On 2026-03-05 11:16, Alex Deucher wrote: > On Thu, Mar 5, 2026 at 10:24 AM Lazar, Lijo <[email protected]> wrote: >> >> >> On 05-Mar-26 3:57 AM, Alex Deucher wrote: >>> The value should never exceed the array size as those >>> are the only values the hardware is expected to return, >>> but add checks anyway. >>> >>> Signed-off-by: Alex Deucher <[email protected]> >>> --- >>> drivers/gpu/drm/amd/amdgpu/mmhub_v2_0.c | 9 ++++++--- >>> 1 file changed, 6 insertions(+), 3 deletions(-) >>> >>> diff --git a/drivers/gpu/drm/amd/amdgpu/mmhub_v2_0.c >>> b/drivers/gpu/drm/amd/amdgpu/mmhub_v2_0.c >>> index a0cc8e218ca1e..534cb4c544dc4 100644 >>> --- a/drivers/gpu/drm/amd/amdgpu/mmhub_v2_0.c >>> +++ b/drivers/gpu/drm/amd/amdgpu/mmhub_v2_0.c >>> @@ -154,14 +154,17 @@ mmhub_v2_0_print_l2_protection_fault_status(struct >>> amdgpu_device *adev, >>> switch (amdgpu_ip_version(adev, MMHUB_HWIP, 0)) { >>> case IP_VERSION(2, 0, 0): >>> case IP_VERSION(2, 0, 2): >>> - mmhub_cid = mmhub_client_ids_navi1x[cid][rw]; >>> + mmhub_cid = cid < ARRAY_SIZE(mmhub_client_ids_navi1x) ? >> Does this introduce speculation and requirement to use array_index_nospec? > I don't think so, but I'm not really an expert on side channel attacks. > > Alex
Also not an expert here but I don't think this can be used as an exploit. The cid is read from HW and is not controllable by users. This series is: Reviewed-by: Benjamin Cheng <[email protected]> > >> Thanks, >> Lijo >> >>> + mmhub_client_ids_navi1x[cid][rw] : NULL; >>> break; >>> case IP_VERSION(2, 1, 0): >>> case IP_VERSION(2, 1, 1): >>> - mmhub_cid = mmhub_client_ids_sienna_cichlid[cid][rw]; >>> + mmhub_cid = cid < ARRAY_SIZE(mmhub_client_ids_sienna_cichlid) >>> ? >>> + mmhub_client_ids_sienna_cichlid[cid][rw] : NULL; >>> break; >>> case IP_VERSION(2, 1, 2): >>> - mmhub_cid = mmhub_client_ids_beige_goby[cid][rw]; >>> + mmhub_cid = cid < ARRAY_SIZE(mmhub_client_ids_beige_goby) ? >>> + mmhub_client_ids_beige_goby[cid][rw] : NULL; >>> break; >>> default: >>> mmhub_cid = NULL;
