Dev

AMD Linux Driver Moves to Eliminate BUG() with Submission of 30 Patches

AMDGPU driver maintainer Alex Deucher submits 30 patches to replace BUG() macros, which cause kernel panics, with warnings or errors, enhancing stability and security.

5 min read Reviewed & edited by the SINGULISM Editorial Team

AMD Linux Driver Moves to Eliminate BUG() with Submission of 30 Patches
Photo by BoliviaInteligente on Unsplash

Efforts are underway to completely eliminate the use of BUG() macros in AMD’s Linux graphics driver, “AMDGPU,” which are known to cause kernel panics. Alex Deucher, the maintainer of the AMDGPU kernel driver, has submitted a set of 30 patches to the Linux Graphics mailing list. This patch set aims to review all instances of BUG() calls within the AMDGPU driver and replace them with appropriate warnings or error messages.

Issues with the BUG() Macro

In the Linux kernel, the BUG() macro is a mechanism designed to halt execution and output debugging information when encountering unrecoverable states. However, invoking this macro triggers a complete kernel panic, forcing the entire system to stop. Moreover, it has been pointed out that attackers could exploit BUG() to launch Denial-of-Service (DoS) attacks.

The AMDGPU driver is a primary open-source driver supporting Radeon GPUs and is used in a wide range of environments, from desktops to servers and embedded systems. Some of the BUG() calls in the driver were applied to cases where crashing the kernel was not actually necessary. Deucher has evaluated these calls individually and made changes to ensure that the driver can continue to operate safely by replacing them with mere warnings in cases where operation can proceed, or with error messages in cases where the issue is clearly critical.

Contents of the Patch Set

The 30 submitted patches target BUG() calls scattered across various submodules of the AMDGPU driver. The modifications generally fall into three categories:

  • Replacement with warnings: For cases where the driver can detect an issue but still continue its operation. For example, instead of immediately causing a panic when an invalid parameter is passed, the driver now issues a warning and ignores it.
  • Replacement with error messages: For cases where the problem is critical but the hardware state can be preserved while reporting the error. The driver logs the error and continues operation as much as possible.
  • Complete removal: For cases where the check itself was deemed unnecessary. This includes removing redundant checks or remnants from past bug fixes.

These changes aim to ensure that the AMDGPU driver can continue to operate as much as possible when specific triggering conditions occur. Previously, such conditions might have halted the entire system, but now the system can keep running. This is particularly beneficial in multi-GPU setups or virtualized environments, where issues with one GPU can be isolated, minimizing their impact on other GPUs or the host operating system.

Significance for Security

Eliminating the BUG() macro brings significant benefits not just for system stability but also for security. If an attacker could send crafted inputs to the driver to trigger a BUG(), it could result in a kernel panic, bringing down the entire system. Such an attack vector makes DoS attacks a realistic threat. By implementing this patch set, these vulnerabilities are significantly mitigated.

Deucher’s work is part of the Linux kernel community’s long-standing initiative to minimize the use of BUG() macros. While most major kernel subsystems already use BUG() sparingly, device drivers have tended to include a significant number of such calls. Given the large codebase of the AMDGPU driver, a comprehensive cleanup effort had not been undertaken until now.

Future Reviews and Developments

The patch set was made public today on the graphics mailing list and is currently under review by other kernel developers. Since the changes are relatively straightforward, they are likely to be merged without much controversy. However, some instances of BUG() that are intentionally left in place to detect critical hardware failures are not covered in this patch set.

Deucher commented, “While it would be ideal to eliminate all BUG() calls, in truly unrecoverable situations, such as physical hardware failures, the use of BUG() might still be appropriate.” Consequently, this patch set does not aim for a complete removal but rather a rational reduction of the macro’s use.

Whether these patches will be incorporated into Linux kernel version 7.3 or a subsequent release depends on the ongoing review process. AMD has been consistently working on improving driver quality, and this cleanup effort is seen as part of that initiative. For a related example of performance optimization in the Linux kernel, see Linux Cache Aware Scheduling Enhancements Improve MySQL Performance by Up to 360%.

Editorial Opinion

In the short term, the integration of this patch set will immediately enhance the stability of the AMDGPU driver. With fewer kernel panics, the reliability of systems, particularly in enterprise environments and mission-critical systems, is expected to improve. If the patches make it into the Linux 7.3 kernel development cycle, their deployment to distributions could be accelerated. However, caution is warranted as the newly introduced warnings might generate additional log noise.

From a long-term perspective, this initiative will accelerate the broader trend of quality improvement across the Linux kernel. Since AMDGPU is widely used, its improvement could serve as a model for other driver developers. The reduction in the use of BUG() will also decrease the attack surface from a security standpoint, thereby enhancing the overall reliability of the Linux platform. Within the next one to three years, the use of BUG() in major graphics drivers may become exceedingly rare.

One question raised by the editorial team is how drivers should communicate truly unrecoverable hardware failures moving forward, as the eradication of BUG() continues.

References

Frequently Asked Questions

What are the benefits of eliminating the BUG() macro?
By replacing the BUG() macro with warnings or error messages, the driver can notify issues without causing kernel panics, reducing the risk of system-wide crashes. This also minimizes potential DoS attack vectors exploited by triggering these panics.
When will this patch be merged into the kernel?
The patch set is currently under review and may be merged into the Linux 7.3 kernel or a subsequent release. Given AMD's proactive approach, it is expected to be integrated within a few months if no major issues arise.
Will all BUG() calls be removed?
No, this patch set retains BUG() calls for truly unrecoverable situations, such as physical hardware failures. The goal is to reduce their use where possible, not to eliminate them entirely.
Source: Phoronix

Comments

← Back to Home