New subject: [S] Change in coreboot[master]: vc/amd/agesa/f14/Proc/GNB: Avoid potential out-of-bounds read

4 Jan 2020

awokd@danwin1210.me has uploaded this change for review. ( https://review.coreboot.org/c/coreboot/+/38172 )
Change subject: vc/amd/agesa/f14/Proc/GNB: Avoid potential out-of-bounds read
......................................................................
vc/amd/agesa/f14/Proc/GNB: Avoid potential out-of-bounds read
In F14NbServices.c's NbFmFuseAdjustFuseTablePatch function,
if the PpFuseArray->PolicyLabel[] array does not contain an
element == POLICY_LABEL_PERFORMANCE, SwSatateIndex will be left
at 6 after the loop ends, resulting in an out-of-bounds read in
the following ASSERT. Move code inside loop so it only executes
when expected.
Change-Id: Iad83865faa6084476c6b399d7360b6af26db6d6d
Signed-off-by: Joe Moore awokd@danwin1210.me
Found-by: Coverity CID 1241910
---
M src/vendorcode/amd/agesa/f14/Proc/GNB/Nb/Family/0x14/F14NbServices.c
1 file changed, 11 insertions(+), 11 deletions(-)
git pull ssh://review.coreboot.org:29418/coreboot refs/changes/72/38172/1

diff --git a/src/vendorcode/amd/agesa/f14/Proc/GNB/Nb/Family/0x14/F14NbServices.c b/src/vendorcode/amd/agesa/f14/Proc/GNB/Nb/Family/0x14/F14NbServices.c
index d067875..db20c5b 100644
--- a/src/vendorcode/amd/agesa/f14/Proc/GNB/Nb/Family/0x14/F14NbServices.c
+++ b/src/vendorcode/amd/agesa/f14/Proc/GNB/Nb/Family/0x14/F14NbServices.c
@@ -208,20 +208,20 @@
     PpFuseArray->LclkDpmVid[2] = PpFuseArray->PcieGen2Vid;
     if (GfxLibIsControllerPresent (StdHeader)) {
       //VID index = VID index associated with highest SCLK DPM state in the Powerplay state where Label_Performance=1 // This would ignore the UVD case (where Label_Performance would be 0).
-      for (SwSatateIndex = 0 ; SwSatateIndex < PP_FUSE_MAX_NUM_SW_STATE; SwSatateIndex++) {
-        if (PpFuseArray->PolicyLabel[SwSatateIndex] == POLICY_LABEL_PERFORMANCE) {
-          break;
-        }
-      }
       MaxSclkIndex = 0;
       CurrentSclkDpmDid = 0xff;
-      ASSERT (PpFuseArray->SclkDpmValid[SwSatateIndex] != 0);
-      for (DpmStateIndex = 0; DpmStateIndex < PP_FUSE_MAX_NUM_DPM_STATE; DpmStateIndex++) {
-        if ((PpFuseArray->SclkDpmValid[SwSatateIndex] & (1 << DpmStateIndex)) != 0) {
-          if (PpFuseArray->SclkDpmDid[DpmStateIndex] < CurrentSclkDpmDid) {
-            CurrentSclkDpmDid = PpFuseArray->SclkDpmDid[DpmStateIndex];
-            MaxSclkIndex = DpmStateIndex;
+      for (SwSatateIndex = 0 ; SwSatateIndex < PP_FUSE_MAX_NUM_SW_STATE; SwSatateIndex++) {
+        if (PpFuseArray->PolicyLabel[SwSatateIndex] == POLICY_LABEL_PERFORMANCE) {
+          ASSERT (PpFuseArray->SclkDpmValid[SwSatateIndex] != 0);
+          for (DpmStateIndex = 0; DpmStateIndex < PP_FUSE_MAX_NUM_DPM_STATE; DpmStateIndex++) {
+            if ((PpFuseArray->SclkDpmValid[SwSatateIndex] & (1 << DpmStateIndex)) != 0) {
+              if (PpFuseArray->SclkDpmDid[DpmStateIndex] < CurrentSclkDpmDid) {
+                CurrentSclkDpmDid = PpFuseArray->SclkDpmDid[DpmStateIndex];
+                MaxSclkIndex = DpmStateIndex;
+              }
+            }
           }
+          break;
         }
       }
       PpFuseArray->LclkDpmVid[1] = PpFuseArray->SclkDpmVid[MaxSclkIndex];
-- 
To view, visit https://review.coreboot.org/c/coreboot/+/38172
To unsubscribe, or for help writing mail filters, visit https://review.coreboot.org/settings

Gerrit-Project: coreboot
Gerrit-Branch: master
Gerrit-Change-Id: Iad83865faa6084476c6b399d7360b6af26db6d6d
Gerrit-Change-Number: 38172
Gerrit-PatchSet: 1
Gerrit-Owner: awokd@danwin1210.me
Gerrit-MessageType: newchange



    