Possible bug?
Lucas De Marchi
lucas.demarchi at intel.com
Mon Nov 10 10:10:28 PST 2025
On Mon, Nov 10, 2025 at 03:49:20PM +0200, Jani Nikula wrote:
>On Sun, 09 Nov 2025, Jani Partanen <jiipee at sotapeli.fi> wrote:
>> Hello, I just got Intel Arc B570. It seems to work fine but every boot I
>> get this in dmesg:
>>
>> [ 342.865944] ------------[ cut here ]------------
>> [ 342.865950] UBSAN: array-index-out-of-bounds in
>> drivers/mtd/devices/mtd_intel_dg.c:750:15
>> [ 342.865954] index 0 is out of range for type '<unknown> [*]'
>
>Cc: Alexander and linux-mtd.
>
>It's probably due to struct intel_dg_nvm regions[] member being
>__counted_by(nregions) but regions[] is indexed before nregions has been
>initialized.
yeah... and we shouldn't silently continue hiding the ENOMEM... Sasha,
something like this?
Lucas De Marchi
----
diff --git a/drivers/mtd/devices/mtd_intel_dg.c b/drivers/mtd/devices/mtd_intel_dg.c
index b438ee5aacc34..114e69135b8d9 100644
--- a/drivers/mtd/devices/mtd_intel_dg.c
+++ b/drivers/mtd/devices/mtd_intel_dg.c
@@ -738,6 +738,7 @@ static int intel_dg_mtd_probe(struct auxiliary_device *aux_dev,
kref_init(&nvm->refcnt);
mutex_init(&nvm->lock);
+ nvm->nregions = nregions;
for (n = 0, i = 0; i < INTEL_DG_NVM_REGIONS; i++) {
if (!invm->regions[i].name)
@@ -745,13 +746,15 @@ static int intel_dg_mtd_probe(struct auxiliary_device *aux_dev,
char *name = kasprintf(GFP_KERNEL, "%s.%s",
dev_name(&aux_dev->dev), invm->regions[i].name);
- if (!name)
- continue;
+ if (!name) {
+ ret = -ENOMEM;
+ goto err;
+ }
+
nvm->regions[n].name = name;
nvm->regions[n].id = i;
n++;
}
- nvm->nregions = n; /* in case where kasprintf fail */
nvm->base = devm_ioremap_resource(device, &invm->bar);
if (IS_ERR(nvm->base)) {
More information about the linux-mtd
mailing list