drm/amdgpu: avoid buffer overflow attach in smu_sys_set_pp_table()

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

It malicious user provides a small pptable through sysfs and then
a bigger pptable, it may cause buffer overflow attack in function
smu_sys_set_pp_table().

Reviewed-by: Lijo Lazar <lijo.lazar@amd.com>
Signed-off-by: Jiang Liu <gerry@linux.alibaba.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Cc: stable@vger.kernel.org

authored by

Jiang Liu and committed by

Alex Deucher 1 year ago 1abb2648 d584198a

+2 -1

1 changed file

expand all

drivers

gpu

drm

amd

swsmu

amdgpu_smu.c

+2 -1

drivers/gpu/drm/amd/pm/swsmu/amdgpu_smu.c

··· 612 612 return -EIO; 613 613 } 614 614 615 - if (!smu_table->hardcode_pptable) { 615 + if (!smu_table->hardcode_pptable || smu_table->power_play_table_size < size) { 616 + kfree(smu_table->hardcode_pptable); 616 617 smu_table->hardcode_pptable = kzalloc(size, GFP_KERNEL); 617 618 if (!smu_table->hardcode_pptable) 618 619 return -ENOMEM;