Re: [v1 1/4] drm/amdgpu: avoid buffer overflow attach in smu_sys_set_pp_table()

Thu, 06 Feb 2025 23:56:40 -0800 


On 2/7/2025 12:14 PM, Jiang Liu wrote:
> It malicious user provides a small pptable through sysfs and then
> a bigger pptable, it may cause buffer overflow attack in function
> smu_sys_set_pp_table().
> 
> Signed-off-by: Jiang Liu <ge...@linux.alibaba.com>

        Reviewed-by: Lijo Lazar <lijo.la...@amd.com>

Thanks,
Lijo

> ---
>  drivers/gpu/drm/amd/pm/swsmu/amdgpu_smu.c | 3 ++-
>  1 file changed, 2 insertions(+), 1 deletion(-)
> 
> diff --git a/drivers/gpu/drm/amd/pm/swsmu/amdgpu_smu.c 
> b/drivers/gpu/drm/amd/pm/swsmu/amdgpu_smu.c
> index 8ca793c222ff..ed9dac00ebfb 100644
> --- a/drivers/gpu/drm/amd/pm/swsmu/amdgpu_smu.c
> +++ b/drivers/gpu/drm/amd/pm/swsmu/amdgpu_smu.c
> @@ -612,7 +612,8 @@ static int smu_sys_set_pp_table(void *handle,
>               return -EIO;
>       }
>  
> -     if (!smu_table->hardcode_pptable) {
> +     if (!smu_table->hardcode_pptable || smu_table->power_play_table_size < 
> size) {
> +             kfree(smu_table->hardcode_pptable);
>               smu_table->hardcode_pptable = kzalloc(size, GFP_KERNEL);
>               if (!smu_table->hardcode_pptable)
>                       return -ENOMEM;























					Reply via email to