[PATCH OLK-5.10 0/1] fix CVE-2024-43905

List overview All Threads
Download

newer

older

[PATCH openEuler-22.03-LTS-SP1...

Liao Chen

30 Aug 2024 30 Aug '24

3:52 p.m.

fix CVE-2024-43905

Bob Zhou (1): [Backport] drm/amd/pm: Fix the null pointer dereference for vega10_hwmgr

.../drm/amd/pm/powerplay/hwmgr/vega10_hwmgr.c | 30 ++++++++++++++++--- 1 file changed, 26 insertions(+), 4 deletions(-)

-- 2.34.1

Show replies by date

Liao Chen

30 Aug 30 Aug

3:52 p.m.

New subject: [PATCH OLK-5.10 1/1] [Backport] drm/amd/pm: Fix the null pointer dereference for vega10_hwmgr

From: Bob Zhou bob.zhou@amd.com

mainline inclusion from mainline-v6.10-rc3 commit 50151b7f1c79a09117837eb95b76c2de76841dab category: bugfix bugzilla: https://gitee.com/src-openeuler/kernel/issues/IAMMTH CVE: CVE-2024-43905

Reference: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?i...

--------------------------------

Check return value and conduct null pointer handling to avoid null pointer dereference.

Signed-off-by: Bob Zhou bob.zhou@amd.com Reviewed-by: Tim Huang Tim.Huang@amd.com Signed-off-by: Alex Deucher alexander.deucher@amd.com Conflicts: drivers/gpu/drm/amd/pm/powerplay/hwmgr/vega10_hwmgr.c [lc: adjust context] Signed-off-by: Liao Chen liaochen4@huawei.com --- .../drm/amd/pm/powerplay/hwmgr/vega10_hwmgr.c | 30 ++++++++++++++++--- 1 file changed, 26 insertions(+), 4 deletions(-)

diff --git a/drivers/gpu/drm/amd/pm/powerplay/hwmgr/vega10_hwmgr.c b/drivers/gpu/drm/amd/pm/powerplay/hwmgr/vega10_hwmgr.c index 4dc27ec4d012..2f65b3a138b6 100644 --- a/drivers/gpu/drm/amd/pm/powerplay/hwmgr/vega10_hwmgr.c +++ b/drivers/gpu/drm/amd/pm/powerplay/hwmgr/vega10_hwmgr.c @@ -3388,13 +3388,17 @@ static int vega10_find_dpm_states_clocks_in_dpm_table(struct pp_hwmgr *hwmgr, co const struct vega10_power_state *vega10_ps = cast_const_phw_vega10_power_state(states->pnew_state); struct vega10_single_dpm_table *sclk_table = &(data->dpm_table.gfx_table); - uint32_t sclk = vega10_ps->performance_levels - [vega10_ps->performance_level_count - 1].gfx_clock; struct vega10_single_dpm_table *mclk_table = &(data->dpm_table.mem_table); - uint32_t mclk = vega10_ps->performance_levels - [vega10_ps->performance_level_count - 1].mem_clock; + uint32_t sclk, mclk; uint32_t i;

+ if (vega10_ps == NULL) + return -EINVAL; + sclk = vega10_ps->performance_levels + [vega10_ps->performance_level_count - 1].gfx_clock; + mclk = vega10_ps->performance_levels + [vega10_ps->performance_level_count - 1].mem_clock; + for (i = 0; i < sclk_table->count; i++) { if (sclk == sclk_table->dpm_levels[i].value) break; @@ -3701,6 +3705,9 @@ static int vega10_generate_dpm_level_enable_mask( cast_const_phw_vega10_power_state(states->pnew_state); int i;

+ if (vega10_ps == NULL) + return -EINVAL; + PP_ASSERT_WITH_CODE(!vega10_trim_dpm_states(hwmgr, vega10_ps), "Attempt to Trim DPM States Failed!", return -1); @@ -4825,6 +4832,9 @@ static int vega10_check_states_equal(struct pp_hwmgr *hwmgr,

psa = cast_const_phw_vega10_power_state(pstate1); psb = cast_const_phw_vega10_power_state(pstate2); + if (psa == NULL || psb == NULL) + return -EINVAL; + /* If the two states don't even have the same number of performance levels they cannot be the same state. */ if (psa->performance_level_count != psb->performance_level_count) { *equal = false; @@ -4950,6 +4960,8 @@ static int vega10_set_sclk_od(struct pp_hwmgr *hwmgr, uint32_t value) return -EINVAL;

vega10_ps = cast_phw_vega10_power_state(&ps->hardware); + if (vega10_ps == NULL) + return -EINVAL;

vega10_ps->performance_levels [vega10_ps->performance_level_count - 1].gfx_clock = @@ -5001,6 +5013,8 @@ static int vega10_set_mclk_od(struct pp_hwmgr *hwmgr, uint32_t value) return -EINVAL;

vega10_ps = cast_phw_vega10_power_state(&ps->hardware); + if (vega10_ps == NULL) + return -EINVAL;

vega10_ps->performance_levels [vega10_ps->performance_level_count - 1].mem_clock = @@ -5236,6 +5250,9 @@ static void vega10_odn_update_power_state(struct pp_hwmgr *hwmgr) return;

vega10_ps = cast_phw_vega10_power_state(&ps->hardware); + if (vega10_ps == NULL) + return; + max_level = vega10_ps->performance_level_count - 1;

if (vega10_ps->performance_levels[max_level].gfx_clock != @@ -5258,6 +5275,9 @@ static void vega10_odn_update_power_state(struct pp_hwmgr *hwmgr)

ps = (struct pp_power_state *)((unsigned long)(hwmgr->ps) + hwmgr->ps_size * (hwmgr->num_ps - 1)); vega10_ps = cast_phw_vega10_power_state(&ps->hardware); + if (vega10_ps == NULL) + return; + max_level = vega10_ps->performance_level_count - 1;

if (vega10_ps->performance_levels[max_level].gfx_clock != @@ -5448,6 +5468,8 @@ static int vega10_get_performance_level(struct pp_hwmgr *hwmgr, const struct pp_ return -EINVAL;

ps = cast_const_phw_vega10_power_state(state); + if (ps == NULL) + return -EINVAL;

i = index > ps->performance_level_count - 1 ? ps->performance_level_count - 1 : index;

-- 2.34.1

patchwork bot

4:05 p.m.

反馈：您发送到kernel@openeuler.org的补丁/补丁集，已成功转换为PR！ PR链接地址： https://gitee.com/openeuler/kernel/pulls/11284 邮件列表地址：https://mailweb.openeuler.org/hyperkitty/list/kernel@openeuler.org/message/M...

FeedBack: The patch(es) which you have sent to kernel@openeuler.org mailing list has been converted to a pull request successfully! Pull request link: https://gitee.com/openeuler/kernel/pulls/11284 Mailing list address: https://mailweb.openeuler.org/hyperkitty/list/kernel@openeuler.org/message/M...

Age (days ago)

Last active (days ago)

kernel@openeuler.org

2 comments

2 participants

tags (0)

participants (2)

Liao Chen
patchwork bot