Re: [PATCH] drm: amd: Fix potential NULL pointer dereference in atomctrl_get_smc_sclk_range_table
From: Alex Deucher
Date: Mon Dec 02 2024 - 16:28:00 EST
On Mon, Dec 2, 2024 at 3:27 AM Ivan Stepchenko <sid@xxxxxxxxxx> wrote:
>
> The function atomctrl_get_smc_sclk_range_table() does not check the return
> value of smu_atom_get_data_table(). If smu_atom_get_data_table() fails to
> retrieve SMU_Info table, it returns NULL which is later dereferenced.
>
> Found by Linux Verification Center (linuxtesting.org) with SVACE.
>
In practice this should never happen as this code only gets called on
polaris chips and the vbios data table will always be present on those
chips. That said, I've applied it to align with the logic for other
functions in this file.
Thanks,
Alex
> Fixes: a23eefa2f461 ("drm/amd/powerplay: enable dpm for baffin.")
> Cc: stable@xxxxxxxxxxxxxxx
> Signed-off-by: Ivan Stepchenko <sid@xxxxxxxxxx>
> ---
> drivers/gpu/drm/amd/pm/powerplay/hwmgr/ppatomctrl.c | 2 ++
> 1 file changed, 2 insertions(+)
>
> diff --git a/drivers/gpu/drm/amd/pm/powerplay/hwmgr/ppatomctrl.c b/drivers/gpu/drm/amd/pm/powerplay/hwmgr/ppatomctrl.c
> index fe24219c3bf4..4bd92fd782be 100644
> --- a/drivers/gpu/drm/amd/pm/powerplay/hwmgr/ppatomctrl.c
> +++ b/drivers/gpu/drm/amd/pm/powerplay/hwmgr/ppatomctrl.c
> @@ -992,6 +992,8 @@ int atomctrl_get_smc_sclk_range_table(struct pp_hwmgr *hwmgr, struct pp_atom_ctr
> GetIndexIntoMasterTable(DATA, SMU_Info),
> &size, &frev, &crev);
>
> + if (!psmu_info)
> + return -EINVAL;
>
> for (i = 0; i < psmu_info->ucSclkEntryNum; i++) {
> table->entry[i].ucVco_setting = psmu_info->asSclkFcwRangeEntry[i].ucVco_setting;
> --
> 2.34.1
>