drm/amd/pm: Fix memory some memory corruption

The "od_table" is a pointer to a large struct, but this code is doing
pointer math as if it were pointing to bytes.  It results in writing
far outside the struct.

Fixes: 2e8452ea4ef6 ("drm/amd/pm: fulfill the OD support for SMU13.0.0")
Fixes: 2a9aa52e4617 ("drm/amd/pm: fulfill the OD support for SMU13.0.7")
Reviewed-by: Evan Quan <evan.quan@amd.com>
Signed-off-by: Dan Carpenter <dan.carpenter@linaro.org>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>

diff --git a/drivers/gpu/drm/amd/pm/swsmu/smu13/smu_v13_0_0_ppt.c b/drivers/gpu/drm/amd/pm/swsmu/smu13/smu_v13_0_0_ppt.c
index 5ac5ea7..413e592 100644 (file)
--- a/drivers/gpu/drm/amd/pm/swsmu/smu13/smu_v13_0_0_ppt.c
+++ b/drivers/gpu/drm/amd/pm/swsmu/smu13/smu_v13_0_0_ppt.c
@@ -1535,7 +1535,7 @@ static int smu_v13_0_0_od_edit_dpm_table(struct smu_context *smu,
                 * settings. Thus we do not cache it.
                 */
                offset_of_featurectrlmask = offsetof(OverDriveTable_t, FeatureCtrlMask);
-               if (memcmp(od_table + offset_of_featurectrlmask,
+               if (memcmp((u8 *)od_table + offset_of_featurectrlmask,
                           table_context->user_overdrive_table + offset_of_featurectrlmask,
                           sizeof(OverDriveTableExternal_t) - offset_of_featurectrlmask)) {
                        smu_v13_0_0_dump_od_table(smu, od_table);
@@ -1548,7 +1548,7 @@ static int smu_v13_0_0_od_edit_dpm_table(struct smu_context *smu,
 
                        od_table->OverDriveTable.FeatureCtrlMask = 0;
                        memcpy(table_context->user_overdrive_table + offset_of_featurectrlmask,
-                              od_table + offset_of_featurectrlmask,
+                              (u8 *)od_table + offset_of_featurectrlmask,
                               sizeof(OverDriveTableExternal_t) - offset_of_featurectrlmask);
 
                        if (!memcmp(table_context->user_overdrive_table,

diff --git a/drivers/gpu/drm/amd/pm/swsmu/smu13/smu_v13_0_7_ppt.c b/drivers/gpu/drm/amd/pm/swsmu/smu13/smu_v13_0_7_ppt.c
index 0bd0863..cda4e81 100644 (file)
--- a/drivers/gpu/drm/amd/pm/swsmu/smu13/smu_v13_0_7_ppt.c
+++ b/drivers/gpu/drm/amd/pm/swsmu/smu13/smu_v13_0_7_ppt.c
@@ -1524,7 +1524,7 @@ static int smu_v13_0_7_od_edit_dpm_table(struct smu_context *smu,
                 * settings. Thus we do not cache it.
                 */
                offset_of_featurectrlmask = offsetof(OverDriveTable_t, FeatureCtrlMask);
-               if (memcmp(od_table + offset_of_featurectrlmask,
+               if (memcmp((u8 *)od_table + offset_of_featurectrlmask,
                           table_context->user_overdrive_table + offset_of_featurectrlmask,
                           sizeof(OverDriveTableExternal_t) - offset_of_featurectrlmask)) {
                        smu_v13_0_7_dump_od_table(smu, od_table);
@@ -1537,7 +1537,7 @@ static int smu_v13_0_7_od_edit_dpm_table(struct smu_context *smu,
 
                        od_table->OverDriveTable.FeatureCtrlMask = 0;
                        memcpy(table_context->user_overdrive_table + offset_of_featurectrlmask,
-                              od_table + offset_of_featurectrlmask,
+                              (u8 *)od_table + offset_of_featurectrlmask,
                               sizeof(OverDriveTableExternal_t) - offset_of_featurectrlmask);
 
                        if (!memcmp(table_context->user_overdrive_table,