From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
stable@vger.kernel.org, Jiansong Chen <Jiansong.Chen@amd.com>,
Jack Gui <Jack.Gui@amd.com>,
Alex Deucher <alexander.deucher@amd.com>,
Sasha Levin <sashal@kernel.org>
Subject: [PATCH 5.12 41/48] drm/amdgpu: refine amdgpu_fru_get_product_info
Date: Wed, 16 Jun 2021 17:33:51 +0200 [thread overview]
Message-ID: <20210616152837.941396447@linuxfoundation.org> (raw)
In-Reply-To: <20210616152836.655643420@linuxfoundation.org>
From: Jiansong Chen <Jiansong.Chen@amd.com>
[ Upstream commit 5cfc912582e13b05d71fb7acc4ec69ddfa9af320 ]
1. eliminate potential array index out of bounds.
2. return meaningful value for failure.
Signed-off-by: Jiansong Chen <Jiansong.Chen@amd.com>
Reviewed-by: Jack Gui <Jack.Gui@amd.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
.../gpu/drm/amd/amdgpu/amdgpu_fru_eeprom.c | 42 ++++++++++---------
1 file changed, 23 insertions(+), 19 deletions(-)
diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_fru_eeprom.c b/drivers/gpu/drm/amd/amdgpu/amdgpu_fru_eeprom.c
index 8f4a8f8d8146..39b6c6bfab45 100644
--- a/drivers/gpu/drm/amd/amdgpu/amdgpu_fru_eeprom.c
+++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_fru_eeprom.c
@@ -101,7 +101,8 @@ static int amdgpu_fru_read_eeprom(struct amdgpu_device *adev, uint32_t addrptr,
int amdgpu_fru_get_product_info(struct amdgpu_device *adev)
{
unsigned char buff[34];
- int addrptr = 0, size = 0;
+ int addrptr, size;
+ int len;
if (!is_fru_eeprom_supported(adev))
return 0;
@@ -109,7 +110,7 @@ int amdgpu_fru_get_product_info(struct amdgpu_device *adev)
/* If algo exists, it means that the i2c_adapter's initialized */
if (!adev->pm.smu_i2c.algo) {
DRM_WARN("Cannot access FRU, EEPROM accessor not initialized");
- return 0;
+ return -ENODEV;
}
/* There's a lot of repetition here. This is due to the FRU having
@@ -128,7 +129,7 @@ int amdgpu_fru_get_product_info(struct amdgpu_device *adev)
size = amdgpu_fru_read_eeprom(adev, addrptr, buff);
if (size < 1) {
DRM_ERROR("Failed to read FRU Manufacturer, ret:%d", size);
- return size;
+ return -EINVAL;
}
/* Increment the addrptr by the size of the field, and 1 due to the
@@ -138,43 +139,45 @@ int amdgpu_fru_get_product_info(struct amdgpu_device *adev)
size = amdgpu_fru_read_eeprom(adev, addrptr, buff);
if (size < 1) {
DRM_ERROR("Failed to read FRU product name, ret:%d", size);
- return size;
+ return -EINVAL;
}
+ len = size;
/* Product name should only be 32 characters. Any more,
* and something could be wrong. Cap it at 32 to be safe
*/
- if (size > 32) {
+ if (len >= sizeof(adev->product_name)) {
DRM_WARN("FRU Product Number is larger than 32 characters. This is likely a mistake");
- size = 32;
+ len = sizeof(adev->product_name) - 1;
}
/* Start at 2 due to buff using fields 0 and 1 for the address */
- memcpy(adev->product_name, &buff[2], size);
- adev->product_name[size] = '\0';
+ memcpy(adev->product_name, &buff[2], len);
+ adev->product_name[len] = '\0';
addrptr += size + 1;
size = amdgpu_fru_read_eeprom(adev, addrptr, buff);
if (size < 1) {
DRM_ERROR("Failed to read FRU product number, ret:%d", size);
- return size;
+ return -EINVAL;
}
+ len = size;
/* Product number should only be 16 characters. Any more,
* and something could be wrong. Cap it at 16 to be safe
*/
- if (size > 16) {
+ if (len >= sizeof(adev->product_number)) {
DRM_WARN("FRU Product Number is larger than 16 characters. This is likely a mistake");
- size = 16;
+ len = sizeof(adev->product_number) - 1;
}
- memcpy(adev->product_number, &buff[2], size);
- adev->product_number[size] = '\0';
+ memcpy(adev->product_number, &buff[2], len);
+ adev->product_number[len] = '\0';
addrptr += size + 1;
size = amdgpu_fru_read_eeprom(adev, addrptr, buff);
if (size < 1) {
DRM_ERROR("Failed to read FRU product version, ret:%d", size);
- return size;
+ return -EINVAL;
}
addrptr += size + 1;
@@ -182,18 +185,19 @@ int amdgpu_fru_get_product_info(struct amdgpu_device *adev)
if (size < 1) {
DRM_ERROR("Failed to read FRU serial number, ret:%d", size);
- return size;
+ return -EINVAL;
}
+ len = size;
/* Serial number should only be 16 characters. Any more,
* and something could be wrong. Cap it at 16 to be safe
*/
- if (size > 16) {
+ if (len >= sizeof(adev->serial)) {
DRM_WARN("FRU Serial Number is larger than 16 characters. This is likely a mistake");
- size = 16;
+ len = sizeof(adev->serial) - 1;
}
- memcpy(adev->serial, &buff[2], size);
- adev->serial[size] = '\0';
+ memcpy(adev->serial, &buff[2], len);
+ adev->serial[len] = '\0';
return 0;
}
--
2.30.2
next prev parent reply other threads:[~2021-06-16 15:42 UTC|newest]
Thread overview: 56+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-06-16 15:33 [PATCH 5.12 00/48] 5.12.12-rc1 review Greg Kroah-Hartman
2021-06-16 15:33 ` [PATCH 5.12 01/48] net: ieee802154: fix null deref in parse dev addr Greg Kroah-Hartman
2021-06-16 15:33 ` [PATCH 5.12 02/48] HID: asus: Filter keyboard EC for old ROG keyboard Greg Kroah-Hartman
2021-06-16 15:33 ` [PATCH 5.12 03/48] HID: quirks: Set INCREMENT_USAGE_ON_DUPLICATE for Saitek X65 Greg Kroah-Hartman
2021-06-16 15:33 ` [PATCH 5.12 04/48] HID: quirks: Add HID_QUIRK_NO_INIT_REPORTS quirk for Dell K15A keyboard-dock Greg Kroah-Hartman
2021-06-16 15:33 ` [PATCH 5.12 05/48] HID: a4tech: use A4_2WHEEL_MOUSE_HACK_B8 for A4TECH NB-95 Greg Kroah-Hartman
2021-06-16 15:33 ` [PATCH 5.12 06/48] HID: hid-input: add mapping for emoji picker key Greg Kroah-Hartman
2021-06-16 15:33 ` [PATCH 5.12 07/48] HID: hid-sensor-hub: Return error for hid_set_field() failure Greg Kroah-Hartman
2021-06-16 15:33 ` [PATCH 5.12 08/48] HID: asus: filter G713/G733 key event to prevent shutdown Greg Kroah-Hartman
2021-06-16 15:33 ` [PATCH 5.12 09/48] HID: quirks: Add quirk for Lenovo optical mouse Greg Kroah-Hartman
2021-06-16 15:33 ` [PATCH 5.12 10/48] HID: multitouch: set Stylus suffix for Stylus-application devices, too Greg Kroah-Hartman
2021-06-16 15:33 ` [PATCH 5.12 11/48] HID: Add BUS_VIRTUAL to hid_connect logging Greg Kroah-Hartman
2021-06-16 15:33 ` [PATCH 5.12 12/48] HID: usbhid: fix info leak in hid_submit_ctrl Greg Kroah-Hartman
2021-06-16 15:33 ` [PATCH 5.12 13/48] mt76: mt7921: fix max aggregation subframes setting Greg Kroah-Hartman
2021-06-16 15:33 ` [PATCH 5.12 14/48] drm/tegra: sor: Do not leak runtime PM reference Greg Kroah-Hartman
2021-06-16 15:33 ` [PATCH 5.12 15/48] gpu: host1x: Split up client initalization and registration Greg Kroah-Hartman
2021-06-16 15:33 ` [PATCH 5.12 16/48] drm/tegra: sor: Fully initialize SOR before registration Greg Kroah-Hartman
2021-06-16 15:33 ` [PATCH 5.12 17/48] hwmon/pmbus: (q54sj108a2) The PMBUS_MFR_ID is actually 6 chars instead of 5 Greg Kroah-Hartman
2021-06-16 15:33 ` [PATCH 5.12 18/48] ARM: OMAP1: Fix use of possibly uninitialized irq variable Greg Kroah-Hartman
2021-06-16 15:33 ` [PATCH 5.12 19/48] ARM: OMAP2+: Fix build warning when mmc_omap is not built Greg Kroah-Hartman
2021-06-16 15:33 ` [PATCH 5.12 20/48] gfs2: Prevent direct-I/O write fallback errors from getting lost Greg Kroah-Hartman
2021-06-16 15:33 ` [PATCH 5.12 21/48] gfs2: fix a deadlock on withdraw-during-mount Greg Kroah-Hartman
2021-06-16 15:33 ` [PATCH 5.12 22/48] gfs2: Clean up revokes on normal withdraws Greg Kroah-Hartman
2021-06-16 15:33 ` [PATCH 5.12 23/48] HID: multitouch: Disable event reporting on suspend on the Asus T101HA touchpad Greg Kroah-Hartman
2021-06-16 15:33 ` [PATCH 5.12 24/48] HID: gt683r: add missing MODULE_DEVICE_TABLE Greg Kroah-Hartman
2021-06-16 15:33 ` [PATCH 5.12 25/48] HID: intel-ish-hid: ipc: Add Alder Lake device IDs Greg Kroah-Hartman
2021-06-16 15:33 ` [PATCH 5.12 26/48] riscv: Use -mno-relax when using lld linker Greg Kroah-Hartman
2021-06-16 15:33 ` [PATCH 5.12 27/48] ALSA: hda: Add AlderLake-M PCI ID Greg Kroah-Hartman
2021-06-16 15:33 ` [PATCH 5.12 28/48] mt76: mt7921: remove leftover 80+80 HE capability Greg Kroah-Hartman
2021-06-16 15:33 ` [PATCH 5.12 29/48] gfs2: Fix use-after-free in gfs2_glock_shrink_scan Greg Kroah-Hartman
2021-06-16 15:33 ` [PATCH 5.12 30/48] scsi: target: core: Fix warning on realtime kernels Greg Kroah-Hartman
2021-06-16 15:33 ` [PATCH 5.12 31/48] ethernet: myri10ge: Fix missing error code in myri10ge_probe() Greg Kroah-Hartman
2021-06-16 15:33 ` [PATCH 5.12 32/48] scsi: qedf: Do not put host in qedf_vport_create() unconditionally Greg Kroah-Hartman
2021-06-16 15:33 ` [PATCH 5.12 33/48] Bluetooth: Add a new USB ID for RTL8822CE Greg Kroah-Hartman
2021-06-16 15:33 ` [PATCH 5.12 34/48] scsi: scsi_devinfo: Add blacklist entry for HPE OPEN-V Greg Kroah-Hartman
2021-06-16 15:33 ` [PATCH 5.12 35/48] nvme-loop: reset queue count to 1 in nvme_loop_destroy_io_queues() Greg Kroah-Hartman
2021-06-16 15:33 ` [PATCH 5.12 36/48] nvme-loop: clear NVME_LOOP_Q_LIVE when nvme_loop_configure_admin_queue() fails Greg Kroah-Hartman
2021-06-16 15:33 ` [PATCH 5.12 37/48] nvme-loop: check for NVME_LOOP_Q_LIVE in nvme_loop_destroy_admin_queue() Greg Kroah-Hartman
2021-06-16 15:33 ` [PATCH 5.12 38/48] nvme-loop: do not warn for deleted controllers during reset Greg Kroah-Hartman
2021-06-16 15:33 ` [PATCH 5.12 39/48] net: ipconfig: Dont override command-line hostnames or domains Greg Kroah-Hartman
2021-06-16 15:33 ` [PATCH 5.12 40/48] drm/amd/display: Allow bandwidth validation for 0 streams Greg Kroah-Hartman
2021-06-16 15:33 ` Greg Kroah-Hartman [this message]
2021-06-16 15:33 ` [PATCH 5.12 42/48] drm/amd/display: Fix overlay validation by considering cursors Greg Kroah-Hartman
2021-06-16 16:02 ` Harry Wentland
2021-06-16 15:33 ` [PATCH 5.12 43/48] drm/amd/display: Fix potential memory leak in DMUB hw_init Greg Kroah-Hartman
2021-06-16 15:33 ` [PATCH 5.12 44/48] drm/amd/amdgpu:save psp ring wptr to avoid attack Greg Kroah-Hartman
2021-06-16 15:33 ` [PATCH 5.12 45/48] rtnetlink: Fix missing error code in rtnl_bridge_notify() Greg Kroah-Hartman
2021-06-16 15:33 ` [PATCH 5.12 46/48] net/x25: Return the correct errno code Greg Kroah-Hartman
2021-06-16 15:33 ` [PATCH 5.12 47/48] net: " Greg Kroah-Hartman
2021-06-16 15:33 ` [PATCH 5.12 48/48] fib: " Greg Kroah-Hartman
2021-06-16 18:39 ` [PATCH 5.12 00/48] 5.12.12-rc1 review Fox Chen
2021-06-16 18:49 ` Jon Hunter
2021-06-16 22:18 ` Justin Forbes
2021-06-16 22:54 ` Florian Fainelli
2021-06-17 4:57 ` Naresh Kamboju
2021-06-17 21:40 ` Guenter Roeck
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210616152837.941396447@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=Jack.Gui@amd.com \
--cc=Jiansong.Chen@amd.com \
--cc=alexander.deucher@amd.com \
--cc=linux-kernel@vger.kernel.org \
--cc=sashal@kernel.org \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.