* [Bug 214847] New: [radeon] UBSAN shows several null-ptr-deref in drm/radeon/atom.c, radeon_atombios.c, atombios_encoders.c, atombios_crtc.c
@ 2021-10-27 14:38 bugzilla-daemon
2021-10-27 14:39 ` [Bug 214847] " bugzilla-daemon
` (2 more replies)
0 siblings, 3 replies; 4+ messages in thread
From: bugzilla-daemon @ 2021-10-27 14:38 UTC (permalink / raw)
To: dri-devel
https://bugzilla.kernel.org/show_bug.cgi?id=214847
Bug ID: 214847
Summary: [radeon] UBSAN shows several null-ptr-deref in
drm/radeon/atom.c, radeon_atombios.c,
atombios_encoders.c, atombios_crtc.c
Product: Drivers
Version: 2.5
Kernel Version: 5.15-rc7
Hardware: All
OS: Linux
Tree: Mainline
Status: NEW
Severity: normal
Priority: P1
Component: Video(DRI - non Intel)
Assignee: drivers_video-dri@kernel-bugs.osdl.org
Reporter: erhard_f@mailbox.org
CC: christian.koenig@amd.com
Regression: No
Created attachment 299331
--> https://bugzilla.kernel.org/attachment.cgi?id=299331&action=edit
kernel dmesg (kernel 5.15-rc7, AMD Ryzen 9 5950X)
[...]
[drm] radeon kernel modesetting enabled.
checking generic (e0000000 300000) vs hw (e0000000 10000000)
fb0: switching to radeon from simple
Console: switching to colour dummy device 80x25
radeon 0000:07:00.0: vgaarb: deactivate vga console
[drm] initializing kernel modesetting (RV515 0x1002:0x7187 0x174B:0x3000 0x00).
ATOM BIOS: X1550
================================================================================
UBSAN: null-ptr-deref in drivers/gpu/drm/radeon/atom.c:1400:14
member access within null pointer of type 'ATOM_MASTER_LIST_OF_DATA_TABLES'
(aka 'struct _ATOM_MASTER_LIST_OF_DATA_TABLES')
CPU: 26 PID: 418 Comm: systemd-udevd Not tainted 5.15.0-rc7-Zen3+ #5
Hardware name: To Be Filled By O.E.M. To Be Filled By O.E.M./B450M Steel
Legend, BIOS P4.20 08/03/2021
Call Trace:
dump_stack_lvl+0x7f/0xc0
ubsan_type_mismatch_common+0x248/0x290
__ubsan_handle_type_mismatch_v1+0x49/0x50
atom_allocate_fb_scratch+0x2b/0xf0 [radeon]
radeon_atombios_init+0x113/0x130 [radeon]
rv515_init+0x5b/0x250 [radeon]
radeon_device_init+0x99a/0xe00 [radeon]
radeon_driver_load_kms+0xb8/0x1a0 [radeon]
drm_dev_register+0xec/0x1d0 [drm]
radeon_pci_probe+0xaa/0x100 [radeon]
pci_device_probe+0xaa/0x140
really_probe+0x111/0x360
__driver_probe_device+0x84/0xf0
__driver_attach+0xbb/0x120
? driver_attach+0x20/0x20
bus_for_each_dev+0x93/0xd0
bus_add_driver+0xf5/0x200
driver_register+0x66/0xf0
do_one_initcall+0x11a/0x2e0
? __kernel_text_address+0x56/0xa0
? 0xffffffffc0760000
? mmu_interval_notifier_insert+0xa/0xa0
do_init_module+0x55/0x200
load_module+0x1b50/0x1ee0
? kernel_read_file_from_fd+0x58/0x80
__x64_sys_finit_module+0xa8/0xd0
do_syscall_64+0x79/0xb0
entry_SYSCALL_64_after_hwframe+0x44/0xae
RIP: 0033:0x7f5c569992c9
Code: 0c 00 b8 ca 00 00 00 0f 05 eb a4 66 0f 1f 44 00 00 48 89 f8 48 89 f7 48
89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01
c3 48 8b 0d 6f 1b 0c 00 f7 d8 64 89 01 48
RSP: 002b:00007ffe2a4aefe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000139
RAX: ffffffffffffffda RBX: 0000558584ea2070 RCX: 00007f5c569992c9
RDX: 0000000000000000 RSI: 00007f5c56adc97f RDI: 0000000000000016
RBP: 0000000000020000 R08: 0000000000000000 R09: fffffffffffffeb8
R10: 0000000000000016 R11: 0000000000000246 R12: 0000000000000000
R13: 00007f5c56adc97f R14: 0000558584e510c0 R15: 0000000000000000
================================================================================
================================================================================
UBSAN: null-ptr-deref in drivers/gpu/drm/radeon/radeon_atombios.c:1126:14
member access within null pointer of type 'ATOM_MASTER_LIST_OF_DATA_TABLES'
(aka 'struct _ATOM_MASTER_LIST_OF_DATA_TABLES')
CPU: 26 PID: 418 Comm: systemd-udevd Not tainted 5.15.0-rc7-Zen3+ #5
Hardware name: To Be Filled By O.E.M. To Be Filled By O.E.M./B450M Steel
Legend, BIOS P4.20 08/03/2021
Call Trace:
dump_stack_lvl+0x7f/0xc0
ubsan_type_mismatch_common+0x248/0x290
__ubsan_handle_type_mismatch_v1+0x49/0x50
radeon_atom_get_clock_info+0x2e/0x410 [radeon]
? atom_allocate_fb_scratch+0xa7/0xf0 [radeon]
radeon_get_clock_info+0x170/0x470 [radeon]
rv515_init+0xa0/0x250 [radeon]
radeon_device_init+0x99a/0xe00 [radeon]
radeon_driver_load_kms+0xb8/0x1a0 [radeon]
drm_dev_register+0xec/0x1d0 [drm]
radeon_pci_probe+0xaa/0x100 [radeon]
pci_device_probe+0xaa/0x140
really_probe+0x111/0x360
__driver_probe_device+0x84/0xf0
__driver_attach+0xbb/0x120
? driver_attach+0x20/0x20
bus_for_each_dev+0x93/0xd0
bus_add_driver+0xf5/0x200
driver_register+0x66/0xf0
do_one_initcall+0x11a/0x2e0
? __kernel_text_address+0x56/0xa0
? 0xffffffffc0760000
? mmu_interval_notifier_insert+0xa/0xa0
do_init_module+0x55/0x200
load_module+0x1b50/0x1ee0
? kernel_read_file_from_fd+0x58/0x80
__x64_sys_finit_module+0xa8/0xd0
do_syscall_64+0x79/0xb0
entry_SYSCALL_64_after_hwframe+0x44/0xae
RIP: 0033:0x7f5c569992c9
Code: 0c 00 b8 ca 00 00 00 0f 05 eb a4 66 0f 1f 44 00 00 48 89 f8 48 89 f7 48
89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01
c3 48 8b 0d 6f 1b 0c 00 f7 d8 64 89 01 48
RSP: 002b:00007ffe2a4aefe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000139
RAX: ffffffffffffffda RBX: 0000558584ea2070 RCX: 00007f5c569992c9
RDX: 0000000000000000 RSI: 00007f5c56adc97f RDI: 0000000000000016
RBP: 0000000000020000 R08: 0000000000000000 R09: fffffffffffffeb8
R10: 0000000000000016 R11: 0000000000000246 R12: 0000000000000000
R13: 00007f5c56adc97f R14: 0000558584e510c0 R15: 0000000000000000
================================================================================
[...]
--
You may reply to this email to add a comment.
You are receiving this mail because:
You are watching the assignee of the bug.
^ permalink raw reply [flat|nested] 4+ messages in thread
* [Bug 214847] [radeon] UBSAN shows several null-ptr-deref in drm/radeon/atom.c, radeon_atombios.c, atombios_encoders.c, atombios_crtc.c
2021-10-27 14:38 [Bug 214847] New: [radeon] UBSAN shows several null-ptr-deref in drm/radeon/atom.c, radeon_atombios.c, atombios_encoders.c, atombios_crtc.c bugzilla-daemon
@ 2021-10-27 14:39 ` bugzilla-daemon
2021-10-27 20:45 ` bugzilla-daemon
2023-03-20 20:05 ` bugzilla-daemon
2 siblings, 0 replies; 4+ messages in thread
From: bugzilla-daemon @ 2021-10-27 14:39 UTC (permalink / raw)
To: dri-devel
https://bugzilla.kernel.org/show_bug.cgi?id=214847
--- Comment #1 from Erhard F. (erhard_f@mailbox.org) ---
Created attachment 299333
--> https://bugzilla.kernel.org/attachment.cgi?id=299333&action=edit
kernel config (kernel 5.15-rc7, AMD Ryzen 9 5950X)
--
You may reply to this email to add a comment.
You are receiving this mail because:
You are watching the assignee of the bug.
^ permalink raw reply [flat|nested] 4+ messages in thread
* [Bug 214847] [radeon] UBSAN shows several null-ptr-deref in drm/radeon/atom.c, radeon_atombios.c, atombios_encoders.c, atombios_crtc.c
2021-10-27 14:38 [Bug 214847] New: [radeon] UBSAN shows several null-ptr-deref in drm/radeon/atom.c, radeon_atombios.c, atombios_encoders.c, atombios_crtc.c bugzilla-daemon
2021-10-27 14:39 ` [Bug 214847] " bugzilla-daemon
@ 2021-10-27 20:45 ` bugzilla-daemon
2023-03-20 20:05 ` bugzilla-daemon
2 siblings, 0 replies; 4+ messages in thread
From: bugzilla-daemon @ 2021-10-27 20:45 UTC (permalink / raw)
To: dri-devel
https://bugzilla.kernel.org/show_bug.cgi?id=214847
--- Comment #2 from Erhard F. (erhard_f@mailbox.org) ---
# lspci
00:00.0 Host bridge: Advanced Micro Devices, Inc. [AMD] Starship/Matisse Root
Complex
00:00.2 IOMMU: Advanced Micro Devices, Inc. [AMD] Starship/Matisse IOMMU
00:01.0 Host bridge: Advanced Micro Devices, Inc. [AMD] Starship/Matisse PCIe
Dummy Host Bridge
00:01.1 PCI bridge: Advanced Micro Devices, Inc. [AMD] Starship/Matisse GPP
Bridge
00:01.3 PCI bridge: Advanced Micro Devices, Inc. [AMD] Starship/Matisse GPP
Bridge
00:02.0 Host bridge: Advanced Micro Devices, Inc. [AMD] Starship/Matisse PCIe
Dummy Host Bridge
00:03.0 Host bridge: Advanced Micro Devices, Inc. [AMD] Starship/Matisse PCIe
Dummy Host Bridge
00:03.1 PCI bridge: Advanced Micro Devices, Inc. [AMD] Starship/Matisse GPP
Bridge
00:04.0 Host bridge: Advanced Micro Devices, Inc. [AMD] Starship/Matisse PCIe
Dummy Host Bridge
00:05.0 Host bridge: Advanced Micro Devices, Inc. [AMD] Starship/Matisse PCIe
Dummy Host Bridge
00:07.0 Host bridge: Advanced Micro Devices, Inc. [AMD] Starship/Matisse PCIe
Dummy Host Bridge
00:07.1 PCI bridge: Advanced Micro Devices, Inc. [AMD] Starship/Matisse
Internal PCIe GPP Bridge 0 to bus[E:B]
00:08.0 Host bridge: Advanced Micro Devices, Inc. [AMD] Starship/Matisse PCIe
Dummy Host Bridge
00:08.1 PCI bridge: Advanced Micro Devices, Inc. [AMD] Starship/Matisse
Internal PCIe GPP Bridge 0 to bus[E:B]
00:14.0 SMBus: Advanced Micro Devices, Inc. [AMD] FCH SMBus Controller (rev 61)
00:14.3 ISA bridge: Advanced Micro Devices, Inc. [AMD] FCH LPC Bridge (rev 51)
00:18.0 Host bridge: Advanced Micro Devices, Inc. [AMD] Matisse Device 24:
Function 0
00:18.1 Host bridge: Advanced Micro Devices, Inc. [AMD] Matisse Device 24:
Function 1
00:18.2 Host bridge: Advanced Micro Devices, Inc. [AMD] Matisse Device 24:
Function 2
00:18.3 Host bridge: Advanced Micro Devices, Inc. [AMD] Matisse Device 24:
Function 3
00:18.4 Host bridge: Advanced Micro Devices, Inc. [AMD] Matisse Device 24:
Function 4
00:18.5 Host bridge: Advanced Micro Devices, Inc. [AMD] Matisse Device 24:
Function 5
00:18.6 Host bridge: Advanced Micro Devices, Inc. [AMD] Matisse Device 24:
Function 6
00:18.7 Host bridge: Advanced Micro Devices, Inc. [AMD] Matisse Device 24:
Function 7
01:00.0 Non-Volatile memory controller: Sandisk Corp WD Blue SN550 NVMe SSD
(rev 01)
02:00.0 USB controller: Advanced Micro Devices, Inc. [AMD] 400 Series Chipset
USB 3.1 XHCI Controller (rev 01)
02:00.1 SATA controller: Advanced Micro Devices, Inc. [AMD] 400 Series Chipset
SATA Controller (rev 01)
02:00.2 PCI bridge: Advanced Micro Devices, Inc. [AMD] 400 Series Chipset PCIe
Bridge (rev 01)
03:00.0 PCI bridge: Advanced Micro Devices, Inc. [AMD] 400 Series Chipset PCIe
Port (rev 01)
03:01.0 PCI bridge: Advanced Micro Devices, Inc. [AMD] 400 Series Chipset PCIe
Port (rev 01)
03:04.0 PCI bridge: Advanced Micro Devices, Inc. [AMD] 400 Series Chipset PCIe
Port (rev 01)
05:00.0 Ethernet controller: Realtek Semiconductor Co., Ltd. RTL8111/8168/8411
PCI Express Gigabit Ethernet Controller (rev 15)
07:00.0 VGA compatible controller: Advanced Micro Devices, Inc. [AMD/ATI] RV516
[Radeon X1300/X1550 Series]
07:00.1 Display controller: Advanced Micro Devices, Inc. [AMD/ATI] RV516
[Radeon X1300/X1550 Series] (Secondary)
08:00.0 Non-Essential Instrumentation [1300]: Advanced Micro Devices, Inc.
[AMD] Starship/Matisse PCIe Dummy Function
09:00.0 Non-Essential Instrumentation [1300]: Advanced Micro Devices, Inc.
[AMD] Starship/Matisse Reserved SPP
09:00.1 Encryption controller: Advanced Micro Devices, Inc. [AMD]
Starship/Matisse Cryptographic Coprocessor PSPCPP
09:00.3 USB controller: Advanced Micro Devices, Inc. [AMD] Matisse USB 3.0 Host
Controller
# lspci -vv -s 07:00.0
07:00.0 VGA compatible controller: Advanced Micro Devices, Inc. [AMD/ATI] RV516
[Radeon X1300/X1550 Series] (prog-if 00 [VGA controller])
Subsystem: PC Partner Limited / Sapphire Technology RV516 [Radeon
X1300/X1550 Series]
Control: I/O+ Mem+ BusMaster+ SpecCycle- MemWINV- VGASnoop- ParErr-
Stepping- SERR- FastB2B- DisINTx-
Status: Cap+ 66MHz- UDF- FastB2B- ParErr- DEVSEL=fast >TAbort- <TAbort-
<MAbort- >SERR- <PERR- INTx-
Latency: 0, Cache Line Size: 64 bytes
Interrupt: pin A routed to IRQ 57
IOMMU group: 2
Region 0: Memory at e0000000 (64-bit, prefetchable) [size=256M]
Region 2: Memory at fce30000 (64-bit, non-prefetchable) [size=64K]
Region 4: I/O ports at e000 [size=256]
Expansion ROM at 000c0000 [disabled] [size=128K]
Capabilities: [50] Power Management version 2
Flags: PMEClk- DSI- D1+ D2+ AuxCurrent=0mA
PME(D0-,D1-,D2-,D3hot-,D3cold-)
Status: D0 NoSoftRst- PME-Enable- DSel=0 DScale=0 PME-
Capabilities: [58] Express (v1) Endpoint, MSI 00
DevCap: MaxPayload 128 bytes, PhantFunc 0, Latency L0s <4us, L1
unlimited
ExtTag+ AttnBtn- AttnInd- PwrInd- RBE- FLReset-
SlotPowerLimit 75.000W
DevCtl: CorrErr- NonFatalErr- FatalErr- UnsupReq-
RlxdOrd+ ExtTag+ PhantFunc- AuxPwr- NoSnoop+
MaxPayload 128 bytes, MaxReadReq 128 bytes
DevSta: CorrErr- NonFatalErr- FatalErr- UnsupReq- AuxPwr-
TransPend-
LnkCap: Port #0, Speed 2.5GT/s, Width x16, ASPM L0s L1, Exit
Latency L0s <64ns, L1 <1us
ClockPM- Surprise- LLActRep- BwNot- ASPMOptComp-
LnkCtl: ASPM Disabled; RCB 64 bytes, Disabled- CommClk+
ExtSynch- ClockPM- AutWidDis- BWInt- AutBWInt-
LnkSta: Speed 2.5GT/s (ok), Width x16 (ok)
TrErr- Train- SlotClk+ DLActive- BWMgmt- ABWMgmt-
Capabilities: [80] MSI: Enable- Count=1/1 Maskable- 64bit+
Address: 0000000000000000 Data: 0000
Kernel driver in use: radeon
Kernel modules: radeon
--
You may reply to this email to add a comment.
You are receiving this mail because:
You are watching the assignee of the bug.
^ permalink raw reply [flat|nested] 4+ messages in thread
* [Bug 214847] [radeon] UBSAN shows several null-ptr-deref in drm/radeon/atom.c, radeon_atombios.c, atombios_encoders.c, atombios_crtc.c
2021-10-27 14:38 [Bug 214847] New: [radeon] UBSAN shows several null-ptr-deref in drm/radeon/atom.c, radeon_atombios.c, atombios_encoders.c, atombios_crtc.c bugzilla-daemon
2021-10-27 14:39 ` [Bug 214847] " bugzilla-daemon
2021-10-27 20:45 ` bugzilla-daemon
@ 2023-03-20 20:05 ` bugzilla-daemon
2 siblings, 0 replies; 4+ messages in thread
From: bugzilla-daemon @ 2023-03-20 20:05 UTC (permalink / raw)
To: dri-devel
https://bugzilla.kernel.org/show_bug.cgi?id=214847
Erhard F. (erhard_f@mailbox.org) changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution|--- |OBSOLETE
--- Comment #3 from Erhard F. (erhard_f@mailbox.org) ---
Have not seen this on recent kernels with USBAN, neither on current v6.3-rc3.
Closing here.
--
You may reply to this email to add a comment.
You are receiving this mail because:
You are watching the assignee of the bug.
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2023-03-20 20:05 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-10-27 14:38 [Bug 214847] New: [radeon] UBSAN shows several null-ptr-deref in drm/radeon/atom.c, radeon_atombios.c, atombios_encoders.c, atombios_crtc.c bugzilla-daemon
2021-10-27 14:39 ` [Bug 214847] " bugzilla-daemon
2021-10-27 20:45 ` bugzilla-daemon
2023-03-20 20:05 ` bugzilla-daemon
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).