[PATCH 1/3] drm/amdgpu/si: Fix buffer overflow in si_get_register_value()
Dan Carpenter
dan.carpenter at oracle.com
Tue Aug 25 18:53:24 UTC 2020
On Tue, Aug 25, 2020 at 11:53:25AM -0400, Alex Deucher wrote:
> On Tue, Aug 25, 2020 at 7:21 AM Dan Carpenter <dan.carpenter at oracle.com> wrote:
> >
> > The values for "se_num" and "sh_num" come from the user in the ioctl.
> > They can be in the 0-255 range but if they're more than
> > AMDGPU_GFX_MAX_SE (4) or AMDGPU_GFX_MAX_SH_PER_SE (2) then it results in
> > an out of bounds read.
> >
> > I split this function into to two to make the error handling simpler.
> >
> > Fixes: dd5dfa61b4ff ("drm/amdgpu: refine si_read_register")
> > Signed-off-by: Dan Carpenter <dan.carpenter at oracle.com>
>
> Good catch. This is more defensive, but It's a much simpler check to
> validate these in the caller. See the attached patch.
>
That works too.
Acked-by: Dan Carpenter <dan.carpenter at oracle.com>
regards,
dan carpenter
More information about the amd-gfx
mailing list