[Bug 214867] UBSAN: shift-out-of-bounds in drivers/of/unittest.c:1933:36
https://bugzilla.kernel.org/show_bug.cgi?id=214867 Erhard F. (erhar...@mailbox.org) changed: What|Removed |Added Status|NEW |RESOLVED Resolution|--- |CODE_FIX --- Comment #4 from Erhard F. (erhar...@mailbox.org) --- Fix landed in mainline meanwhile. At least I can replicate this no longer on v5.17-rc2. Thanks! -- You may reply to this email to add a comment. You are receiving this mail because: You are watching the assignee of the bug.
[Bug 214867] UBSAN: shift-out-of-bounds in drivers/of/unittest.c:1933:36
https://bugzilla.kernel.org/show_bug.cgi?id=214867 --- Comment #3 from Frank Rowand (bugzilla.kernel@frowand.com) --- I forwarded my email notification of this bug to the mail lists. I prefer discussion to occur there: https://lore.kernel.org/all/c474a371-b524-1da8-4a67-e72cf8f2b...@gmail.com/ Thank you for the report. -- You may reply to this email to add a comment. You are receiving this mail because: You are watching the assignee of the bug.
[Bug 214867] UBSAN: shift-out-of-bounds in drivers/of/unittest.c:1933:36
https://bugzilla.kernel.org/show_bug.cgi?id=214867
Arnd Bergmann (a...@arndb.de) changed:
What|Removed |Added
CC||a...@arndb.de
--- Comment #2 from Arnd Bergmann (a...@arndb.de) ---
This is the function that triggers it:
static void of_unittest_untrack_overlay(int id)
{
if (overlay_first_id < 0)
return;
id -= overlay_first_id;
if (WARN_ON(id >= MAX_UNITTEST_OVERLAYS))
return;
overlay_id_bits[BIT_WORD(id)] &= ~BIT_MASK(id);
}
My guess is that 'id' is negative here, which means it fails to tigger the
WARN_ON() but ends up still being out of range.
Can you try changing it to 'unsigned int id'?
--
You may reply to this email to add a comment.
You are receiving this mail because:
You are watching the assignee of the bug.
[Bug 214867] UBSAN: shift-out-of-bounds in drivers/of/unittest.c:1933:36
https://bugzilla.kernel.org/show_bug.cgi?id=214867 --- Comment #1 from Erhard F. (erhar...@mailbox.org) --- Created attachment 299363 --> https://bugzilla.kernel.org/attachment.cgi?id=299363=edit kernel .config (kernel 5.15-rc7, Talos II) # lspci :00:00.0 PCI bridge: IBM POWER9 Host Bridge (PHB4) :01:00.0 VGA compatible controller: Advanced Micro Devices, Inc. [AMD/ATI] Turks XT [Radeon HD 6670/7670] :01:00.1 Audio device: Advanced Micro Devices, Inc. [AMD/ATI] Turks HDMI Audio [Radeon HD 6500/6600 / 6700M Series] 0001:00:00.0 PCI bridge: IBM POWER9 Host Bridge (PHB4) 0001:01:00.0 Non-Volatile memory controller: Phison Electronics Corporation Device 5008 (rev 01) 0002:00:00.0 PCI bridge: IBM POWER9 Host Bridge (PHB4) 0003:00:00.0 PCI bridge: IBM POWER9 Host Bridge (PHB4) 0003:01:00.0 USB controller: Texas Instruments TUSB73x0 SuperSpeed USB 3.0 xHCI Host Controller (rev 02) 0004:00:00.0 PCI bridge: IBM POWER9 Host Bridge (PHB4) 0004:01:00.0 Ethernet controller: Broadcom Inc. and subsidiaries NetXtreme BCM5719 Gigabit Ethernet PCIe (rev 01) 0004:01:00.1 Ethernet controller: Broadcom Inc. and subsidiaries NetXtreme BCM5719 Gigabit Ethernet PCIe (rev 01) 0005:00:00.0 PCI bridge: IBM POWER9 Host Bridge (PHB4) 0005:01:00.0 PCI bridge: ASPEED Technology, Inc. AST1150 PCI-to-PCI Bridge (rev 04) 0005:02:00.0 VGA compatible controller: ASPEED Technology, Inc. ASPEED Graphics Family (rev 41) 0030:00:00.0 PCI bridge: IBM POWER9 Host Bridge (PHB4) 0031:00:00.0 PCI bridge: IBM POWER9 Host Bridge (PHB4) 0032:00:00.0 PCI bridge: IBM POWER9 Host Bridge (PHB4) 0033:00:00.0 PCI bridge: IBM POWER9 Host Bridge (PHB4) -- You may reply to this email to add a comment. You are receiving this mail because: You are watching the assignee of the bug.
