This is a note to let you know that I've just added the patch titled drm/msm/a6xx: fix a potential overflow issue to the 5.9-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary The filename of the patch is: drm-msm-a6xx-fix-a-potential-overflow-issue.patch and it can be found in the queue-5.9 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable@xxxxxxxxxxxxxxx> know about it. commit 9cae6794abb7e9117076fcae5e52dce3f999cb0c Author: Zhenzhong Duan <zhenzhong.duan@xxxxxxxxx> Date: Sat Sep 12 18:25:58 2020 +0800 drm/msm/a6xx: fix a potential overflow issue [ Upstream commit 08d3ab4b46339bc6f97e83b54a3fb4f8bf8f4cd9 ] It's allocating an array of a6xx_gpu_state_obj structure rathor than its pointers. This patch fix it. Signed-off-by: Zhenzhong Duan <zhenzhong.duan@xxxxxxxxx> Signed-off-by: Rob Clark <robdclark@xxxxxxxxxxxx> Signed-off-by: Sasha Levin <sashal@xxxxxxxxxx> diff --git a/drivers/gpu/drm/msm/adreno/a6xx_gpu_state.c b/drivers/gpu/drm/msm/adreno/a6xx_gpu_state.c index b12f5b4a1bea9..e9ede19193b0e 100644 --- a/drivers/gpu/drm/msm/adreno/a6xx_gpu_state.c +++ b/drivers/gpu/drm/msm/adreno/a6xx_gpu_state.c @@ -875,7 +875,7 @@ static void a6xx_get_indexed_registers(struct msm_gpu *gpu, int i; a6xx_state->indexed_regs = state_kcalloc(a6xx_state, count, - sizeof(a6xx_state->indexed_regs)); + sizeof(*a6xx_state->indexed_regs)); if (!a6xx_state->indexed_regs) return;