From 021ceccd80c45ce4cd3e2d94cdd3184688984010 Mon Sep 17 00:00:00 2001 From: Felix Kuehling Date: Mon, 21 Nov 2022 22:10:30 -0500 Subject: [PATCH] libhsakmt: Fix use of uninitialized variable When is hsaKmtCreateQueue called first time for node doorbells[NodeId].size is initialized to zero in init_process_doorbells but used to calculate the doorbell offset. It works just by accident because doorbells[NodeId].size is uint32_t so -1 will be 0xFFFFFFFF which is zero extended into 0x00000000FFFFFFFF and it will work as long as mmap offset bits are not within lower 32 bits. Bug: https://github.com/RadeonOpenCompute/ROCT-Thunk-Interface/issues/78 Signed-off-by: Felix Kuehling Change-Id: Ia791adfc51363d4704cb50fa4f01137b7dd48a75 [ROCm/ROCR-Runtime commit: 8e69b9c70e67fbee551272017759459ac5c7c1fc] --- projects/rocr-runtime/src/queues.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/projects/rocr-runtime/src/queues.c b/projects/rocr-runtime/src/queues.c index fa3ed564f8..3b4104b62d 100644 --- a/projects/rocr-runtime/src/queues.c +++ b/projects/rocr-runtime/src/queues.c @@ -654,16 +654,16 @@ HSAKMT_STATUS HSAKMTAPI hsaKmtCreateQueue(HSAuint32 NodeId, q->queue_id = args.queue_id; if (IS_SOC15(q->gfxv)) { + HSAuint64 mask = DOORBELLS_PAGE_SIZE(DOORBELL_SIZE(q->gfxv)) - 1; + /* On SOC15 chips, the doorbell offset within the * doorbell page is included in the doorbell offset * returned by KFD. This allows CP queue doorbells to be * allocated dynamically (while SDMA queue doorbells fixed) * rather than based on the its process queue ID. */ - doorbell_mmap_offset = args.doorbell_offset & - ~(HSAuint64)(doorbells[NodeId].size - 1); - doorbell_offset = args.doorbell_offset & - (doorbells[NodeId].size - 1); + doorbell_mmap_offset = args.doorbell_offset & ~mask; + doorbell_offset = args.doorbell_offset & mask; } else { /* On older chips, the doorbell offset within the * doorbell page is based on the queue ID.