From afb11cdc7e101304041a092e04e87f42635493b7 Mon Sep 17 00:00:00 2001
From: Takashi Iwai <tiwai@suse.de>
Date: May 25 2023 06:19:01 +0000
Subject: drm/displayid: add displayid_get_header() and check bounds

better (git-fixes).

---

diff --git a/patches.suse/drm-displayid-add-displayid_get_header-and-check-bou.patch b/patches.suse/drm-displayid-add-displayid_get_header-and-check-bou.patch
new file mode 100644
index 0000000..5a4fe2d
--- /dev/null
+++ b/patches.suse/drm-displayid-add-displayid_get_header-and-check-bou.patch
@@ -0,0 +1,62 @@
+From 5bacecc3c56131c31f18b23d366f2184328fd9cf Mon Sep 17 00:00:00 2001
+From: Jani Nikula <jani.nikula@intel.com>
+Date: Thu, 16 Feb 2023 22:44:58 +0200
+Subject: [PATCH] drm/displayid: add displayid_get_header() and check bounds better
+Git-commit: 5bacecc3c56131c31f18b23d366f2184328fd9cf
+Patch-mainline: v6.4-rc1
+References: git-fixes
+
+Add a helper to get a pointer to struct displayid_header. To be
+pedantic, add buffer overflow checks to not touch the base if that
+itself would overflow.
+
+Cc: Iaroslav Boliukin <iam@lach.pw>
+Cc: Dmitry Osipenko <dmitry.osipenko@collabora.com>
+Signed-off-by: Jani Nikula <jani.nikula@intel.com>
+Tested-by: Dmitry Osipenko <dmitry.osipenko@collabora.com>
+Reviewed-by: Dmitry Osipenko <dmitry.osipenko@collabora.com>
+Signed-off-by: Dmitry Osipenko <dmitry.osipenko@collabora.com>
+Link: https://patchwork.freedesktop.org/patch/msgid/4a03b3a5132642d3cdb6d4c2641422955a917292.1676580180.git.jani.nikula@intel.com
+Acked-by: Takashi Iwai <tiwai@suse.de>
+
+---
+ drivers/gpu/drm/drm_displayid.c | 17 ++++++++++++++++-
+ 1 file changed, 16 insertions(+), 1 deletion(-)
+
+diff --git a/drivers/gpu/drm/drm_displayid.c b/drivers/gpu/drm/drm_displayid.c
+index 38ea8203df45..7d03159dc146 100644
+--- a/drivers/gpu/drm/drm_displayid.c
++++ b/drivers/gpu/drm/drm_displayid.c
+@@ -7,13 +7,28 @@
+ #include <drm/drm_edid.h>
+ #include <drm/drm_print.h>
+ 
++static const struct displayid_header *
++displayid_get_header(const u8 *displayid, int length, int index)
++{
++	const struct displayid_header *base;
++
++	if (sizeof(*base) > length - index)
++		return ERR_PTR(-EINVAL);
++
++	base = (const struct displayid_header *)&displayid[index];
++
++	return base;
++}
++
+ static int validate_displayid(const u8 *displayid, int length, int idx)
+ {
+ 	int i, dispid_length;
+ 	u8 csum = 0;
+ 	const struct displayid_header *base;
+ 
+-	base = (const struct displayid_header *)&displayid[idx];
++	base = displayid_get_header(displayid, length, idx);
++	if (IS_ERR(base))
++		return PTR_ERR(base);
+ 
+ 	DRM_DEBUG_KMS("base revision 0x%x, length %d, %d %d\n",
+ 		      base->rev, base->bytes, base->prod_id, base->ext_count);
+-- 
+2.35.3
+
diff --git a/series.conf b/series.conf
index 798cc02..8471b3b 100644
--- a/series.conf
+++ b/series.conf
@@ -19824,6 +19824,7 @@
 	patches.suse/arm64-kgdb-Set-PSTATE.SS-to-1-to-re-enable-single-st.patch
 	patches.suse/drm-rockchip-Drop-unbalanced-obj-unref.patch
 	patches.suse/drm-vgem-add-missing-mutex_destroy.patch
+	patches.suse/drm-displayid-add-displayid_get_header-and-check-bou.patch
 	patches.suse/drm-probe-helper-Cancel-previous-job-before-starting.patch
 	patches.suse/drm-bridge-adv7533-Fix-adv7533_mode_valid-for-adv753.patch
 	patches.suse/drm-i915-dg2-Add-HDMI-pixel-clock-frequencies-267.30.patch