Gentwo Git Trees - linux/.git/commit

drm/amdgpu: Fix pointer casts when reading dynamic region sizes

The function amdgpu_virt_get_dynamic_data_info() writes a 64-bit size
value. In two places (amdgpu_bios.c and amdgpu_discovery.c), the code
passed the address of a smaller variable by casting it to u64 *, which
is unsafe.

This could make the function write more bytes than the smaller variable
can hold, possibly overwriting nearby memory. Reported by static
analysis tools.

v2: Dynamic region size comes from the host (SR-IOV setup) and is always
fixed to 5 MB. (Lijo/Ellen)

5 MB easily fits inside a 32-bit value, so using a 64-bit type is not
needed. It also avoids extra type casts

Fixes: b4a8fcc7826a ("drm/amdgpu: Add logic for VF ipd and VF bios to init from dynamic crit_region offsets")
Reported by: Dan Carpenter <dan.carpenter@linaro.org>
Cc: Ellen Pan <yunru.pan@amd.com>
Cc: Christian König <christian.koenig@amd.com>
Cc: Alex Deucher <alexander.deucher@amd.com>
Signed-off-by: Srinivasan Shanmugam <srinivasan.shanmugam@amd.com>
Reviewed-by: Lijo Lazar <lijo.lazar@amd.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>

author	Srinivasan Shanmugam <srinivasan.shanmugam@amd.com>
	Thu, 23 Oct 2025 05:22:21 +0000 (10:52 +0530)
committer	Alex Deucher <alexander.deucher@amd.com>
	Tue, 28 Oct 2025 13:55:16 +0000 (09:55 -0400)
commit	90ef1dcb1d2bb84ad998e845e26a2a297a7ddfd6
tree	7656cf3649f0674a2262b7aa65d3ca5d3d8dba5a	tree \| snapshot
parent	84564d2920b8c858d96cb7471b45203d35f63b61	commit \| diff

drivers/gpu/drm/amd/amdgpu/amdgpu_bios.c		diff \| blob \| blame \| history
drivers/gpu/drm/amd/amdgpu/amdgpu_discovery.c		diff \| blob \| blame \| history
drivers/gpu/drm/amd/amdgpu/amdgpu_virt.c		diff \| blob \| blame \| history
drivers/gpu/drm/amd/amdgpu/amdgpu_virt.h		diff \| blob \| blame \| history