search

tenstorrent / tt-kmd

Tenstorrent Kernel Module
GNU General Public License v2.0
28 stars 6 forks source link

UBSAN warning during ttkmd_test on Ubuntu 23.10 #10

Closed alewycky-tenstorrent closed 4 months ago

alewycky-tenstorrent commented 4 months ago 
UBSAN: array-index-out-of-bounds in /var/lib/dkms/tenstorrent/1.27.1-npo2/build/chardev.c:359:35
index 6 is out of range for type 'tenstorrent_mapping [*]'
CPU: 0 PID: 930 Comm: ttkmd_test Tainted: G           OE      6.5.0-25-generic #25-Ubuntu
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.13.0-1ubuntu1.1 04/01/2014
Call Trace:
 <TASK>
 dump_stack_lvl+0x48/0x70
 dump_stack+0x10/0x20
 __ubsan_handle_out_of_bounds+0xc6/0x110
 ioctl_query_mappings+0x2b8/0x2d0 [tenstorrent]
 tt_cdev_ioctl+0x47a/0x940 [tenstorrent]
 ? putname+0x5b/0x80
 ? srso_return_thunk+0x5/0x10
 ? do_sys_openat2+0x9f/0xe0
 ? srso_return_thunk+0x5/0x10
 ? exit_to_user_mode_prepare+0x30/0xb0
 __x64_sys_ioctl+0xa3/0xf0
 do_syscall_64+0x5c/0x90
 ? srso_return_thunk+0x5/0x10
 ? do_user_addr_fault+0x238/0x6b0
 ? srso_return_thunk+0x5/0x10
 ? exit_to_user_mode_prepare+0x30/0xb0
 ? srso_return_thunk+0x5/0x10
 ? irqentry_exit_to_user_mode+0x17/0x20
 ? srso_return_thunk+0x5/0x10
 ? irqentry_exit+0x43/0x50
 ? srso_return_thunk+0x5/0x10
 ? exc_page_fault+0x94/0x1b0
 entry_SYSCALL_64_after_hwframe+0x6e/0xd8
RIP: 0033:0x7fe10fb2396f
Code: 00 48 89 44 24 18 31 c0 48 8d 44 24 60 c7 04 24 10 00 00 00 48 89 44 24 08 48 8d 44 24 20 48 89 44 24 10 b>
RSP: 002b:00007ffc06fc4520 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 00007ffc06fc4610 RCX: 00007fe10fb2396f
RDX: 0000610820ff9d80 RSI: 000000000000fa02 RDI: 0000000000000004
RBP: 0000610820ff9d80 R08: 0000610820fe6010 R09: 0000000000000007
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000180
R13: 0000000000000010 R14: 0000610820ff91f8 R15: 0000000000000004
 </TASK>
alewycky-tenstorrent commented 4 months ago

This is due to UBSAN believing that mappings in

struct tenstorrent_query_mappings_out {
    struct tenstorrent_mapping mappings[0];
};

is truly a zero-size array. When replaced with a flexible array member, no UBSAN warning is reported.

Directly replacing mappings[0] with mappings[] is not allowed as C doesn't allow a FAM to be the only field in a structure. Instead I have to replace tenstorrent_query_mappings.out with mappings[].