On Mon, 24 Mar 2025, Jani Nikula jani.nikula@linux.intel.com wrote:
On Mon, 24 Mar 2025, Nicolas Chauvet kwizart@gmail.com wrote:
Enlarge the signature field to accept the string termination.
Cc: stable@vger.kernel.org Fixes: 93615d59912 ("Revert drm/i915/gvt: Fix out-of-bounds buffer write into opregion->signature[]") Signed-off-by: Nicolas Chauvet kwizart@gmail.com
Nope, can't do that. The packed struct is used for parsing data in memory.
Okay, so I mixed this up with display/intel_opregion.c. So it's not used for parsing here... but it's used for generating the data in memory, and we can't change the layout or contents.
Regardless, we can't do either patch 2 or patch 3.
BR, Jani.
BR, Jani.
drivers/gpu/drm/i915/gvt/opregion.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/gpu/drm/i915/gvt/opregion.c b/drivers/gpu/drm/i915/gvt/opregion.c index 9a8ead6039e2..0f11cd6ba383 100644 --- a/drivers/gpu/drm/i915/gvt/opregion.c +++ b/drivers/gpu/drm/i915/gvt/opregion.c @@ -43,7 +43,7 @@ #define DEVICE_TYPE_EFP4 0x10 struct opregion_header {
- u8 signature[16];
- u8 signature[32]; u32 size; u32 opregion_ver; u8 bios_ver[32];