diff options
| author | Jiang Liu <gerry@linux.alibaba.com> | 2025-02-07 14:44:14 +0800 |
|---|---|---|
| committer | Greg Kroah-Hartman <gregkh@linuxfoundation.org> | 2025-02-21 14:01:28 +0100 |
| commit | 2498d2db1d35e88a2060ea191ae75dce853dd084 (patch) | |
| tree | 444fb8b171f4ffefe9b8afcab300270681277097 /drivers/gpu | |
| parent | 0fdc3c166ac17b26014313fa2b93696354511b24 (diff) | |
| download | linux-2498d2db1d35e88a2060ea191ae75dce853dd084.tar.gz linux-2498d2db1d35e88a2060ea191ae75dce853dd084.tar.bz2 linux-2498d2db1d35e88a2060ea191ae75dce853dd084.zip | |
drm/amdgpu: avoid buffer overflow attach in smu_sys_set_pp_table()
commit 1abb2648698bf10783d2236a6b4a7ca5e8021699 upstream.
It malicious user provides a small pptable through sysfs and then
a bigger pptable, it may cause buffer overflow attack in function
smu_sys_set_pp_table().
Reviewed-by: Lijo Lazar <lijo.lazar@amd.com>
Signed-off-by: Jiang Liu <gerry@linux.alibaba.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Cc: stable@vger.kernel.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Diffstat (limited to 'drivers/gpu')
| -rw-r--r-- | drivers/gpu/drm/amd/pm/swsmu/amdgpu_smu.c | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/drivers/gpu/drm/amd/pm/swsmu/amdgpu_smu.c b/drivers/gpu/drm/amd/pm/swsmu/amdgpu_smu.c index 0c0b9aa44dfa..99d2d3092ea5 100644 --- a/drivers/gpu/drm/amd/pm/swsmu/amdgpu_smu.c +++ b/drivers/gpu/drm/amd/pm/swsmu/amdgpu_smu.c @@ -607,7 +607,8 @@ static int smu_sys_set_pp_table(void *handle, return -EIO; } - if (!smu_table->hardcode_pptable) { + if (!smu_table->hardcode_pptable || smu_table->power_play_table_size < size) { + kfree(smu_table->hardcode_pptable); smu_table->hardcode_pptable = kzalloc(size, GFP_KERNEL); if (!smu_table->hardcode_pptable) return -ENOMEM; |