From: Zicheng Qu quzicheng@huawei.com
mainline inclusion from mainline-v6.11 commit 8aa2864044b9d13e95fe224f32e808afbf79ecdf category: bugfix bugzilla: https://gitee.com/src-openeuler/kernel/issues/IAU9QT CVE: CVE-2024-46813
Reference: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?i...
--------------------------------
[WHY & HOW] dc->links[] has max size of MAX_LINKS and NULL is return when trying to access with out-of-bound index.
This fixes 3 OVERRUN and 1 RESOURCE_LEAK issues reported by Coverity.
Reviewed-by: Harry Wentland harry.wentland@amd.com Acked-by: Tom Chung chiahsuan.chung@amd.com Signed-off-by: Alex Hung alex.hung@amd.com Tested-by: Daniel Wheeler daniel.wheeler@amd.com Signed-off-by: Alex Deucher alexander.deucher@amd.com Conflicts: drivers/gpu/drm/amd/display/dc/core/dc_link_exports.c drivers/gpu/drm/amd/display/dc/dc_link.h [dc_get_link_at_index is in dc_link.h, not moved to dc_link_exports.c. MAX_LINKS not defined, use MAX_PIPES * 2 + 2.] Signed-off-by: Zicheng Qu quzicheng@huawei.com --- drivers/gpu/drm/amd/display/dc/dc_link.h | 3 +++ 1 file changed, 3 insertions(+)
diff --git a/drivers/gpu/drm/amd/display/dc/dc_link.h b/drivers/gpu/drm/amd/display/dc/dc_link.h index 266b93a705d5..1c110a7e159e 100644 --- a/drivers/gpu/drm/amd/display/dc/dc_link.h +++ b/drivers/gpu/drm/amd/display/dc/dc_link.h @@ -177,6 +177,9 @@ const struct dc_link_status *dc_link_get_status(const struct dc_link *dc_link); */ static inline struct dc_link *dc_get_link_at_index(struct dc *dc, uint32_t link_index) { + if (link_index >= MAX_PIPES * 2 + 2) + return NULL; + return dc->links[link_index]; }