[Issue]: UB in fmm_translate_hsa_to_ioc_flags due to signed overflow #271
Open
Description
This line triggers a UBsan error at runtime:
ioc_flags |= KFD_IOC_ALLOC_MEM_FLAGS_WRITABLE;
It's defined as
#define KFD_IOC_ALLOC_MEM_FLAGS_WRITABLE (1 << 31)
/build/source/libhsakmt/src/fmm.c:1403:16: runtime error: left shift of 1 by 31 places cannot be represented in type 'int'
#0 0x7fff7691f943 in fmm_translate_hsa_to_ioc_flags /build/source/libhsakmt/src/fmm.c:1403
#1 0x7fff7691f943 in fmm_allocate_host_gpu /build/source/libhsakmt/src/fmm.c:1831
#2 0x7fff7691f943 in hsakmt_fmm_allocate_host /build/source/libhsakmt/src/fmm.c:1921
#3 0x7fff76940d7e in hsakmt_allocate_exec_aligned_memory_gpu (/nix/store/62bsg8k600m71hih5l9fm2igx1rfcf23-rocm-runtime-6.3.1/lib/libhsa-runtime64.so.1+0x540d7e)
#4 0x7fff7691853f in hsaKmtCreateEvent (/nix/store/62bsg8k600m71hih5l9fm2igx1rfcf23-rocm-runtime-6.3.1/lib/libhsa-runtime64.so.1+0x51853f)
#5 0x7fff7671f318 in rocr::core::InterruptSignal::CreateEvent(_HSA_EVENTTYPE, bool) (/nix/store/62bsg8k600m71hih5l9fm2igx1rfcf23-rocm-runtime-6.3.1/lib/libhsa-runtime64.so.1+0x31f318)
#6 0x7fff7674a625 in BindErrorHandlers /build/source/runtime/hsa-runtime/core/runtime/runtime.cpp:1692
#7 0x7fff7673bbcf in Load /build/source/runtime/hsa-runtime/core/runtime/runtime.cpp:1992
#8 0x7fff7673b77f in Acquire /build/source/runtime/hsa-runtime/core/runtime/runtime.cpp:150
#9 0x7fff7670109d in rocr::HSA::hsa_init() (/nix/store/62bsg8k600m71hih5l9fm2igx1rfcf23-rocm-runtime-6.3.1/lib/libhsa-runtime64.so.1+0x30109d)
Tested on rocm-6.3.1
Metadata
Assignees
Labels
No labels