* [Bug 214867] New: UBSAN: shift-out-of-bounds in drivers/of/unittest.c:1933:36
@ 2021-10-29 13:59 bugzilla-daemon
2021-10-29 14:00 ` [Bug 214867] " bugzilla-daemon
` (3 more replies)
0 siblings, 4 replies; 5+ messages in thread
From: bugzilla-daemon @ 2021-10-29 13:59 UTC (permalink / raw)
To: linuxppc-dev
https://bugzilla.kernel.org/show_bug.cgi?id=214867
Bug ID: 214867
Summary: UBSAN: shift-out-of-bounds in
drivers/of/unittest.c:1933:36
Product: Platform Specific/Hardware
Version: 2.5
Kernel Version: 5.15-rc7
Hardware: PPC-64
OS: Linux
Tree: Mainline
Status: NEW
Severity: normal
Priority: P1
Component: PPC-64
Assignee: platform_ppc-64@kernel-bugs.osdl.org
Reporter: erhard_f@mailbox.org
CC: bugzilla.kernel.org@frowand.com
Regression: No
Created attachment 299361
--> https://bugzilla.kernel.org/attachment.cgi?id=299361&action=edit
kernel dmesg (kernel 5.15-rc7, Talos II)
UBSAN catches this at boot on my Talos II.
[...]
### dt-test ### EXPECT / : GPIO line <<int>> (line-C-input) hogged as input
================================================================================
UBSAN: shift-out-of-bounds in drivers/of/unittest.c:1933:36
shift exponent -1 is negative
CPU: 2 PID: 1 Comm: swapper/0 Not tainted 5.15.0-rc7-TalosII #1
Call Trace:
[c000000004163700] [c0000000008ffaa8] .dump_stack_lvl+0xa4/0x100 (unreliable)
[c000000004163790] [c0000000008fb46c] .ubsan_epilogue+0x10/0x70
[c000000004163800] [c0000000008fb270]
.__ubsan_handle_shift_out_of_bounds+0x1f0/0x34c
[c000000004163910] [c000000000ad94a0] .of_unittest_untrack_overlay+0x6c/0xe0
[c0000000041639a0] [c000000002098ff8] .of_unittest+0x4c50/0x59f8
[c000000004163b60] [c000000000011b5c] .do_one_initcall+0x7c/0x4f0
[c000000004163c50] [c00000000200300c] .kernel_init_freeable+0x704/0x858
[c000000004163d90] [c000000000012730] .kernel_init+0x20/0x190
[c000000004163e10] [c00000000000ce78] .ret_from_kernel_thread+0x58/0x60
================================================================================
### dt-test ### EXPECT \ : OF: overlay: WARNING: memory leak will occur if
overlay removed, property: /testcase-data-2/substation@100/status
[...]
--
You may reply to this email to add a comment.
You are receiving this mail because:
You are watching the assignee of the bug.
^ permalink raw reply [flat|nested] 5+ messages in thread
* [Bug 214867] UBSAN: shift-out-of-bounds in drivers/of/unittest.c:1933:36
2021-10-29 13:59 [Bug 214867] New: UBSAN: shift-out-of-bounds in drivers/of/unittest.c:1933:36 bugzilla-daemon
@ 2021-10-29 14:00 ` bugzilla-daemon
2021-10-29 14:06 ` bugzilla-daemon
` (2 subsequent siblings)
3 siblings, 0 replies; 5+ messages in thread
From: bugzilla-daemon @ 2021-10-29 14:00 UTC (permalink / raw)
To: linuxppc-dev
https://bugzilla.kernel.org/show_bug.cgi?id=214867
--- Comment #1 from Erhard F. (erhard_f@mailbox.org) ---
Created attachment 299363
--> https://bugzilla.kernel.org/attachment.cgi?id=299363&action=edit
kernel .config (kernel 5.15-rc7, Talos II)
# lspci
0000:00:00.0 PCI bridge: IBM POWER9 Host Bridge (PHB4)
0000:01:00.0 VGA compatible controller: Advanced Micro Devices, Inc. [AMD/ATI]
Turks XT [Radeon HD 6670/7670]
0000:01:00.1 Audio device: Advanced Micro Devices, Inc. [AMD/ATI] Turks HDMI
Audio [Radeon HD 6500/6600 / 6700M Series]
0001:00:00.0 PCI bridge: IBM POWER9 Host Bridge (PHB4)
0001:01:00.0 Non-Volatile memory controller: Phison Electronics Corporation
Device 5008 (rev 01)
0002:00:00.0 PCI bridge: IBM POWER9 Host Bridge (PHB4)
0003:00:00.0 PCI bridge: IBM POWER9 Host Bridge (PHB4)
0003:01:00.0 USB controller: Texas Instruments TUSB73x0 SuperSpeed USB 3.0 xHCI
Host Controller (rev 02)
0004:00:00.0 PCI bridge: IBM POWER9 Host Bridge (PHB4)
0004:01:00.0 Ethernet controller: Broadcom Inc. and subsidiaries NetXtreme
BCM5719 Gigabit Ethernet PCIe (rev 01)
0004:01:00.1 Ethernet controller: Broadcom Inc. and subsidiaries NetXtreme
BCM5719 Gigabit Ethernet PCIe (rev 01)
0005:00:00.0 PCI bridge: IBM POWER9 Host Bridge (PHB4)
0005:01:00.0 PCI bridge: ASPEED Technology, Inc. AST1150 PCI-to-PCI Bridge (rev
04)
0005:02:00.0 VGA compatible controller: ASPEED Technology, Inc. ASPEED Graphics
Family (rev 41)
0030:00:00.0 PCI bridge: IBM POWER9 Host Bridge (PHB4)
0031:00:00.0 PCI bridge: IBM POWER9 Host Bridge (PHB4)
0032:00:00.0 PCI bridge: IBM POWER9 Host Bridge (PHB4)
0033:00:00.0 PCI bridge: IBM POWER9 Host Bridge (PHB4)
--
You may reply to this email to add a comment.
You are receiving this mail because:
You are watching the assignee of the bug.
^ permalink raw reply [flat|nested] 5+ messages in thread
* [Bug 214867] UBSAN: shift-out-of-bounds in drivers/of/unittest.c:1933:36
2021-10-29 13:59 [Bug 214867] New: UBSAN: shift-out-of-bounds in drivers/of/unittest.c:1933:36 bugzilla-daemon
2021-10-29 14:00 ` [Bug 214867] " bugzilla-daemon
@ 2021-10-29 14:06 ` bugzilla-daemon
2021-10-30 0:01 ` bugzilla-daemon
2022-02-04 13:20 ` bugzilla-daemon
3 siblings, 0 replies; 5+ messages in thread
From: bugzilla-daemon @ 2021-10-29 14:06 UTC (permalink / raw)
To: linuxppc-dev
https://bugzilla.kernel.org/show_bug.cgi?id=214867
Arnd Bergmann (arnd@arndb.de) changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |arnd@arndb.de
--- Comment #2 from Arnd Bergmann (arnd@arndb.de) ---
This is the function that triggers it:
static void of_unittest_untrack_overlay(int id)
{
if (overlay_first_id < 0)
return;
id -= overlay_first_id;
if (WARN_ON(id >= MAX_UNITTEST_OVERLAYS))
return;
overlay_id_bits[BIT_WORD(id)] &= ~BIT_MASK(id);
}
My guess is that 'id' is negative here, which means it fails to tigger the
WARN_ON() but ends up still being out of range.
Can you try changing it to 'unsigned int id'?
--
You may reply to this email to add a comment.
You are receiving this mail because:
You are watching the assignee of the bug.
^ permalink raw reply [flat|nested] 5+ messages in thread
* [Bug 214867] UBSAN: shift-out-of-bounds in drivers/of/unittest.c:1933:36
2021-10-29 13:59 [Bug 214867] New: UBSAN: shift-out-of-bounds in drivers/of/unittest.c:1933:36 bugzilla-daemon
2021-10-29 14:00 ` [Bug 214867] " bugzilla-daemon
2021-10-29 14:06 ` bugzilla-daemon
@ 2021-10-30 0:01 ` bugzilla-daemon
2022-02-04 13:20 ` bugzilla-daemon
3 siblings, 0 replies; 5+ messages in thread
From: bugzilla-daemon @ 2021-10-30 0:01 UTC (permalink / raw)
To: linuxppc-dev
https://bugzilla.kernel.org/show_bug.cgi?id=214867
--- Comment #3 from Frank Rowand (bugzilla.kernel.org@frowand.com) ---
I forwarded my email notification of this bug to the mail lists. I prefer
discussion to occur there:
https://lore.kernel.org/all/c474a371-b524-1da8-4a67-e72cf8f2b0f7@gmail.com/
Thank you for the report.
--
You may reply to this email to add a comment.
You are receiving this mail because:
You are watching the assignee of the bug.
^ permalink raw reply [flat|nested] 5+ messages in thread
* [Bug 214867] UBSAN: shift-out-of-bounds in drivers/of/unittest.c:1933:36
2021-10-29 13:59 [Bug 214867] New: UBSAN: shift-out-of-bounds in drivers/of/unittest.c:1933:36 bugzilla-daemon
` (2 preceding siblings ...)
2021-10-30 0:01 ` bugzilla-daemon
@ 2022-02-04 13:20 ` bugzilla-daemon
3 siblings, 0 replies; 5+ messages in thread
From: bugzilla-daemon @ 2022-02-04 13:20 UTC (permalink / raw)
To: linuxppc-dev
https://bugzilla.kernel.org/show_bug.cgi?id=214867
Erhard F. (erhard_f@mailbox.org) changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution|--- |CODE_FIX
--- Comment #4 from Erhard F. (erhard_f@mailbox.org) ---
Fix landed in mainline meanwhile. At least I can replicate this no longer on
v5.17-rc2.
Thanks!
--
You may reply to this email to add a comment.
You are receiving this mail because:
You are watching the assignee of the bug.
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2022-02-04 13:20 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-10-29 13:59 [Bug 214867] New: UBSAN: shift-out-of-bounds in drivers/of/unittest.c:1933:36 bugzilla-daemon
2021-10-29 14:00 ` [Bug 214867] " bugzilla-daemon
2021-10-29 14:06 ` bugzilla-daemon
2021-10-30 0:01 ` bugzilla-daemon
2022-02-04 13:20 ` bugzilla-daemon
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).