tools/power/x86/intel-speed-select: Fix a read overflow in isst_set_tdp_level_msr()

The isst_send_msr_command() function will read 8 bytes but we are
passing an address to an int (4 bytes) so it results in a read overflow.

Fixes: 3fb4f7cd472c ("tools/power/x86: A tool to validate Intel Speed Select commands")
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Acked-by: Srinivas Pandruvada <srinivas.pandruvada@linux.intel.com>
Signed-off-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>

diff --git a/tools/power/x86/intel-speed-select/isst-core.c b/tools/power/x86/intel-speed-select/isst-core.c
index 8de4ac39a008168d8158b71da17458e6bc9c5833..f724322856ede884a3d6648e42221a7b2dd8cd03 100644 (file)
--- a/tools/power/x86/intel-speed-select/isst-core.c
+++ b/tools/power/x86/intel-speed-select/isst-core.c
@@ -190,6 +190,7 @@ int isst_get_get_trl(int cpu, int level, int avx_level, int *trl)
 
 int isst_set_tdp_level_msr(int cpu, int tdp_level)
 {
+       unsigned long long level = tdp_level;
        int ret;
 
        debug_printf("cpu: tdp_level via MSR %d\n", cpu, tdp_level);
@@ -202,8 +203,7 @@ int isst_set_tdp_level_msr(int cpu, int tdp_level)
        if (tdp_level > 2)
                return -1; /* invalid value */
 
-       ret = isst_send_msr_command(cpu, 0x64b, 1,
-                                   (unsigned long long *)&tdp_level);
+       ret = isst_send_msr_command(cpu, 0x64b, 1, &level);
        if (ret)
                return ret;