114711 – ubsan: "shift exponent 32 is too large" in drivers/gpu/drm/nouveau/nvkm/subdev/gpio/base.c:167:16

Bug 114711 - ubsan: "shift exponent 32 is too large" in drivers/gpu/drm/nouveau/nvkm/subdev/gpio/base.c:167:16

Summary: ubsan: "shift exponent 32 is too large" in drivers/gpu/drm/nouveau/nvkm/subde...

Status:	NEW

Alias:	None

Product:	Drivers
Classification:	Unclassified
Component:	Video(DRI - non Intel) (show other bugs)
Hardware:	All Linux

Importance:	P1 normal
Assignee:	drivers_video-dri

URL:
Keywords:

Depends on:
Blocks:

Reported:	2016-03-15 19:57 UTC by Peter Gerber
Modified:	2016-06-13 11:38 UTC (History)
CC List:	1 user (show)

See Also:
Kernel Version:	4.5.0
Subsystem:
Regression:	No
Bisected commit-id:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description Peter Gerber 2016-03-15 19:57:59 UTC

The following message appeared during boot. Let me know if you need more information.


Mar 15 12:09:22 ivy kernel: ================================================================================
Mar 15 12:09:22 ivy kernel: UBSAN: Undefined behaviour in drivers/gpu/drm/nouveau/nvkm/subdev/gpio/base.c:167:16
Mar 15 12:09:22 ivy kernel: shift exponent 32 is too large for 32-bit type 'int'
Mar 15 12:09:22 ivy kernel: CPU: 3 PID: 546 Comm: systemd-udevd Not tainted 4.5.0-pege1 #1
Mar 15 12:09:22 ivy kernel: Hardware name: Hewlett-Packard HP ENVY dv6 Notebook PC/181B, BIOS F.29 10/03/2013
Mar 15 12:09:22 ivy kernel:  0000000000000000 000000000f597554 ffffffff816fcef7 0000000000000020
Mar 15 12:09:22 ivy kernel:  000000000f597554 ffff88044999f640 ffff88044999f6c8 ffffffff817952a9
Mar 15 12:09:22 ivy kernel:  ffffffffc210dc40 ffffffff81795caa 0000000000000202 0000000fff003233
Mar 15 12:09:22 ivy kernel: Call Trace:
Mar 15 12:09:22 ivy kernel:  [<ffffffff816fcef7>] ? dump_stack+0x70/0xb9
Mar 15 12:09:22 ivy kernel:  [<ffffffff817952a9>] ? ubsan_epilogue+0x9/0x40
Mar 15 12:09:22 ivy kernel:  [<ffffffff81795caa>] ? __ubsan_handle_shift_out_of_bounds+0xfa/0x150
Mar 15 12:09:22 ivy kernel:  [<ffffffff8111ee4e>] ? flush_work+0x2e/0x270
Mar 15 12:09:22 ivy kernel:  [<ffffffffc1df0031>] ? gk104_ram_new+0x2161/0x24a0 [nouveau]
Mar 15 12:09:22 ivy kernel:  [<ffffffffc1df3cab>] ? nvkm_gpio_fini+0x10b/0x1f0 [nouveau]
Mar 15 12:09:22 ivy kernel:  [<ffffffffc1d4b31e>] ? nvkm_subdev_fini+0x9e/0x4d0 [nouveau]
Mar 15 12:09:22 ivy kernel:  [<ffffffff811edcdc>] ? ktime_get+0x7c/0x220
Mar 15 12:09:22 ivy kernel:  [<ffffffffc1e37960>] ? nvkm_device_fini+0x80/0x340 [nouveau]
Mar 15 12:09:22 ivy kernel:  [<ffffffffc1e37d27>] ? nvkm_device_init+0x107/0x4f0 [nouveau]
Mar 15 12:09:22 ivy kernel:  [<ffffffffc1e402aa>] ? nvkm_udevice_init+0x6a/0x110 [nouveau]
Mar 15 12:09:22 ivy kernel:  [<ffffffffc1d48178>] ? nvkm_object_init+0x78/0x4a0 [nouveau]
Mar 15 12:09:22 ivy kernel:  [<ffffffffc1d431a6>] ? nvkm_ioctl_new+0x206/0x740 [nouveau]
Mar 15 12:09:22 ivy kernel:  [<ffffffffc1d3e4eb>] ? nvkm_client_new+0xbb/0x160 [nouveau]
Mar 15 12:09:22 ivy kernel:  [<ffffffffc1d3d4a0>] ? nvkm_client_notify+0xe0/0xe0 [nouveau]
Mar 15 12:09:22 ivy kernel:  [<ffffffffc1e40630>] ? nvkm_udevice_rd08+0x80/0x80 [nouveau]
Mar 15 12:09:22 ivy kernel:  [<ffffffffc1d43a86>] ? nvkm_ioctl+0x226/0x6b0 [nouveau]
Mar 15 12:09:22 ivy kernel:  [<ffffffff819c6b8a>] ? bus_find_device+0xaa/0x120
Mar 15 12:09:22 ivy kernel:  [<ffffffffc1d3bda0>] ? nvif_object_init+0x130/0x380 [nouveau]
Mar 15 12:09:22 ivy kernel:  [<ffffffffc1d3c68e>] ? nvif_device_init+0xe/0x50 [nouveau]
Mar 15 12:09:22 ivy kernel:  [<ffffffffc1f114fb>] ? nouveau_drm_load+0x21b/0x1490 [nouveau]
Mar 15 12:09:22 ivy kernel:  [<ffffffff81dfb2e4>] ? _raw_spin_unlock+0x34/0x80
Mar 15 12:09:22 ivy kernel:  [<ffffffff817afcc2>] ? pci_bus_read_config_word+0xb2/0x100
Mar 15 12:09:22 ivy kernel:  [<ffffffff81dfb372>] ? _raw_spin_unlock_irqrestore+0x42/0x80
Mar 15 12:09:22 ivy kernel:  [<ffffffffc0eb7b49>] ? drm_dev_register+0xb9/0x110 [drm]
Mar 15 12:09:22 ivy kernel:  [<ffffffffc0ebe62b>] ? drm_get_pci_dev+0xbb/0x640 [drm]
Mar 15 12:09:22 ivy kernel:  [<ffffffff817be01e>] ? __pci_set_master+0x4e/0x190
Mar 15 12:09:22 ivy kernel:  [<ffffffffc1f107af>] ? nouveau_drm_probe+0x40f/0x780 [nouveau]
Mar 15 12:09:22 ivy kernel:  [<ffffffffc1f103a0>] ? nouveau_pmops_runtime_idle+0x2e0/0x2e0 [nouveau]
Mar 15 12:09:22 ivy kernel:  [<ffffffff817c90ab>] ? local_pci_probe+0x6b/0x140
Mar 15 12:09:22 ivy kernel:  [<ffffffff817cc259>] ? pci_device_probe+0x149/0x1b0
Mar 15 12:09:22 ivy kernel:  [<ffffffff819cb562>] ? driver_probe_device+0x1b2/0xcb0
Mar 15 12:09:22 ivy kernel:  [<ffffffff819cc060>] ? driver_probe_device+0xcb0/0xcb0
Mar 15 12:09:22 ivy kernel:  [<ffffffff819cc132>] ? __driver_attach+0xd2/0x180
Mar 15 12:09:22 ivy kernel:  [<ffffffff819c688c>] ? bus_for_each_dev+0x8c/0x110
Mar 15 12:09:22 ivy kernel:  [<ffffffff81de27fd>] ? klist_add_tail+0x3d/0x100
Mar 15 12:09:22 ivy kernel:  [<ffffffff819c9be4>] ? bus_add_driver+0x2b4/0x570
Mar 15 12:09:22 ivy kernel:  [<ffffffffc2382000>] ? 0xffffffffc2382000
Mar 15 12:09:22 ivy kernel:  [<ffffffff819cd9b3>] ? driver_register+0xf3/0x2f0
Mar 15 12:09:22 ivy kernel:  [<ffffffff81002142>] ? do_one_initcall+0xd2/0x290
Mar 15 12:09:22 ivy kernel:  [<ffffffff8132a6b8>] ? do_init_module+0xf1/0x366
Mar 15 12:09:22 ivy kernel:  [<ffffffff81214f28>] ? load_module+0x33a8/0x62f0
Mar 15 12:09:22 ivy kernel:  [<ffffffff8120e5b0>] ? __symbol_put+0x90/0x90
Mar 15 12:09:22 ivy kernel:  [<ffffffff8120c675>] ? copy_module_from_fd+0x125/0x210
Mar 15 12:09:22 ivy kernel:  [<ffffffff8121805a>] ? SYSC_finit_module+0x8a/0xc0
Mar 15 12:09:22 ivy kernel:  [<ffffffff81dfbcf6>] ? entry_SYSCALL_64_fastpath+0x16/0x75
Mar 15 12:09:22 ivy kernel: ================================================================================
Mar 15 12:09:22 ivy kernel: nouveau 0000:01:00.0: fb: 1024 MiB DDR3
Mar 15 12:09:22 ivy kernel: vga_switcheroo: enabled
Mar 15 12:09:22 ivy kernel: [TTM] Zone  kernel: Available graphics memory: 8149734 kiB
Mar 15 12:09:22 ivy kernel: [TTM] Zone   dma32: Available graphics memory: 2097152 kiB
Mar 15 12:09:22 ivy kernel: [TTM] Initializing pool allocator
Mar 15 12:09:22 ivy kernel: [TTM] Initializing DMA pool allocator
Mar 15 12:09:22 ivy kernel: nouveau 0000:01:00.0: DRM: VRAM: 1024 MiB
Mar 15 12:09:22 ivy kernel: nouveau 0000:01:00.0: DRM: GART: 1048576 MiB
Mar 15 12:09:22 ivy kernel: nouveau 0000:01:00.0: DRM: TMDS table version 2.0
Mar 15 12:09:22 ivy kernel: nouveau 0000:01:00.0: DRM: DCB version 4.0
Mar 15 12:09:22 ivy kernel: nouveau 0000:01:00.0: DRM: DCB outp 00: 02010300 00000000
Mar 15 12:09:22 ivy kernel: nouveau 0000:01:00.0: DRM: DCB conn 00: 00000400
Mar 15 12:09:22 ivy kernel: [drm] Supports vblank timestamp caching Rev 2 (21.10.2013).
Mar 15 12:09:22 ivy kernel: [drm] Driver supports precise vblank timestamp query.
Mar 15 12:09:22 ivy kernel: nouveau 0000:01:00.0: DRM: MM: using COPY0 for buffer copies
Mar 15 12:09:22 ivy kernel: nouveau 0000:01:00.0: DRM: allocated 1024x768 fb: 0x60000, bo ffff8804478b7400
Mar 15 12:09:22 ivy kernel: nouveau 0000:01:00.0: fb1: nouveaufb frame buffer device
Mar 15 12:09:22 ivy kernel: [drm] Initialized nouveau 1.3.1 20120801 for 0000:01:00.0 on minor 1

Comment 1 Navin 2016-06-02 10:17:09 UTC

Does this fix work for you ?

diff --git a/drivers/gpu/drm/nouveau/nvkm/subdev/gpio/base.c b/drivers/gpu/drm/nouveau/nvkm/subdev/gpio/base.c
index 77c64972..0e40584 100644
--- a/drivers/gpu/drm/nouveau/nvkm/subdev/gpio/base.c
+++ b/drivers/gpu/drm/nouveau/nvkm/subdev/gpio/base.c
@@ -164,7 +164,7 @@ static int
 nvkm_gpio_fini(struct nvkm_subdev *subdev, bool suspend)
 {
        struct nvkm_gpio *gpio = nvkm_gpio(subdev);
-       u32 mask = (1 << gpio->func->lines) - 1;
+       u32 mask = (1LL << min(gpio->func->lines, 32)) - 1;
 
        gpio->func->intr_mask(gpio, NVKM_GPIO_TOGGLED, mask, 0);
        gpio->func->intr_stat(gpio, &mask, &mask);

Comment 2 Peter Gerber 2016-06-13 11:38:40 UTC

Yes, this fixes the issue.

Note You need to log in before you can comment on or make changes to this bug.