riscv: amp: fix rpmsg driver override kfree static memory

User can not modify rpmsg sysfs driver_override file,
because rpdev->driver_override is allocate in the static memory.
So dynamic allocate memory for rpdev->driver_override.

Signed-off-by: Charles Ci-Jyun Wu <[email protected]>
Reviewed-by: Dylan Jhong <[email protected]>
Reviewed-by: Randolph <[email protected]>

Author: CharlesWu465

drivers/rpmsg/rpmsg_internal.h

@@ -90,8 +90,19 @@ int rpmsg_release_channel(struct rpmsg_device *rpdev,
  */
 static inline int rpmsg_chrdev_register_device(struct rpmsg_device *rpdev)
 {
-	strcpy(rpdev->id.name, "rpmsg_chrdev");
-	rpdev->driver_override = "rpmsg_chrdev";
+	char *driver = "rpmsg_chrdev", *driver_override;
+
+	strcpy(rpdev->id.name, driver);
+
+	driver_override = kstrndup(driver, strlen(driver), GFP_KERNEL);
+	if (!driver_override)
+		return -ENOMEM;
+
+	driver_override[strcspn(driver_override, "\n")] = '\0';
+
+	device_lock(&rpdev->dev);
+	rpdev->driver_override = driver_override;
+	device_unlock(&rpdev->dev);
 
 	return rpmsg_register_device(rpdev);
 }

drivers/rpmsg/rpmsg_ns.c

@@ -20,8 +20,19 @@
  */
 int rpmsg_ns_register_device(struct rpmsg_device *rpdev)
 {
-	strcpy(rpdev->id.name, "rpmsg_ns");
-	rpdev->driver_override = "rpmsg_ns";
+	char *driver = "rpmsg_ns", *driver_override;
+	strcpy(rpdev->id.name, driver);
+
+	driver_override = kstrndup(driver, strlen(driver), GFP_KERNEL);
+	if (!driver_override)
+		return -ENOMEM;
+
+	driver_override[strcspn(driver_override, "\n")] = '\0';
+
+	device_lock(&rpdev->dev);
+	rpdev->driver_override = driver_override;
+	device_unlock(&rpdev->dev);
+
 	rpdev->src = RPMSG_NS_ADDR;
 	rpdev->dst = RPMSG_NS_ADDR;