[PATCH] drm/amd/display: fix the system memory page fault because of copy overflow

[Su, Jinzhou (Joe)]

[AMD Official Use Only - Internal Distribution Only]

Reviewed-by: Jinzhou.Su <Jinzhou.Su at amd.com>

Regards,
Joe

-----Original Message-----
From: Huang, Ray <Ray.Huang at amd.com> 
Sent: Saturday, January 16, 2021 2:47 AM
To: amd-gfx at lists.freedesktop.org
Cc: Deucher, Alexander <Alexander.Deucher at amd.com>; Su, Jinzhou (Joe) <Jinzhou.Su at amd.com>; Zhu, Changfeng <Changfeng.Zhu at amd.com>; Huang, Ray <Ray.Huang at amd.com>; Lee Jones <lee.jones at linaro.org>
Subject: [PATCH] drm/amd/display: fix the system memory page fault because of copy overflow

The buffer is allocated with the size of pointer and copy with the size of data structure. Then trigger the system memory page fault. Use the orignal data structure to get the object size.

Fixes: a8e30005b drm/amd/display/dc/core/dc_link: Move some local data from the stack to the heap

Signed-off-by: Huang Rui <ray.huang at amd.com>
Cc: Lee Jones <lee.jones at linaro.org>
---
 drivers/gpu/drm/amd/display/dc/core/dc_link.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/drivers/gpu/drm/amd/display/dc/core/dc_link.c b/drivers/gpu/drm/amd/display/dc/core/dc_link.c
index 69573d67056d..73178978ae74 100644
--- a/drivers/gpu/drm/amd/display/dc/core/dc_link.c
+++ b/drivers/gpu/drm/amd/display/dc/core/dc_link.c
@@ -1380,7 +1380,7 @@ static bool dc_link_construct(struct dc_link *link,
 
 	DC_LOGGER_INIT(dc_ctx->logger);
 
-	info = kzalloc(sizeof(info), GFP_KERNEL);
+	info = kzalloc(sizeof(struct integrated_info), GFP_KERNEL);
 	if (!info)
 		goto create_fail;
 
@@ -1545,7 +1545,7 @@ static bool dc_link_construct(struct dc_link *link,
 	}
 
 	if (bios->integrated_info)
-		memcpy(info, bios->integrated_info, sizeof(*info));
+		memcpy(info, bios->integrated_info, sizeof(struct integrated_info));
 
 	/* Look for channel mapping corresponding to connector and device tag */
 	for (i = 0; i < MAX_NUMBER_OF_EXT_DISPLAY_PATH; i++) {
--
2.25.1