From 564cd1714e9791607d9e4c4ce0e68ee3a5f9ced7 Mon Sep 17 00:00:00 2001 From: Qiuxu Zhuo Date: Tue, 18 Nov 2025 11:36:01 +0000 Subject: [PATCH] EDAC/i10nm: Skip DIMM enumeration on a disabled memory controller mainline inclusion from mainline-v6.18-rc1 commit 2e6fe1bbefd9c059c3787d1c620fe67343a94dff category: bugfix bugzilla: https://gitee.com/src-openeuler/kernel/issues/ID6B9J CVE: CVE-2025-40157 Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=2e6fe1bbefd9c059c3787d1c620fe67343a94dff ---------------------------------------------------------------------- When loading the i10nm_edac driver on some Intel Granite Rapids servers, a call trace may appear as follows: UBSAN: shift-out-of-bounds in drivers/edac/skx_common.c:453:16 shift exponent -66 is negative ... __ubsan_handle_shift_out_of_bounds+0x1e3/0x390 skx_get_dimm_info.cold+0x47/0xd40 [skx_edac_common] i10nm_get_dimm_config+0x23e/0x390 [i10nm_edac] skx_register_mci+0x159/0x220 [skx_edac_common] i10nm_init+0xcb0/0x1ff0 [i10nm_edac] ... This occurs because some BIOS may disable a memory controller if there aren't any memory DIMMs populated on this memory controller. The DIMMMTR register of this disabled memory controller contains the invalid value ~0, resulting in the call trace above. Fix this call trace by skipping DIMM enumeration on a disabled memory controller. Fixes: ba987eaaabf9 ("EDAC/i10nm: Add Intel Granite Rapids server support") Reported-by: Jose Jesus Ambriz Meza Reported-by: Chia-Lin Kao (AceLan) Closes: https://lore.kernel.org/all/20250730063155.2612379-1-acelan.kao@canonical.com/ Signed-off-by: Qiuxu Zhuo Signed-off-by: Tony Luck Tested-by: Chia-Lin Kao (AceLan) Link: https://lore.kernel.org/r/20250806065707.3533345-1-qiuxu.zhuo@intel.com Signed-off-by: Luo Gengkun --- drivers/edac/i10nm_base.c | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/drivers/edac/i10nm_base.c b/drivers/edac/i10nm_base.c index 75262ee01167..a7a30a7ab038 100644 --- a/drivers/edac/i10nm_base.c +++ b/drivers/edac/i10nm_base.c @@ -1062,6 +1062,15 @@ static bool i10nm_check_ecc(struct skx_imc *imc, int chan) return !!GET_BITFIELD(mcmtr, 2, 2); } +static bool i10nm_channel_disabled(struct skx_imc *imc, int chan) +{ + u32 mcmtr = I10NM_GET_MCMTR(imc, chan); + + edac_dbg(1, "mc%d ch%d mcmtr reg %x\n", imc->mc, chan, mcmtr); + + return (mcmtr == ~0 || GET_BITFIELD(mcmtr, 18, 18)); +} + static int i10nm_get_dimm_config(struct mem_ctl_info *mci, struct res_config *cfg) { @@ -1075,6 +1084,11 @@ static int i10nm_get_dimm_config(struct mem_ctl_info *mci, if (!imc->mbase) continue; + if (i10nm_channel_disabled(imc, i)) { + edac_dbg(1, "mc%d ch%d is disabled.\n", imc->mc, i); + continue; + } + ndimms = 0; if (res_cfg->type != GNR) -- Gitee