UBSAN: array-index-out-of-bounds (in pmu_list.c)

ovhpa · ‎12-22-2022

Dear Intel Engineers,

It seems the error I got previously (see socperf3_0 segfault ) has multiplied.

I was able to work around it as previously:

*to prevent architectural_pmu_info_list from being access with a -1 (illegal) index, the following 3 changes are necessary:

1.

extern OS_STATUS
PMU_LIST_Build_MSR_List(void)
{
        S32                 status        = OS_SUCCESS;
        PMU_MSR_INFO_NODE **msr_info_list = NULL;

        SEP_DRV_LOG_TRACE_IN("");

        if (pmu_info_index == -1){
                SEP_DRV_LOG_LOAD("No MSR list information detected!\n");
                SEP_DRV_LOG_TRACE_OUT("Success");
                return status;
        }

        if (arch_pmu_info_used) {
                msr_info_list = architectural_pmu_info_list[pmu_info_index]
                                        .msr_info_list;
        } else {
                msr_info_list = pmu_info_list[pmu_info_index].msr_info_list;
        }

        if (!msr_info_list) {
                SEP_DRV_LOG_LOAD("No MSR list information detected!\n");
                SEP_DRV_LOG_TRACE_OUT("Success");
                return status;
        }

2.

extern OS_STATUS
PMU_LIST_Build_PCI_List(void)
{
        U32                     unit_idx = 0;
        U32                     reg_idx  = 0;
        PMU_PCI_INFO_NODE       key;
        PMU_PCI_UNIT_INFO_NODE *unit_info_list = NULL;

        SEP_DRV_LOG_TRACE_IN("");

        if (pmu_info_index == -1){
                SEP_DRV_LOG_LOAD("No PCI list information detected!\n");
                SEP_DRV_LOG_TRACE_OUT("Success");
                return OS_SUCCESS;
        }

        if (arch_pmu_info_used) {
                unit_info_list = architectural_pmu_info_list[pmu_info_index]
                                         .pci_info_list;
        } else {
                unit_info_list = pmu_info_list[pmu_info_index].pci_info_list;
        }

        if (!unit_info_list) {
                SEP_DRV_LOG_LOAD("No PCI list information detected!\n");
                SEP_DRV_LOG_TRACE_OUT("Success");
                return OS_SUCCESS;
        }

3.

extern OS_STATUS
PMU_LIST_Build_MMIO_List(void)
{
        U32                      unit_idx = 0;
        U32                      reg_idx  = 0;
        U64                      key;
        PMU_MMIO_UNIT_INFO_NODE *unit_info_list = NULL;

        SEP_DRV_LOG_TRACE_IN("");


        if (pmu_info_index == -1) {
                SEP_DRV_LOG_LOAD("No MMIO list information detected!\n");
                SEP_DRV_LOG_TRACE_OUT("Success");
                return OS_SUCCESS;
        }

        if (arch_pmu_info_used) {
                unit_info_list = architectural_pmu_info_list[pmu_info_index]
                                         .mmio_info_list;
        } else {
                unit_info_list = pmu_info_list[pmu_info_index].mmio_info_list;
        }

        if (!unit_info_list) {
                SEP_DRV_LOG_LOAD("No MMIO list information detected!\n");
                SEP_DRV_LOG_TRACE_OUT("Success");
                return OS_SUCCESS;
        }

After the modification, rebuilding and reinstalling the driver via:

sudo ./rmmod-sep
sudo ./build-driver
sudo ./insmod-sep

in the same directory as the pmu_list.c file was necessary to install the workaround.

Sincerely,

PS: the workaround is provided in the hope it can be useful, so there is no need to open a ticket