[PATCH] drm/amd/display: fix the system memory page fault because of copy overflow
Lee Jones
lee.jones at linaro.org
Fri Jan 15 11:21:07 UTC 2021
On Sat, 16 Jan 2021, Huang Rui wrote:
> The buffer is allocated with the size of pointer and copy with the size of
> data structure. Then trigger the system memory page fault. Use the
> orignal data structure to get the object size.
>
> Fixes: a8e30005b drm/amd/display/dc/core/dc_link: Move some local data
> from the stack to the heap
>
> Signed-off-by: Huang Rui <ray.huang at amd.com>
> Cc: Lee Jones <lee.jones at linaro.org>
> ---
> drivers/gpu/drm/amd/display/dc/core/dc_link.c | 4 ++--
> 1 file changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/drivers/gpu/drm/amd/display/dc/core/dc_link.c b/drivers/gpu/drm/amd/display/dc/core/dc_link.c
> index 69573d67056d..73178978ae74 100644
> --- a/drivers/gpu/drm/amd/display/dc/core/dc_link.c
> +++ b/drivers/gpu/drm/amd/display/dc/core/dc_link.c
> @@ -1380,7 +1380,7 @@ static bool dc_link_construct(struct dc_link *link,
>
> DC_LOGGER_INIT(dc_ctx->logger);
>
> - info = kzalloc(sizeof(info), GFP_KERNEL);
Ah sorry, this should be (*info).
> + info = kzalloc(sizeof(struct integrated_info), GFP_KERNEL);
Using the full name like this is usually discouraged.
> if (!info)
> goto create_fail;
>
> @@ -1545,7 +1545,7 @@ static bool dc_link_construct(struct dc_link *link,
> }
>
> if (bios->integrated_info)
> - memcpy(info, bios->integrated_info, sizeof(*info));
This should be correct.
> + memcpy(info, bios->integrated_info, sizeof(struct integrated_info));
>
> /* Look for channel mapping corresponding to connector and device tag */
> for (i = 0; i < MAX_NUMBER_OF_EXT_DISPLAY_PATH; i++) {
--
Lee Jones [李琼斯]
Senior Technical Lead - Developer Services
Linaro.org │ Open source software for Arm SoCs
Follow Linaro: Facebook | Twitter | Blog
More information about the amd-gfx
mailing list