From b479efb0a94a19d0efb406bc8c82d89a280c3256 Mon Sep 17 00:00:00 2001 From: Huang Rui Date: Sat, 16 Jan 2021 02:39:14 +0800 Subject: [PATCH] drm/amd/display: fix the system memory page fault because of copy overflow The buffer is allocated with the size of pointer and copy with the size of data structure. Then trigger the system memory page fault. Use the orignal data structure to get the object size. Fixes: 3a00c04212d1 ("drm/amd/display/dc/core/dc_link: Move some local data from the stack to the heap") Signed-off-by: Huang Rui Cc: Lee Jones Reviewed-by: Jinzhou.Su Signed-off-by: Alex Deucher --- drivers/gpu/drm/amd/display/dc/core/dc_link.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/drivers/gpu/drm/amd/display/dc/core/dc_link.c b/drivers/gpu/drm/amd/display/dc/core/dc_link.c index 69573d67056d..73178978ae74 100644 --- a/drivers/gpu/drm/amd/display/dc/core/dc_link.c +++ b/drivers/gpu/drm/amd/display/dc/core/dc_link.c @@ -1380,7 +1380,7 @@ static bool dc_link_construct(struct dc_link *link, DC_LOGGER_INIT(dc_ctx->logger); - info = kzalloc(sizeof(info), GFP_KERNEL); + info = kzalloc(sizeof(struct integrated_info), GFP_KERNEL); if (!info) goto create_fail; @@ -1545,7 +1545,7 @@ static bool dc_link_construct(struct dc_link *link, } if (bios->integrated_info) - memcpy(info, bios->integrated_info, sizeof(*info)); + memcpy(info, bios->integrated_info, sizeof(struct integrated_info)); /* Look for channel mapping corresponding to connector and device tag */ for (i = 0; i < MAX_NUMBER_OF_EXT_DISPLAY_PATH; i++) { -- 2.11.0