[PATCH] drm/amd/amdgpu: Validate ip discovery blob
Alex Deucher
alexdeucher at gmail.com
Mon Sep 27 19:40:28 UTC 2021
Applied with minor updates to the error messages.
Thanks!
Alex
On Sun, Sep 26, 2021 at 5:27 PM Ernst Sjöstrand <ernstp at gmail.com> wrote:
>
> We use the number_instance index that we get from the fw discovery blob
> to index into an array for example.
>
> Signed-off-by: Ernst Sjöstrand <ernstp at gmail.com>
> ---
> drivers/gpu/drm/amd/amdgpu/amdgpu_discovery.c | 19 +++++++++++++++++++
> 1 file changed, 19 insertions(+)
>
> diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_discovery.c b/drivers/gpu/drm/amd/amdgpu/amdgpu_discovery.c
> index ada7bc19118a..b3fc46ba8144 100644
> --- a/drivers/gpu/drm/amd/amdgpu/amdgpu_discovery.c
> +++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_discovery.c
> @@ -245,6 +245,20 @@ void amdgpu_discovery_fini(struct amdgpu_device *adev)
> adev->mman.discovery_bin = NULL;
> }
>
> +static int amdgpu_discovery_validate_ip(const struct ip *ip)
> +{
> + if (ip->number_instance >= HWIP_MAX_INSTANCE) {
> + DRM_ERROR("Unexpected number_instance from ip discovery blob\n");
> + return -EINVAL;
> + }
> + if (le16_to_cpu(ip->hw_id) >= HW_ID_MAX) {
> + DRM_ERROR("Unexpected hw_id from ip discovery blob\n");
> + return -EINVAL;
> + }
> +
> + return 0;
> +}
> +
> int amdgpu_discovery_reg_base_init(struct amdgpu_device *adev)
> {
> struct binary_header *bhdr;
> @@ -290,6 +304,10 @@ int amdgpu_discovery_reg_base_init(struct amdgpu_device *adev)
>
> for (j = 0; j < num_ips; j++) {
> ip = (struct ip *)(adev->mman.discovery_bin + ip_offset);
> +
> + if (amdgpu_discovery_validate_ip(ip))
> + goto next_ip;
> +
> num_base_address = ip->num_base_address;
>
> DRM_DEBUG("%s(%d) #%d v%d.%d.%d:\n",
> @@ -321,6 +339,7 @@ int amdgpu_discovery_reg_base_init(struct amdgpu_device *adev)
>
> }
>
> +next_ip:
> ip_offset += sizeof(*ip) + 4 * (ip->num_base_address - 1);
> }
> }
> --
> 2.30.2
>
More information about the amd-gfx
mailing list