drm/amd/display: fix the system memory page fault because of copy overflow

The buffer is allocated with the size of pointer and copy with the size of
data structure. Then trigger the system memory page fault. Use the
orignal data structure to get the object size.

Fixes: 3a00c04212d1 ("drm/amd/display/dc/core/dc_link: Move some local data from the stack to the heap")
Signed-off-by: Huang Rui <[email protected]>
Cc: Lee Jones <[email protected]>
Reviewed-by: Jinzhou.Su <[email protected]>
Signed-off-by: Alex Deucher <[email protected]>

diff --git a/drivers/gpu/drm/amd/display/dc/core/dc_link.c b/drivers/gpu/drm/amd/display/dc/core/dc_link.c
index 69573d67056d9613685d5cf9b39510ce82895192..73178978ae74a3fd8f01ae82626e30399cf87022 100644 (file)
--- a/drivers/gpu/drm/amd/display/dc/core/dc_link.c
+++ b/drivers/gpu/drm/amd/display/dc/core/dc_link.c
@@ -1380,7 +1380,7 @@ static bool dc_link_construct(struct dc_link *link,
 
        DC_LOGGER_INIT(dc_ctx->logger);
 
-       info = kzalloc(sizeof(info), GFP_KERNEL);
+       info = kzalloc(sizeof(struct integrated_info), GFP_KERNEL);
        if (!info)
                goto create_fail;
 
@@ -1545,7 +1545,7 @@ static bool dc_link_construct(struct dc_link *link,
        }
 
        if (bios->integrated_info)
-               memcpy(info, bios->integrated_info, sizeof(*info));
+               memcpy(info, bios->integrated_info, sizeof(struct integrated_info));
 
        /* Look for channel mapping corresponding to connector and device tag */
        for (i = 0; i < MAX_NUMBER_OF_EXT_DISPLAY_PATH; i++) {