Applied. Thanks!
On Fri, Feb 7, 2025 at 3:02 AM Lazar, Lijo <lijo.lazar@xxxxxxx> wrote:
>
>
>
> On 2/7/2025 12:14 PM, Jiang Liu wrote:
> > It malicious user provides a small pptable through sysfs and then
> > a bigger pptable, it may cause buffer overflow attack in function
> > smu_sys_set_pp_table().
> >
> > Signed-off-by: Jiang Liu <gerry@xxxxxxxxxxxxxxxxx>
>
> Reviewed-by: Lijo Lazar <lijo.lazar@xxxxxxx>
>
> Thanks,
> Lijo
>
> > ---
> > drivers/gpu/drm/amd/pm/swsmu/amdgpu_smu.c | 3 ++-
> > 1 file changed, 2 insertions(+), 1 deletion(-)
> >
> > diff --git a/drivers/gpu/drm/amd/pm/swsmu/amdgpu_smu.c b/drivers/gpu/drm/amd/pm/swsmu/amdgpu_smu.c
> > index 8ca793c222ff..ed9dac00ebfb 100644
> > --- a/drivers/gpu/drm/amd/pm/swsmu/amdgpu_smu.c
> > +++ b/drivers/gpu/drm/amd/pm/swsmu/amdgpu_smu.c
> > @@ -612,7 +612,8 @@ static int smu_sys_set_pp_table(void *handle,
> > return -EIO;
> > }
> >
> > - if (!smu_table->hardcode_pptable) {
> > + if (!smu_table->hardcode_pptable || smu_table->power_play_table_size < size) {
> > + kfree(smu_table->hardcode_pptable);
> > smu_table->hardcode_pptable = kzalloc(size, GFP_KERNEL);
> > if (!smu_table->hardcode_pptable)
> > return -ENOMEM;
>
