** Description changed: [Impact] A bug in the kernel module source can cause error messages to show up in the kernel when an application closes the device when UBSAN is active. + + From an NVIDIA DGX 1 system: + $ sudo mstflint -d 84:00.0 q + $ dmesg + [ 304.400217] ================================================================================ + [ 304.400267] UBSAN: shift-out-of-bounds in /var/lib/dkms/mstflint/4.21.0-7/build/mst_main.c:601:21 + [ 304.400283] shift exponent 4294967295 is too large for 32-bit type 'int' + [ 304.400295] CPU: 65 PID: 25268 Comm: mstflint Tainted: G OE 5.15.0-102-generic #112-Ubuntu + [ 304.400298] Hardware name: NVIDIA DGX-1 with V100-32/DGX-1 with V100-32, BIOS S2W_3A13 01/03/2023 + [ 304.400299] Call Trace: + [ 304.400301] <TASK> + [ 304.400303] show_stack+0x52/0x5c + [ 304.400309] dump_stack_lvl+0x4a/0x63 + [ 304.400315] dump_stack+0x10/0x16 + [ 304.400318] ubsan_epilogue+0x9/0x36 + [ 304.400320] __ubsan_handle_shift_out_of_bounds.cold+0x61/0xef + [ 304.400324] ? do_sigaction+0x226/0x290 + [ 304.400329] mst_release.cold+0x14/0x26 [mstflint_access] + [ 304.400332] __fput+0x9f/0x280 + [ 304.400338] ____fput+0xe/0x20 + [ 304.400340] task_work_run+0x6d/0xb0 + [ 304.400345] exit_to_user_mode_loop+0x157/0x160 + [ 304.400352] exit_to_user_mode_prepare+0xa0/0xb0 + [ 304.400354] syscall_exit_to_user_mode+0x27/0x50 + [ 304.400372] ? __x64_sys_close+0x11/0x50 + [ 304.400375] do_syscall_64+0x69/0xc0 + [ 304.400380] ? do_syscall_64+0x69/0xc0 + [ 304.400383] ? do_syscall_64+0x69/0xc0 + [ 304.400385] entry_SYSCALL_64_after_hwframe+0x62/0xcc + [ 304.400389] RIP: 0033:0x7f0347edaf67 + [ 304.400391] Code: ff e8 0d 16 02 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 f3 0f 1e fa 64 8b 04 25 18 00 00 00 85 c0 75 10 b8 03 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 41 c3 48 83 ec 18 89 7c 24 0c e8 73 ba f7 ff + [ 304.400393] RSP: 002b:00007ffebcd12c98 EFLAGS: 00000246 ORIG_RAX: 0000000000000003 + [ 304.400396] RAX: 0000000000000000 RBX: 000055aa91e5fe10 RCX: 00007f0347edaf67 + [ 304.400398] RDX: 0000000000000000 RSI: 000055aa913737a1 RDI: 0000000000000003 + [ 304.400399] RBP: 000055aa91e5fe10 R08: 000055aa91e60cc0 R09: 000055aa91e61160 + [ 304.400400] R10: 000055aa91e615b0 R11: 0000000000000246 R12: 000055aa91e60820 + [ 304.400401] R13: 000055aa91e2b650 R14: 000055aa91e4b3f0 R15: 000055aa9136ac47 + [ 304.400403] </TASK> + [ 304.400404] ================================================================================ + [Test Case] Load the mstflint_access module open then close a /dev/*_mstconf file Look for any errors in dmesg [What Could Go Wrong] A severe bug in the fix could cause the problem to escalate to an oops or panic.
** Description changed: [Impact] - A bug in the kernel module source can cause error messages to show up in the kernel when an application closes the device when UBSAN is active. + A bug in the kernel module source can cause error messages to show up in the kernel when an application closes the device when UBSAN is active. This is likely to cause unnecessary user worry: From an NVIDIA DGX 1 system: $ sudo mstflint -d 84:00.0 q $ dmesg [ 304.400217] ================================================================================ [ 304.400267] UBSAN: shift-out-of-bounds in /var/lib/dkms/mstflint/4.21.0-7/build/mst_main.c:601:21 [ 304.400283] shift exponent 4294967295 is too large for 32-bit type 'int' [ 304.400295] CPU: 65 PID: 25268 Comm: mstflint Tainted: G OE 5.15.0-102-generic #112-Ubuntu [ 304.400298] Hardware name: NVIDIA DGX-1 with V100-32/DGX-1 with V100-32, BIOS S2W_3A13 01/03/2023 [ 304.400299] Call Trace: [ 304.400301] <TASK> [ 304.400303] show_stack+0x52/0x5c [ 304.400309] dump_stack_lvl+0x4a/0x63 [ 304.400315] dump_stack+0x10/0x16 [ 304.400318] ubsan_epilogue+0x9/0x36 [ 304.400320] __ubsan_handle_shift_out_of_bounds.cold+0x61/0xef [ 304.400324] ? do_sigaction+0x226/0x290 [ 304.400329] mst_release.cold+0x14/0x26 [mstflint_access] [ 304.400332] __fput+0x9f/0x280 [ 304.400338] ____fput+0xe/0x20 [ 304.400340] task_work_run+0x6d/0xb0 [ 304.400345] exit_to_user_mode_loop+0x157/0x160 [ 304.400352] exit_to_user_mode_prepare+0xa0/0xb0 [ 304.400354] syscall_exit_to_user_mode+0x27/0x50 [ 304.400372] ? __x64_sys_close+0x11/0x50 [ 304.400375] do_syscall_64+0x69/0xc0 [ 304.400380] ? do_syscall_64+0x69/0xc0 [ 304.400383] ? do_syscall_64+0x69/0xc0 [ 304.400385] entry_SYSCALL_64_after_hwframe+0x62/0xcc [ 304.400389] RIP: 0033:0x7f0347edaf67 [ 304.400391] Code: ff e8 0d 16 02 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 f3 0f 1e fa 64 8b 04 25 18 00 00 00 85 c0 75 10 b8 03 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 41 c3 48 83 ec 18 89 7c 24 0c e8 73 ba f7 ff [ 304.400393] RSP: 002b:00007ffebcd12c98 EFLAGS: 00000246 ORIG_RAX: 0000000000000003 [ 304.400396] RAX: 0000000000000000 RBX: 000055aa91e5fe10 RCX: 00007f0347edaf67 [ 304.400398] RDX: 0000000000000000 RSI: 000055aa913737a1 RDI: 0000000000000003 [ 304.400399] RBP: 000055aa91e5fe10 R08: 000055aa91e60cc0 R09: 000055aa91e61160 [ 304.400400] R10: 000055aa91e615b0 R11: 0000000000000246 R12: 000055aa91e60820 [ 304.400401] R13: 000055aa91e2b650 R14: 000055aa91e4b3f0 R15: 000055aa9136ac47 [ 304.400403] </TASK> [ 304.400404] ================================================================================ - [Test Case] Load the mstflint_access module open then close a /dev/*_mstconf file Look for any errors in dmesg [What Could Go Wrong] A severe bug in the fix could cause the problem to escalate to an oops or panic. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2061185 Title: mstflint-dkms module bug causes UBSAN errors in dmesg To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/mstflint/+bug/2061185/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
