[PATCH] drm/amd/pm: Fix memory some memory corruption

Tue, 06 Jun 2023 06:05:36 -0700 

The "od_table" is a pointer to a large struct, but this code is doing
pointer math as if it were pointing to bytes.  It results in writing
far outside the struct.

Fixes: f0a0c659fb96 ("drm/amd/pm: fulfill the OD support for SMU13.0.0")
Fixes: e3afa4f988b3 ("drm/amd/pm: fulfill the OD support for SMU13.0.7")
Signed-off-by: Dan Carpenter <dan.carpen...@linaro.org>
---
 drivers/gpu/drm/amd/pm/swsmu/smu13/smu_v13_0_0_ppt.c | 4 ++--
 drivers/gpu/drm/amd/pm/swsmu/smu13/smu_v13_0_7_ppt.c | 4 ++--
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/drivers/gpu/drm/amd/pm/swsmu/smu13/smu_v13_0_0_ppt.c 
b/drivers/gpu/drm/amd/pm/swsmu/smu13/smu_v13_0_0_ppt.c
index 5ac5ea770c1c..413e592f0ed6 100644
--- a/drivers/gpu/drm/amd/pm/swsmu/smu13/smu_v13_0_0_ppt.c
+++ b/drivers/gpu/drm/amd/pm/swsmu/smu13/smu_v13_0_0_ppt.c
@@ -1535,7 +1535,7 @@ static int smu_v13_0_0_od_edit_dpm_table(struct 
smu_context *smu,
                 * settings. Thus we do not cache it.
                 */
                offset_of_featurectrlmask = offsetof(OverDriveTable_t, 
FeatureCtrlMask);
-               if (memcmp(od_table + offset_of_featurectrlmask,
+               if (memcmp((u8 *)od_table + offset_of_featurectrlmask,
                           table_context->user_overdrive_table + 
offset_of_featurectrlmask,
                           sizeof(OverDriveTableExternal_t) - 
offset_of_featurectrlmask)) {
                        smu_v13_0_0_dump_od_table(smu, od_table);
@@ -1548,7 +1548,7 @@ static int smu_v13_0_0_od_edit_dpm_table(struct 
smu_context *smu,
 
                        od_table->OverDriveTable.FeatureCtrlMask = 0;
                        memcpy(table_context->user_overdrive_table + 
offset_of_featurectrlmask,
-                              od_table + offset_of_featurectrlmask,
+                              (u8 *)od_table + offset_of_featurectrlmask,
                               sizeof(OverDriveTableExternal_t) - 
offset_of_featurectrlmask);
 
                        if (!memcmp(table_context->user_overdrive_table,
diff --git a/drivers/gpu/drm/amd/pm/swsmu/smu13/smu_v13_0_7_ppt.c 
b/drivers/gpu/drm/amd/pm/swsmu/smu13/smu_v13_0_7_ppt.c
index 0bd086360efa..cda4e818aab7 100644
--- a/drivers/gpu/drm/amd/pm/swsmu/smu13/smu_v13_0_7_ppt.c
+++ b/drivers/gpu/drm/amd/pm/swsmu/smu13/smu_v13_0_7_ppt.c
@@ -1524,7 +1524,7 @@ static int smu_v13_0_7_od_edit_dpm_table(struct 
smu_context *smu,
                 * settings. Thus we do not cache it.
                 */
                offset_of_featurectrlmask = offsetof(OverDriveTable_t, 
FeatureCtrlMask);
-               if (memcmp(od_table + offset_of_featurectrlmask,
+               if (memcmp((u8 *)od_table + offset_of_featurectrlmask,
                           table_context->user_overdrive_table + 
offset_of_featurectrlmask,
                           sizeof(OverDriveTableExternal_t) - 
offset_of_featurectrlmask)) {
                        smu_v13_0_7_dump_od_table(smu, od_table);
@@ -1537,7 +1537,7 @@ static int smu_v13_0_7_od_edit_dpm_table(struct 
smu_context *smu,
 
                        od_table->OverDriveTable.FeatureCtrlMask = 0;
                        memcpy(table_context->user_overdrive_table + 
offset_of_featurectrlmask,
-                              od_table + offset_of_featurectrlmask,
+                              (u8 *)od_table + offset_of_featurectrlmask,
                               sizeof(OverDriveTableExternal_t) - 
offset_of_featurectrlmask);
 
                        if (!memcmp(table_context->user_overdrive_table,
-- 
2.39.2

Reply via email to