[PATCH v2] i3c: dw: avoid shift-out-of-bounds when DAA assigns no devices
Jakub Kicinski
kuba at kernel.org
Wed Jul 1 11:30:43 PDT 2026
On Wed, 1 Jul 2026 14:27:13 -0400 Frank Li wrote:
> On Tue, Jun 30, 2026 at 10:29:04AM -0700, Jakub Kicinski wrote:
> > On an empty bus ENTDAA assigns nothing, so cmd->rx_len (the count
> > of addresses left unassigned) equals master->maxdevs.
> >
> > The GENMASK() index master->maxdevs - cmd->rx_len - 1 then becomes -1,
> > which trips up UBSAN. This happens every time on boot on a Gigabyte/AMD
> > server:
> >
> > UBSAN: shift-out-of-bounds in drivers/i3c/master/dw-i3c-master.c:905:12
> > shift exponent 64 is too large for 64-bit type 'long unsigned int'
> > CPU: 7 UID: 0 PID: 963 Comm: (udev-worker) Not tainted 7.0.11-200.fc44.x86_64 #1 PREEMPT(lazy)
> > Hardware name: Giga Computing E163-Z34-AAH1-000/MZ33-DC1-000, BIOS R32_F45 04/01/2026
> > Call Trace:
> > <TASK>
> > dump_stack_lvl+0x5d/0x80
> > ubsan_epilogue+0x5/0x2b
> > __ubsan_handle_shift_out_of_bounds.cold+0xd7/0x1ab
> > dw_i3c_master_daa.cold+0x1b/0x96 [dw_i3c_master]
> > i3c_master_do_daa_ext.part.0+0x3e/0xf0 [i3c]
> >
> > Skip the mask when no new device was assigned.
> >
> > Fixes: 1dd728f5d4d4 ("i3c: master: Add driver for Synopsys DesignWare IP")
> > Signed-off-by: Jakub Kicinski <kuba at kernel.org>
> > ---
> Next time add change log here.
My bad, I guess slipped my mind since there were no changes of any real
significance :/
v2:
- whitespace changes
- s/We see this/This happens/ in the commit message
v1: https://lore.kernel.org/20260629233650.2148827-1-kuba@kernel.org/
More information about the linux-i3c
mailing list