[PATCH 2/3] [RFC] drm/i915/gvt: Fix opregion_header->signature size
Jani Nikula
jani.nikula at linux.intel.com
Mon Mar 24 09:27:37 UTC 2025
On Mon, 24 Mar 2025, Nicolas Chauvet <kwizart at gmail.com> wrote:
> Enlarge the signature field to accept the string termination.
>
> Cc: stable at vger.kernel.org
> Fixes: 93615d59912 ("Revert drm/i915/gvt: Fix out-of-bounds buffer write into opregion->signature[]")
> Signed-off-by: Nicolas Chauvet <kwizart at gmail.com>
Nope, can't do that. The packed struct is used for parsing data in
memory.
BR,
Jani.
> ---
> drivers/gpu/drm/i915/gvt/opregion.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/drivers/gpu/drm/i915/gvt/opregion.c b/drivers/gpu/drm/i915/gvt/opregion.c
> index 9a8ead6039e2..0f11cd6ba383 100644
> --- a/drivers/gpu/drm/i915/gvt/opregion.c
> +++ b/drivers/gpu/drm/i915/gvt/opregion.c
> @@ -43,7 +43,7 @@
> #define DEVICE_TYPE_EFP4 0x10
>
> struct opregion_header {
> - u8 signature[16];
> + u8 signature[32];
> u32 size;
> u32 opregion_ver;
> u8 bios_ver[32];
--
Jani Nikula, Intel
More information about the intel-gvt-dev
mailing list