Devices, Inc. [AMD] Family 15h Processor
Function 3
00:18.4 Host bridge: Advanced Micro Devices, Inc. [AMD] Family 15h Processor
Function 4
00:18.5 Host bridge: Advanced Micro Devices, Inc. [AMD] Family 15h Processor
Function 5
01:00.0 PCI bridge: Advanced Micro Devices, Inc. [AMD/ATI] Navi 10 XL Upstream
Port of PCI Express Switch (rev c5)
02:00.0 PCI bridge: Advanced Micro Devices, Inc. [AMD/ATI] Navi 10 XL
Downstream Port of PCI Express Switch
03:00.0 VGA compatible controller: Advanced Micro Devices, Inc. [AMD/ATI] Navi
14 [Radeon RX 5500/5500M / Pro 5500M] (rev c5)
03:00.1 Audio device: Advanced Micro Devices, Inc. [AMD/ATI] Navi 10 HDMI Audio
04:00.0 USB controller: Renesas Technology Corp. uPD720201 USB 3.0 Host
Controller (rev 03)
05:00.0 Non-Volatile memory controller: Shenzhen Longsys Electronics Co., Ltd.
SM2263EN/SM2263XT-based OEM SSD (rev 03)
06:00.0 USB controller: ASMedia Technology Inc. ASM1143 USB 3.1 Host Controller
08:00.0 Ethernet controller: Qualcomm Atheros Killer E2400 Gigabit Ethernet
Controller (rev 10)
# lspci -vv -s 03:00.0
03:00.0 VGA compatible controller: Advanced Micro Devices, Inc. [AMD/ATI] Navi
14 [Radeon RX 5500/5500M / Pro 5500M] (rev c5) (prog-if 00 [VGA controller])
Subsystem: ASRock Incorporation Navi 14 [Radeon RX 5500/5500M / Pro
5500M]
Control: I/O+ Mem+ BusMaster+ SpecCycle- MemWINV- VGASnoop- ParErr-
Stepping- SERR- FastB2B- DisINTx+
Status: Cap+ 66MHz- UDF- FastB2B- ParErr- DEVSEL=fast >TAbort- <TAbort-
<MAbort- >SERR- <PERR- INTx-
Latency: 0, Cache Line Size: 64 bytes
Interrupt: pin A routed to IRQ 54
Region 0: Memory at c0000000 (64-bit, prefetchable) [size=256M]
Region 2: Memory at d0000000 (64-bit, prefetchable) [size=2M]
Region 4: I/O ports at e000 [size=256]
Region 5: Memory at fe500000 (32-bit, non-prefetchable) [size=512K]
Expansion ROM at 000c0000 [disabled] [size=128K]
Capabilities: [48] Vendor Specific Information: Len=08 <?>
Capabilities: [50] Power Management version 3
Flags: PMEClk- DSI- D1- D2- AuxCurrent=0mA
PME(D0-,D1+,D2+,D3hot+,D3cold+)
Status: D0 NoSoftRst+ PME-Enable- DSel=0 DScale=0 PME-
Capabilities: [64] Express (v2) Legacy Endpoint, MSI 00
DevCap: MaxPayload 256 bytes, PhantFunc 0, Latency L0s <4us, L1
unlimited
ExtTag+ AttnBtn- AttnInd- PwrInd- RBE+ FLReset-
DevCtl: CorrErr- NonFatalErr- FatalErr- UnsupReq-
RlxdOrd- ExtTag+ PhantFunc- AuxPwr- NoSnoop+
MaxPayload 128 bytes, MaxReadReq 512 bytes
DevSta: CorrErr+ NonFatalErr+ FatalErr- UnsupReq+ AuxPwr-
TransPend-
LnkCap: Port #0, Speed 16GT/s, Width x16, ASPM L0s L1, Exit
Latency L0s <64ns, L1 <1us
ClockPM- Surprise- LLActRep- BwNot- ASPMOptComp+
LnkCtl: ASPM Disabled; RCB 64 bytes, Disabled- CommClk+
ExtSynch- ClockPM- AutWidDis- BWInt- AutBWInt-
LnkSta: Speed 16GT/s (ok), Width x16 (ok)
TrErr- Train- SlotClk+ DLActive- BWMgmt- ABWMgmt-
DevCap2: Completion Timeout: Range ABCD, TimeoutDis+ NROPrPrP-
LTR+
10BitTagComp+ 10BitTagReq+ OBFF Not Supported, ExtFmt+
EETLPPrefix+, MaxEETLPPrefixes 1
EmergencyPowerReduction Not Supported,
EmergencyPowerReductionInit-
FRS-
AtomicOpsCap: 32bit+ 64bit+ 128bitCAS-
DevCtl2: Completion Timeout: 50us to 50ms, TimeoutDis- LTR+
OBFF Disabled,
AtomicOpsCtl: ReqEn-
LnkCap2: Supported Link Speeds: 2.5-16GT/s, Crosslink- Retimer+
2Retimers+ DRS-
LnkCtl2: Target Link Speed: 16GT/s, EnterCompliance- SpeedDis-
Transmit Margin: Normal Operating Range,
EnterModifiedCompliance- ComplianceSOS-
Compliance De-emphasis: -6dB
LnkSta2: Current De-emphasis Level: -3.5dB,
EqualizationComplete+ EqualizationPhase1+
EqualizationPhase2+ EqualizationPhase3+
LinkEqualizationRequest-
Retimer- 2Retimers- CrosslinkRes: unsupported
Capabilities: [a0] MSI: Enable+ Count=1/1 Maskable- 64bit+
Address: 00000000fee40004 Data: 0024
Capabilities: [100 v1] Vendor Specific Information: ID=0001 Rev=1
Len=010 <?>
Capabilities: [150 v2] Advanced Error Reporting
UESta: DLP- SDES- TLP- FCP- CmpltTO- CmpltAbrt- UnxCmplt-
RxOF- MalfTLP- ECRC- UnsupReq+ ACSViol-
UEMsk: DLP- SDES- TLP- FCP- CmpltTO- CmpltAbrt- UnxCmplt-
RxOF- MalfTLP- ECRC- UnsupReq- ACSViol-
UESvrt: DLP+ SDES+ TLP- FCP+ CmpltTO- CmpltAbrt- UnxCmplt-
RxOF+ MalfTLP+ ECRC- UnsupReq- ACSViol-
CESta: RxErr- BadTLP- BadDLLP- Rollover- Timeout-
AdvNonFatalErr+
CEMsk: RxErr- BadTLP- BadDLLP- Rollover- Timeout-
AdvNonFatalErr+
AERCap: First Error Pointer: 14, ECRCGenCap+ ECRCGenEn-
ECRCChkCap+ ECRCChkEn-
MultHdrRecCap- MultHdrRecEn- TLPPfxPres- HdrLogCap-
HeaderLog: 40001010 000000ff c0b6d300 00000000
Capabilities: [200 v1] Physical Resizable BAR
BAR 0: current size: 256MB, supported: 256MB 512MB 1GB 2GB 4GB
8GB
BAR 2: current size: 2MB, supported: 2MB 4MB 8MB 16MB 32MB 64MB
128MB 256MB
Capabilities: [240 v1] Power Budgeting <?>
Capabilities: [270 v1] Secondary PCI Express
LnkCtl3: LnkEquIntrruptEn- PerformEqu-
LaneErrStat: 0
Capabilities: [2a0 v1] Access Control Services
ACSCap: SrcValid- TransBlk- ReqRedir- CmpltRedir- UpstreamFwd-
EgressCtrl- DirectTrans-
ACSCtl: SrcValid- TransBlk- ReqRedir- CmpltRedir- UpstreamFwd-
EgressCtrl- DirectTrans-
Capabilities: [2b0 v1] Address Translation Service (ATS)
ATSCap: Invalidate Queue Depth: 00
ATSCtl: Enable-, Smallest Translation Unit: 00
Capabilities: [2c0 v1] Page Request Interface (PRI)
PRICtl: Enable- Reset-
PRISta: RF- UPRGI- Stopped+
Page Request Capacity: 00000100, Page Request Allocation:
00000000
Capabilities: [2d0 v1] Process Address Space ID (PASID)
PASIDCap: Exec+ Priv+, Max PASID Width: 10
PASIDCtl: Enable- Exec- Priv-
Capabilities: [320 v1] Latency Tolerance Reporting
Max snoop latency: 1048576ns
Max no snoop latency: 1048576ns
Capabilities: [400 v1] Data Link Feature <?>
Capabilities: [410 v1] Physical Layer 16.0 GT/s <?>
Capabilities: [440 v1] Lane Margining at the Receiver <?>
Kernel driver in use: amdgpu
Kernel modules: amdgpu
--
You may reply to this email to add a comment.
You are receiving this mail because:
You are watching the assignee of the bug.
^ permalink raw reply [flat|nested] 5+ messages in thread
* [Bug 214853] [amdgpu] UBSAN shows several null-ptr-deref in ../dc/bios/command_table2.c some array-index-out-of-bounds in ../dc/bios/bios_parser2.c and an invalid-load in ../amdgpu_dm/amdgpu_dm.c
2021-10-27 21:00 [Bug 214853] New: [amdgpu] UBSAN shows several null-ptr-deref in ../dc/bios/command_table2.c some array-index-out-of-bounds in ../dc/bios/bios_parser2.c and an invalid-load in ../amdgpu_dm/amdgpu_dm.c bugzilla-daemon
2021-10-27 21:02 ` [Bug 214853] " bugzilla-daemon
@ 2022-05-09 11:04 ` bugzilla-daemon
2022-05-09 11:08 ` bugzilla-daemon
2023-03-20 21:47 ` bugzilla-daemon
3 siblings, 0 replies; 5+ messages in thread
From: bugzilla-daemon @ 2022-05-09 11:04 UTC (permalink / raw)
To: dri-devel
https://bugzilla.kernel.org/show_bug.cgi?id=214853
--- Comment #2 from Erhard F. (erhard_f@mailbox.org) ---
Created attachment 300911
--> https://bugzilla.kernel.org/attachment.cgi?id=300911&action=edit
kernel dmesg (kernel 5.18-rc6, AMD Ryzen 9 5950X)
Same card in another machine, still tha same problem in 5.18-rc6:
[...]
================================================================================
UBSAN: array-index-out-of-bounds in
drivers/gpu/drm/amd/amdgpu/../display/dc/bios/bios_parser2.c:388:3
index 8 is out of range for type 'struct atom_gpio_pin_assignment [8]'
CPU: 8 PID: 443 Comm: systemd-udevd Not tainted 5.18.0-rc6-Zen3+ #5
Hardware name: To Be Filled By O.E.M. B450M Steel Legend/B450M Steel Legend,
BIOS P4.30 02/25/2022
Call Trace:
<TASK>
dump_stack_lvl+0xe5/0x154
__ubsan_handle_out_of_bounds+0xd2/0x110
get_gpio_i2c_info+0x474/0xb10 [amdgpu]
bios_parser_get_i2c_info+0x94/0x350 [amdgpu]
? dal_ddc_service_create+0x63/0x620 [amdgpu]
? bios_parser_get_src_obj+0x4a0/0x4a0 [amdgpu]
dal_ddc_service_create+0x257/0x620 [amdgpu]
dcn20_create_resource_pool+0x40ec/0x4150 [amdgpu]
? dal_gpio_service_create+0x160/0x4f0 [amdgpu]
dc_create_resource_pool+0x2bf/0x5a0 [amdgpu]
dc_create+0xa6d/0x14c0 [amdgpu]
dm_hw_init+0x8d3/0x6d40 [amdgpu]
? dev_vprintk_emit+0x20f/0x28c
? dev_printk_emit+0x7c/0xa0
? smu_hw_init+0x741/0xab0 [amdgpu]
amdgpu_device_ip_hw_init_phase2+0x15b/0x430 [amdgpu]
amdgpu_device_ip_init+0xb1f/0xfc0 [amdgpu]
amdgpu_device_init+0x4845/0x6f20 [amdgpu]
? check_chain_key+0x111/0x540
amdgpu_driver_load_kms+0x16/0x470 [amdgpu]
amdgpu_pci_probe+0x531/0xb60 [amdgpu]
pci_device_probe+0x167/0x2c0
really_probe+0x3fb/0x820
__driver_probe_device+0x147/0x240
driver_probe_device+0x4b/0x320
__driver_attach+0x263/0x4f0
? driver_attach+0x40/0x40
bus_for_each_dev+0xff/0x140
bus_add_driver+0x2b7/0x480
driver_register+0x1f5/0x330
? 0xffffffffc0d79000
do_one_initcall+0x12b/0x2d0
? 0xffffffffc0d79000
? __asan_register_globals+0x5b/0x70
do_init_module+0x1b3/0x4e0
load_module+0x3d50/0x4730
? kernel_read_file_from_fd+0x84/0xc0
__se_sys_finit_module+0x128/0x180
do_syscall_64+0x31/0x50
entry_SYSCALL_64_after_hwframe+0x44/0xae
RIP: 0033:0x7fba28d5c789
Code: 08 44 89 e0 5b 41 5c c3 66 0f 1f 84 00 00 00 00 00 48 89 f8 48 89 f7 48
89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01
c3 48 8b 0d 77 86 0e 00 f7 d8 64 89 01 48
RSP: 002b:00007fff5e63a018 EFLAGS: 00000246 ORIG_RAX: 0000000000000139
RAX: ffffffffffffffda RBX: 00005623c86daf90 RCX: 00007fba28d5c789
RDX: 0000000000000000 RSI: 00007fba28eaa97f RDI: 0000000000000019
RBP: 0000000000020000 R08: 0000000000000000 R09: fffffffffffffeb8
R10: 0000000000000019 R11: 0000000000000246 R12: 0000000000000000
R13: 00007fba28eaa97f R14: 00005623c86dd550 R15: 0000000000000000
</TASK>
================================================================================
--
You may reply to this email to add a comment.
You are receiving this mail because:
You are watching the assignee of the bug.
^ permalink raw reply [flat|nested] 5+ messages in thread
* [Bug 214853] [amdgpu] UBSAN shows several null-ptr-deref in ../dc/bios/command_table2.c some array-index-out-of-bounds in ../dc/bios/bios_parser2.c and an invalid-load in ../amdgpu_dm/amdgpu_dm.c
2021-10-27 21:00 [Bug 214853] New: [amdgpu] UBSAN shows several null-ptr-deref in ../dc/bios/command_table2.c some array-index-out-of-bounds in ../dc/bios/bios_parser2.c and an invalid-load in ../amdgpu_dm/amdgpu_dm.c bugzilla-daemon
2021-10-27 21:02 ` [Bug 214853] " bugzilla-daemon
2022-05-09 11:04 ` bugzilla-daemon
@ 2022-05-09 11:08 ` bugzilla-daemon
2023-03-20 21:47 ` bugzilla-daemon
3 siblings, 0 replies; 5+ messages in thread
From: bugzilla-daemon @ 2022-05-09 11:08 UTC (permalink / raw)
To: dri-devel
https://bugzilla.kernel.org/show_bug.cgi?id=214853
--- Comment #3 from Erhard F. (erhard_f@mailbox.org) ---
Created attachment 300912
--> https://bugzilla.kernel.org/attachment.cgi?id=300912&action=edit
kernel .config (kernel 5.18-rc6, AMD Ryzen 9 5950X)
--
You may reply to this email to add a comment.
You are receiving this mail because:
You are watching the assignee of the bug.
^ permalink raw reply [flat|nested] 5+ messages in thread
* [Bug 214853] [amdgpu] UBSAN shows several null-ptr-deref in ../dc/bios/command_table2.c some array-index-out-of-bounds in ../dc/bios/bios_parser2.c and an invalid-load in ../amdgpu_dm/amdgpu_dm.c
2021-10-27 21:00 [Bug 214853] New: [amdgpu] UBSAN shows several null-ptr-deref in ../dc/bios/command_table2.c some array-index-out-of-bounds in ../dc/bios/bios_parser2.c and an invalid-load in ../amdgpu_dm/amdgpu_dm.c bugzilla-daemon
` (2 preceding siblings ...)
2022-05-09 11:08 ` bugzilla-daemon
@ 2023-03-20 21:47 ` bugzilla-daemon
3 siblings, 0 replies; 5+ messages in thread
From: bugzilla-daemon @ 2023-03-20 21:47 UTC (permalink / raw)
To: dri-devel
https://bugzilla.kernel.org/show_bug.cgi?id=214853
Erhard F. (erhard_f@mailbox.org) changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution|--- |OBSOLETE
--- Comment #4 from Erhard F. (erhard_f@mailbox.org) ---
Closing in favour of https://gitlab.freedesktop.org/drm/amd/-/issues/2473.
--
You may reply to this email to add a comment.
You are receiving this mail because:
You are watching the assignee of the bug.
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2023-03-20 21:47 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2021-10-27 21:00 [Bug 214853] New: [amdgpu] UBSAN shows several null-ptr-deref in ../dc/bios/command_table2.c some array-index-out-of-bounds in ../dc/bios/bios_parser2.c and an invalid-load in ../amdgpu_dm/amdgpu_dm.c bugzilla-daemon
2021-10-27 21:02 ` [Bug 214853] " bugzilla-daemon
2022-05-09 11:04 ` bugzilla-daemon
2022-05-09 11:08 ` bugzilla-daemon
2023-03-20 21:47 ` bugzilla-daemon
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.