aboutsummaryrefslogtreecommitdiffstats
path: root/drivers/gpu/drm/amd/amdgpu/amdgpu_cgs.c
diff options
context:
space:
mode:
authorNicolai Hähnle <Nicolai.Haehnle@amd.com>2016-06-14 06:10:07 -0400
committerAlex Deucher <alexander.deucher@amd.com>2016-07-07 14:51:32 -0400
commit8db6f83bef165bc47d1f1cd56afdec37b47917d1 (patch)
treedbf58a3a206f26b40c6a3e4cf141d55b4b50bd21 /drivers/gpu/drm/amd/amdgpu/amdgpu_cgs.c
parent840dd4c60526e90b298e1ee019ffcdd25a90b780 (diff)
drm/amdgpu: remove cgs_acpi_method_argument member method_length
It was redundant with data_length, and in fact set incorrectly in one case leading to an out-of-bound read by memcpy in acpi_ut_copy_esimple_to_isimple, reported by CONFIG_KASAN=y. Signed-off-by: Nicolai Hähnle <Nicolai.Haehnle@amd.com> Reviewed-by: Alex Deucher <alexander.deucher@amd.com> Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Diffstat (limited to 'drivers/gpu/drm/amd/amdgpu/amdgpu_cgs.c')
-rw-r--r--drivers/gpu/drm/amd/amdgpu/amdgpu_cgs.c7
1 files changed, 2 insertions, 5 deletions
diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_cgs.c b/drivers/gpu/drm/amd/amdgpu/amdgpu_cgs.c
index 1f9fd07d5d16..9ffdd090d9ec 100644
--- a/drivers/gpu/drm/amd/amdgpu/amdgpu_cgs.c
+++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_cgs.c
@@ -973,11 +973,11 @@ static int amdgpu_cgs_acpi_eval_object(struct cgs_device *cgs_device,
973 params->integer.value = argument->value; 973 params->integer.value = argument->value;
974 break; 974 break;
975 case ACPI_TYPE_STRING: 975 case ACPI_TYPE_STRING:
976 params->string.length = argument->method_length; 976 params->string.length = argument->data_length;
977 params->string.pointer = argument->pointer; 977 params->string.pointer = argument->pointer;
978 break; 978 break;
979 case ACPI_TYPE_BUFFER: 979 case ACPI_TYPE_BUFFER:
980 params->buffer.length = argument->method_length; 980 params->buffer.length = argument->data_length;
981 params->buffer.pointer = argument->pointer; 981 params->buffer.pointer = argument->pointer;
982 break; 982 break;
983 default: 983 default:
@@ -1080,17 +1080,14 @@ int amdgpu_cgs_call_acpi_method(struct cgs_device *cgs_device,
1080 struct cgs_acpi_method_info info = {0}; 1080 struct cgs_acpi_method_info info = {0};
1081 1081
1082 acpi_input[0].type = CGS_ACPI_TYPE_INTEGER; 1082 acpi_input[0].type = CGS_ACPI_TYPE_INTEGER;
1083 acpi_input[0].method_length = sizeof(uint32_t);
1084 acpi_input[0].data_length = sizeof(uint32_t); 1083 acpi_input[0].data_length = sizeof(uint32_t);
1085 acpi_input[0].value = acpi_function; 1084 acpi_input[0].value = acpi_function;
1086 1085
1087 acpi_input[1].type = CGS_ACPI_TYPE_BUFFER; 1086 acpi_input[1].type = CGS_ACPI_TYPE_BUFFER;
1088 acpi_input[1].method_length = CGS_ACPI_MAX_BUFFER_SIZE;
1089 acpi_input[1].data_length = input_size; 1087 acpi_input[1].data_length = input_size;
1090 acpi_input[1].pointer = pinput; 1088 acpi_input[1].pointer = pinput;
1091 1089
1092 acpi_output.type = CGS_ACPI_TYPE_BUFFER; 1090 acpi_output.type = CGS_ACPI_TYPE_BUFFER;
1093 acpi_output.method_length = CGS_ACPI_MAX_BUFFER_SIZE;
1094 acpi_output.data_length = output_size; 1091 acpi_output.data_length = output_size;
1095 acpi_output.pointer = poutput; 1092 acpi_output.pointer = poutput;
1096 1093
generated by cgit v1.2.2 (git 2.25.0) at 2025-08-11 19:45:36 -0400