Discovery: Fuzzing for secure supply chain requirements
Tool: amd_fuzzing_sysfs (IGT test)
The thermal_throttling_logging sysfs store function accepts negative
values like -1 and -
9999999, which are nonsensical for a logging interval.
Current behavior:
- Values <= 0 disable logging (intended for 0 only)
- Values 1-3600 enable logging with interval in seconds
- Negative values are accepted and treated as disable
Issue:
Large negative values like -
9999999 make no semantic sense and could
indicate input validation bypass attempts. While they functionally
disable logging (same as 0), accepting arbitrary negative values
suggests inadequate input validation.
Fix:
Add explicit check to reject values < 0 before processing.
Only accept:
- 0: disable thermal throttling logging
- 1-3600: enable with interval in seconds (existing validation)
This improves input validation and makes the interface more robust.
Test Results Before Fix:
thermal_throttling_logging: 6 failures
- Accepted: 0, -1, -
9999999, -
2147483648, empty string, 0777
Test Results After Fix:
thermal_throttling_logging: 3 failures
- Rejected: -1, -
9999999, -
2147483648 (now return -EINVAL)
- Remaining: empty string (VFS behavior), 0 (valid), 0777 (octal)
Tested: amd_fuzzing_sysfs IGT test
Cc: Christian König <christian.koenig@amd.com>
Cc: Alex Deucher <alexander.deucher@amd.com>
Cc: Jesse Zhang <jesse.zhang@amd.com>
Signed-off-by: Vitaly Prosyak <vitaly.prosyak@amd.com>
Reviewed-by: Alex Deucher <alexander.deucher@amd.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
projects / thirdparty / linux.git / commitdiff
