From: ben.hutchings@codethink.co.uk (Ben Hutchings)
To: cip-dev@lists.cip-project.org
Subject: [cip-dev] [PATCH 4.4-cip 10/23] drm/radeon: don't include RADEON_HPD_NONE in HPD IRQ enable bitsets
Date: Fri, 09 Dec 2016 00:35:46 +0000 [thread overview]
Message-ID: <1481243746.1860.166.camel@codethink.co.uk> (raw)
In-Reply-To: <1481243545.1860.156.camel@codethink.co.uk>
From: Nicolai Stange <nicstange@gmail.com>
commit b2c0cbd657173f024138d6421774007690ceeffd upstream.
The values of all but the RADEON_HPD_NONE members of the radeon_hpd_id
enum transform 1:1 into bit positions within the 'enabled' bitset as
assembled by evergreen_hpd_init():
enabled |= 1 << radeon_connector->hpd.hpd;
However, if ->hpd.hpd happens to equal RADEON_HPD_NONE == 0xff, UBSAN
reports
UBSAN: Undefined behaviour in drivers/gpu/drm/radeon/evergreen.c:1867:16
shift exponent 255 is too large for 32-bit type 'int'
[...]
Call Trace:
[<ffffffff818c4d35>] dump_stack+0xbc/0x117
[<ffffffff818c4c79>] ? _atomic_dec_and_lock+0x169/0x169
[<ffffffff819411bb>] ubsan_epilogue+0xd/0x4e
[<ffffffff81941cbc>] __ubsan_handle_shift_out_of_bounds+0x1fb/0x254
[<ffffffffa0ba7f2e>] ? atom_execute_table+0x3e/0x50 [radeon]
[<ffffffff81941ac1>] ? __ubsan_handle_load_invalid_value+0x158/0x158
[<ffffffffa0b87700>] ? radeon_get_pll_use_mask+0x130/0x130 [radeon]
[<ffffffff81219930>] ? wake_up_klogd_work_func+0x60/0x60
[<ffffffff8121a35e>] ? vprintk_default+0x3e/0x60
[<ffffffffa0c603c4>] evergreen_hpd_init+0x274/0x2d0 [radeon]
[<ffffffffa0c603c4>] ? evergreen_hpd_init+0x274/0x2d0 [radeon]
[<ffffffffa0bd196e>] radeon_modeset_init+0x8ce/0x18d0 [radeon]
[<ffffffffa0b71d86>] radeon_driver_load_kms+0x186/0x350 [radeon]
[<ffffffffa03b6b16>] drm_dev_register+0xc6/0x100 [drm]
[<ffffffffa03bc8c4>] drm_get_pci_dev+0xe4/0x490 [drm]
[<ffffffff814b83f0>] ? kfree+0x220/0x370
[<ffffffffa0b687c2>] radeon_pci_probe+0x112/0x140 [radeon]
[...]
=====================================================================
radeon 0000:01:00.0: No connectors reported connected with modes
At least on x86, there should be no user-visible impact as there
1 << 0xff == 1 << (0xff & 31) == 1 << 31
holds and 31 > RADEON_MAX_HPD_PINS. Thus, this patch is a cosmetic one.
All of the above applies analogously to evergreen_hpd_fini(),
r100_hpd_init(), r100_hpd_fini(), r600_hpd_init(), r600_hpd_fini(),
rs600_hpd_init() and rs600_hpd_fini()
Silence UBSAN by checking ->hpd.hpd for RADEON_HPD_NONE before oring it
into the 'enabled' bitset in the *_init()- or the 'disabled' bitset in
the *_fini()-functions respectively.
Signed-off-by: Nicolai Stange <nicstange@gmail.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Signed-off-by: Ben Hutchings <ben.hutchings@codethink.co.uk>
---
drivers/gpu/drm/radeon/evergreen.c | 6 ++++--
drivers/gpu/drm/radeon/r100.c | 6 ++++--
drivers/gpu/drm/radeon/r600.c | 6 ++++--
drivers/gpu/drm/radeon/rs600.c | 6 ++++--
4 files changed, 16 insertions(+), 8 deletions(-)
diff --git a/drivers/gpu/drm/radeon/evergreen.c b/drivers/gpu/drm/radeon/evergreen.c
index 32491355a1d4..6792df8ed01a 100644
--- a/drivers/gpu/drm/radeon/evergreen.c
+++ b/drivers/gpu/drm/radeon/evergreen.c
@@ -1864,7 +1864,8 @@ void evergreen_hpd_init(struct radeon_device *rdev)
break;
}
radeon_hpd_set_polarity(rdev, radeon_connector->hpd.hpd);
- enabled |= 1 << radeon_connector->hpd.hpd;
+ if (radeon_connector->hpd.hpd != RADEON_HPD_NONE)
+ enabled |= 1 << radeon_connector->hpd.hpd;
}
radeon_irq_kms_enable_hpd(rdev, enabled);
}
@@ -1907,7 +1908,8 @@ void evergreen_hpd_fini(struct radeon_device *rdev)
default:
break;
}
- disabled |= 1 << radeon_connector->hpd.hpd;
+ if (radeon_connector->hpd.hpd != RADEON_HPD_NONE)
+ disabled |= 1 << radeon_connector->hpd.hpd;
}
radeon_irq_kms_disable_hpd(rdev, disabled);
}
diff --git a/drivers/gpu/drm/radeon/r100.c b/drivers/gpu/drm/radeon/r100.c
index 9e7e2bf03b81..9c5f47099216 100644
--- a/drivers/gpu/drm/radeon/r100.c
+++ b/drivers/gpu/drm/radeon/r100.c
@@ -592,7 +592,8 @@ void r100_hpd_init(struct radeon_device *rdev)
list_for_each_entry(connector, &dev->mode_config.connector_list, head) {
struct radeon_connector *radeon_connector = to_radeon_connector(connector);
- enable |= 1 << radeon_connector->hpd.hpd;
+ if (radeon_connector->hpd.hpd != RADEON_HPD_NONE)
+ enable |= 1 << radeon_connector->hpd.hpd;
radeon_hpd_set_polarity(rdev, radeon_connector->hpd.hpd);
}
radeon_irq_kms_enable_hpd(rdev, enable);
@@ -614,7 +615,8 @@ void r100_hpd_fini(struct radeon_device *rdev)
list_for_each_entry(connector, &dev->mode_config.connector_list, head) {
struct radeon_connector *radeon_connector = to_radeon_connector(connector);
- disable |= 1 << radeon_connector->hpd.hpd;
+ if (radeon_connector->hpd.hpd != RADEON_HPD_NONE)
+ disable |= 1 << radeon_connector->hpd.hpd;
}
radeon_irq_kms_disable_hpd(rdev, disable);
}
diff --git a/drivers/gpu/drm/radeon/r600.c b/drivers/gpu/drm/radeon/r600.c
index cc2fdf0be37a..116373c24d08 100644
--- a/drivers/gpu/drm/radeon/r600.c
+++ b/drivers/gpu/drm/radeon/r600.c
@@ -1002,7 +1002,8 @@ void r600_hpd_init(struct radeon_device *rdev)
break;
}
}
- enable |= 1 << radeon_connector->hpd.hpd;
+ if (radeon_connector->hpd.hpd != RADEON_HPD_NONE)
+ enable |= 1 << radeon_connector->hpd.hpd;
radeon_hpd_set_polarity(rdev, radeon_connector->hpd.hpd);
}
radeon_irq_kms_enable_hpd(rdev, enable);
@@ -1055,7 +1056,8 @@ void r600_hpd_fini(struct radeon_device *rdev)
break;
}
}
- disable |= 1 << radeon_connector->hpd.hpd;
+ if (radeon_connector->hpd.hpd != RADEON_HPD_NONE)
+ disable |= 1 << radeon_connector->hpd.hpd;
}
radeon_irq_kms_disable_hpd(rdev, disable);
}
diff --git a/drivers/gpu/drm/radeon/rs600.c b/drivers/gpu/drm/radeon/rs600.c
index 6244f4e44e9a..4b35213fe028 100644
--- a/drivers/gpu/drm/radeon/rs600.c
+++ b/drivers/gpu/drm/radeon/rs600.c
@@ -413,7 +413,8 @@ void rs600_hpd_init(struct radeon_device *rdev)
default:
break;
}
- enable |= 1 << radeon_connector->hpd.hpd;
+ if (radeon_connector->hpd.hpd != RADEON_HPD_NONE)
+ enable |= 1 << radeon_connector->hpd.hpd;
radeon_hpd_set_polarity(rdev, radeon_connector->hpd.hpd);
}
radeon_irq_kms_enable_hpd(rdev, enable);
@@ -439,7 +440,8 @@ void rs600_hpd_fini(struct radeon_device *rdev)
default:
break;
}
- disable |= 1 << radeon_connector->hpd.hpd;
+ if (radeon_connector->hpd.hpd != RADEON_HPD_NONE)
+ disable |= 1 << radeon_connector->hpd.hpd;
}
radeon_irq_kms_disable_hpd(rdev, disable);
}
--
2.10.2
--
Ben Hutchings
Software Developer, Codethink Ltd.
next prev parent reply other threads:[~2016-12-09 0:35 UTC|newest]
Thread overview: 24+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-12-09 0:32 [cip-dev] [PATCH 4.4-cip 00/23] Undefined Behaviour Sanititizer support Ben Hutchings
2016-12-09 0:33 ` [cip-dev] [PATCH 4.4-cip 01/23] UBSAN: run-time undefined behavior sanity checker Ben Hutchings
2016-12-09 0:33 ` [cip-dev] [PATCH 4.4-cip 02/23] ubsan: cosmetic fix to Kconfig text Ben Hutchings
2016-12-09 0:34 ` [cip-dev] [PATCH 4.4-cip 03/23] PM / sleep: declare __tracedata symbols as char[] rather than char Ben Hutchings
2016-12-09 0:34 ` [cip-dev] [PATCH 4.4-cip 04/23] x86/microcode/intel: Change checksum variables to u32 Ben Hutchings
2016-12-09 0:34 ` [cip-dev] [PATCH 4.4-cip 05/23] mm/page-writeback: fix dirty_ratelimit calculation Ben Hutchings
2016-12-09 0:34 ` [cip-dev] [PATCH 4.4-cip 06/23] perf/core: Fix Undefined behaviour in rb_alloc() Ben Hutchings
2016-12-09 0:35 ` [cip-dev] [PATCH 4.4-cip 07/23] ubsan: fix tree-wide -Wmaybe-uninitialized false positives Ben Hutchings
2016-12-09 0:35 ` [cip-dev] [PATCH 4.4-cip 08/23] mm/filemap: generic_file_read_iter(): check for zero reads unconditionally Ben Hutchings
2016-12-09 0:35 ` [cip-dev] [PATCH 4.4-cip 09/23] perf/x86/amd: Set the size of event map array to PERF_COUNT_HW_MAX Ben Hutchings
2016-12-09 0:35 ` Ben Hutchings [this message]
2016-12-09 0:35 ` [cip-dev] [PATCH 4.4-cip 11/23] btrfs: fix int32 overflow in shrink_delalloc() Ben Hutchings
2016-12-09 0:36 ` [cip-dev] [PATCH 4.4-cip 12/23] blk-mq: fix undefined behaviour in order_to_size() Ben Hutchings
2016-12-09 0:36 ` [cip-dev] [PATCH 4.4-cip 13/23] batman-adv: Fix integer overflow in batadv_iv_ogm_calc_tq Ben Hutchings
2016-12-09 0:36 ` [cip-dev] [PATCH 4.4-cip 14/23] signal: move the "sig < SIGRTMIN" check into siginmask(sig) Ben Hutchings
2016-12-09 0:36 ` [cip-dev] [PATCH 4.4-cip 15/23] mmc: dw_mmc: remove UBSAN warning in dw_mci_setup_bus() Ben Hutchings
2016-12-09 0:36 ` [cip-dev] [PATCH 4.4-cip 16/23] UBSAN: fix typo in format string Ben Hutchings
2016-12-09 0:37 ` [cip-dev] [PATCH 4.4-cip 17/23] rhashtable: fix shift by 64 when shrinking Ben Hutchings
2016-12-09 0:37 ` [cip-dev] [PATCH 4.4-cip 18/23] time: Avoid undefined behaviour in ktime_add_safe() Ben Hutchings
2016-12-09 0:39 ` [cip-dev] [PATCH 4.4-cip 19/23] pwm: samsung: Fix to use lowest div for large enough modulation bits Ben Hutchings
2016-12-09 0:39 ` [cip-dev] [PATCH 4.4-cip 20/23] drm: fix signed integer overflow Ben Hutchings
2016-12-09 0:39 ` [cip-dev] [PATCH 4.4-cip 21/23] xfs: " Ben Hutchings
2016-12-09 0:41 ` [cip-dev] [PATCH 4.4-cip 22/23] net: get rid of an signed integer overflow in ip_idents_reserve() Ben Hutchings
2016-12-09 0:41 ` [cip-dev] [PATCH 4.4-cip 23/23] mlx4: remove unused fields Ben Hutchings
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1481243746.1860.166.camel@codethink.co.uk \
--to=ben.hutchings@codethink.co.uk \
--cc=cip-dev@lists.cip-project.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox