All of lore.kernel.org
 help / color / mirror / Atom feed
From: bugzilla-daemon@bugzilla.kernel.org
To: dri-devel@lists.freedesktop.org
Subject: [Bug 214853] New: [amdgpu] UBSAN shows several null-ptr-deref in ../dc/bios/command_table2.c some array-index-out-of-bounds in ../dc/bios/bios_parser2.c and an invalid-load in ../amdgpu_dm/amdgpu_dm.c
Date: Wed, 27 Oct 2021 21:00:15 +0000	[thread overview]
Message-ID: <bug-214853-2300@https.bugzilla.kernel.org/> (raw)

https://bugzilla.kernel.org/show_bug.cgi?id=214853

            Bug ID: 214853
           Summary: [amdgpu] UBSAN shows several null-ptr-deref in
                    ../dc/bios/command_table2.c some
                    array-index-out-of-bounds in ../dc/bios/bios_parser2.c
                    and an invalid-load in ../amdgpu_dm/amdgpu_dm.c
           Product: Drivers
           Version: 2.5
    Kernel Version: 5.15-rc7
          Hardware: All
                OS: Linux
              Tree: Mainline
            Status: NEW
          Severity: normal
          Priority: P1
         Component: Video(DRI - non Intel)
          Assignee: drivers_video-dri@kernel-bugs.osdl.org
          Reporter: erhard_f@mailbox.org
                CC: christian.koenig@amd.com
        Regression: No

Created attachment 299337
  --> https://bugzilla.kernel.org/attachment.cgi?id=299337&action=edit
kernel dmesg (kernel 5.15-rc7, AMD FX-8370)

[...]
UBSAN: null-ptr-deref in
drivers/gpu/drm/amd/amdgpu/../display/dc/bios/command_table2.c:872:3
member access within null pointer of type 'struct
atom_master_list_of_command_functions_v2_1'
CPU: 3 PID: 234 Comm: systemd-udevd Not tainted 5.15.0-rc7-bdver2 #11
Hardware name: Gigabyte Technology Co., Ltd. To be filled by O.E.M./970-GAMING,
BIOS F2 04/06/2016
Call Trace:
 dump_stack_lvl+0x8d/0xd9
 ubsan_epilogue+0x5/0x44
 __ubsan_handle_type_mismatch_v1+0x45/0x4a
 dal_firmware_parser_init_cmd_tbl+0x31c/0x37c [amdgpu]
 bios_parser2_construct+0x16f/0x9cb [amdgpu]
 firmware_parser_create+0x36/0x4c [amdgpu]
 dal_bios_parser_create+0xc/0x20 [amdgpu]
 dc_create+0x25d/0x764 [amdgpu]
 dm_hw_init+0x28a/0x697 [amdgpu]
 ? dev_printk_emit+0x4c/0x66
 amdgpu_device_init+0x1847/0x1e13 [amdgpu]
 amdgpu_driver_load_kms+0x47/0x33d [amdgpu]
 amdgpu_pci_probe+0xeb/0x1a6 [amdgpu]
 pci_device_probe+0xa1/0x121
 really_probe+0xe4/0x331
 __driver_probe_device+0x84/0xe1
 driver_probe_device+0x1a/0x6d
 __driver_attach+0xac/0xc3
 ? driver_attach+0x15/0x15
 bus_for_each_dev+0x8c/0xc0
 bus_add_driver+0xf5/0x1f2
 driver_register+0x66/0xe7
 ? 0xffffffffc0ff2000
 do_one_initcall+0x109/0x1f4
 ? 0xffffffffc0ff2000
 do_init_module+0x5c/0x1f1
 load_module+0x193f/0x1ca9
 ? kernel_read_file_from_fd+0x5b/0x7e
 __se_sys_finit_module+0xa7/0xce
 do_syscall_64+0x79/0xa3
 ? lockdep_hardirqs_on_prepare+0xf6/0x1e3
 entry_SYSCALL_64_after_hwframe+0x44/0xae
RIP: 0033:0x7fa99ef681e9
Code: 00 00 b8 ca 00 00 00 0f 05 eb ac 66 0f 1f 44 00 00 48 89 f8 48 89 f7 48
89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01
c3 48 8b 0d 4f fc 0b 00 f7 d8 64 89 01 48
RSP: 002b:00007fff06041ba8 EFLAGS: 00000246 ORIG_RAX: 0000000000000139
RAX: ffffffffffffffda RBX: 000055f2d378be20 RCX: 00007fa99ef681e9
RDX: 0000000000000000 RSI: 00007fa99f0af97f RDI: 0000000000000018
RBP: 0000000000020000 R08: 0000000000000000 R09: fffffffffffffeb8
R10: 0000000000000018 R11: 0000000000000246 R12: 0000000000000000
R13: 000055f2d38eba60 R14: 00007fa99f0af97f R15: 0000000000000000
================================================================================
================================================================================
UBSAN: array-index-out-of-bounds in
drivers/gpu/drm/amd/amdgpu/../display/dc/bios/bios_parser2.c:384:3
index 8 is out of range for type 'struct atom_gpio_pin_assignment [8]'
CPU: 3 PID: 234 Comm: systemd-udevd Not tainted 5.15.0-rc7-bdver2 #11
Hardware name: Gigabyte Technology Co., Ltd. To be filled by O.E.M./970-GAMING,
BIOS F2 04/06/2016
Call Trace:
 dump_stack_lvl+0x8d/0xd9
 ubsan_epilogue+0x5/0x44
 __ubsan_handle_out_of_bounds+0x9e/0xa0
 get_gpio_i2c_info+0xe0/0x17e [amdgpu]
 bios_parser_get_i2c_info+0x5b/0xfa [amdgpu]
 dal_ddc_service_create+0xa7/0x1a8 [amdgpu]
 dcn20_resource_construct+0x106e/0x10ba [amdgpu]
 ? find_held_lock+0x41/0xc1
 ? slab_post_alloc_hook+0x5f/0x8a
 dcn20_create_resource_pool+0x39/0x6f [amdgpu]
 dc_create_resource_pool+0x164/0x213 [amdgpu]
 ? dal_gpio_service_create+0x8f/0x193 [amdgpu]
 dc_create+0x2b3/0x764 [amdgpu]
 dm_hw_init+0x28a/0x697 [amdgpu]
 ? dev_printk_emit+0x4c/0x66
 amdgpu_device_init+0x1847/0x1e13 [amdgpu]
 amdgpu_driver_load_kms+0x47/0x33d [amdgpu]
 amdgpu_pci_probe+0xeb/0x1a6 [amdgpu]
 pci_device_probe+0xa1/0x121
 really_probe+0xe4/0x331
 __driver_probe_device+0x84/0xe1
 driver_probe_device+0x1a/0x6d
 __driver_attach+0xac/0xc3
 ? driver_attach+0x15/0x15
 bus_for_each_dev+0x8c/0xc0
 bus_add_driver+0xf5/0x1f2
 driver_register+0x66/0xe7
 ? 0xffffffffc0ff2000
 do_one_initcall+0x109/0x1f4
 ? 0xffffffffc0ff2000
 do_init_module+0x5c/0x1f1
 load_module+0x193f/0x1ca9
 ? kernel_read_file_from_fd+0x5b/0x7e
 __se_sys_finit_module+0xa7/0xce
 do_syscall_64+0x79/0xa3
 ? lockdep_hardirqs_on_prepare+0xf6/0x1e3
 entry_SYSCALL_64_after_hwframe+0x44/0xae
RIP: 0033:0x7fa99ef681e9
Code: 00 00 b8 ca 00 00 00 0f 05 eb ac 66 0f 1f 44 00 00 48 89 f8 48 89 f7 48
89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01
c3 48 8b 0d 4f fc 0b 00 f7 d8 64 89 01 48
RSP: 002b:00007fff06041ba8 EFLAGS: 00000246 ORIG_RAX: 0000000000000139
RAX: ffffffffffffffda RBX: 000055f2d378be20 RCX: 00007fa99ef681e9
RDX: 0000000000000000 RSI: 00007fa99f0af97f RDI: 0000000000000018
RBP: 0000000000020000 R08: 0000000000000000 R09: fffffffffffffeb8
R10: 0000000000000018 R11: 0000000000000246 R12: 0000000000000000
R13: 000055f2d38eba60 R14: 00007fa99f0af97f R15: 0000000000000000
[...]
=
UBSAN: invalid-load in
drivers/gpu/drm/amd/amdgpu/../display/amdgpu_dm/amdgpu_dm.c:5865:85
load of value 170 is not a valid value for type 'bool' (aka '_Bool')
CPU: 5 PID: 234 Comm: systemd-udevd Not tainted 5.15.0-rc7-bdver2 #11
Hardware name: Gigabyte Technology Co., Ltd. To be filled by O.E.M./970-GAMING,
BIOS F2 04/06/2016
Call Trace:
 dump_stack_lvl+0x8d/0xd9
 ubsan_epilogue+0x5/0x44
 __ubsan_handle_load_invalid_value+0x9e/0xa0
 create_validate_stream_for_sink+0x6bb/0x777 [amdgpu]
 ? lockdep_hardirqs_on_prepare+0xf6/0x1e3
 amdgpu_dm_connector_mode_valid+0x70/0x1b9 [amdgpu]
 ? drm_connector_list_update+0xba/0x121 [drm]
 drm_connector_mode_valid+0x34/0x42 [drm_kms_helper]
 drm_helper_probe_single_connector_modes+0x4d7/0x88e [drm_kms_helper]
 ? drm_client_modeset_probe+0x1fa/0x14c9 [drm]
 drm_client_modeset_probe+0x232/0x14c9 [drm]
 ? add_chain_block+0x165/0x22f
 ? __lock_acquire+0xc7c/0x1e4d
 ? rcu_read_lock_sched_held+0x45/0xa5
 ? lock_acquire+0xcb/0x210
 ? drm_fb_helper_initial_config+0x32/0x4f [drm_kms_helper]
 __drm_fb_helper_initial_config_and_unlock+0x3e/0x5f0 [drm_kms_helper]
 amdgpu_fbdev_init+0xee/0x110 [amdgpu]
 amdgpu_device_init+0x1996/0x1e13 [amdgpu]
 amdgpu_driver_load_kms+0x47/0x33d [amdgpu]
 amdgpu_pci_probe+0xeb/0x1a6 [amdgpu]
 pci_device_probe+0xa1/0x121
 really_probe+0xe4/0x331
 __driver_probe_device+0x84/0xe1
 driver_probe_device+0x1a/0x6d
 __driver_attach+0xac/0xc3
 ? driver_attach+0x15/0x15
 bus_for_each_dev+0x8c/0xc0
 bus_add_driver+0xf5/0x1f2
 driver_register+0x66/0xe7
 ? 0xffffffffc0ff2000
 do_one_initcall+0x109/0x1f4
 ? 0xffffffffc0ff2000
 do_init_module+0x5c/0x1f1
 load_module+0x193f/0x1ca9
 ? kernel_read_file_from_fd+0x5b/0x7e
 __se_sys_finit_module+0xa7/0xce
 do_syscall_64+0x79/0xa3
 ? lockdep_hardirqs_on_prepare+0xf6/0x1e3
 entry_SYSCALL_64_after_hwframe+0x44/0xae
RIP: 0033:0x7fa99ef681e9
Code: 00 00 b8 ca 00 00 00 0f 05 eb ac 66 0f 1f 44 00 00 48 89 f8 48 89 f7 48
89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01
c3 48 8b 0d 4f fc 0b 00 f7 d8 64 89 01 48
RSP: 002b:00007fff06041ba8 EFLAGS: 00000246 ORIG_RAX: 0000000000000139
RAX: ffffffffffffffda RBX: 000055f2d378be20 RCX: 00007fa99ef681e9
RDX: 0000000000000000 RSI: 00007fa99f0af97f RDI: 0000000000000018
RBP: 0000000000020000 R08: 0000000000000000 R09: fffffffffffffeb8
R10: 0000000000000018 R11: 0000000000000246 R12: 0000000000000000
R13: 000055f2d38eba60 R14: 00007fa99f0af97f R15: 0000000000000000

-- 
You may reply to this email to add a comment.

You are receiving this mail because:
You are watching the assignee of the bug.

             reply	other threads:[~2021-10-27 21:00 UTC|newest]

Thread overview: 5+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2021-10-27 21:00 bugzilla-daemon [this message]
2021-10-27 21:02 ` [Bug 214853] [amdgpu] UBSAN shows several null-ptr-deref in ../dc/bios/command_table2.c some array-index-out-of-bounds in ../dc/bios/bios_parser2.c and an invalid-load in ../amdgpu_dm/amdgpu_dm.c bugzilla-daemon
2022-05-09 11:04 ` bugzilla-daemon
2022-05-09 11:08 ` bugzilla-daemon
2023-03-20 21:47 ` bugzilla-daemon

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=bug-214853-2300@https.bugzilla.kernel.org/ \
    --to=bugzilla-daemon@bugzilla.kernel.org \
    --cc=dri-devel@lists.freedesktop.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.