[PATCH] drm/radeon: avoid kernel segfault in vce when gpu fails to resume

[Christian König]

Am 06.02.2017 um 21:13 schrieb j.glisse at gmail.com:
> From: Jérôme Glisse <jglisse at redhat.com>
>
> When GPU fails to resume we can not trust that value we write to GPU
> memory will post and we might get garbage (more like 0xffffffff on
> x86) when reading them back. This trigger out of range memory access
> in the kernel inside the vce resume code path.
>
> This patch use canonical value to compute offset instead of reading
> back value from GPU memory.
>
> Signed-off-by: Jérôme Glisse <jglisse at redhat.com>

Good point, path is Reviewed-by: Christian König <christian.koenig at amd.com>.

Regards,
Christian.

> ---
>   drivers/gpu/drm/radeon/vce_v1_0.c | 2 +-
>   1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/drivers/gpu/drm/radeon/vce_v1_0.c b/drivers/gpu/drm/radeon/vce_v1_0.c
> index a01efe3..f541a4b 100644
> --- a/drivers/gpu/drm/radeon/vce_v1_0.c
> +++ b/drivers/gpu/drm/radeon/vce_v1_0.c
> @@ -196,7 +196,7 @@ int vce_v1_0_load_fw(struct radeon_device *rdev, uint32_t *data)
>   	memset(&data[5], 0, 44);
>   	memcpy(&data[16], &sign[1], rdev->vce_fw->size - sizeof(*sign));
>   
> -	data += le32_to_cpu(data[4]) / 4;
> +	data += (le32_to_cpu(sign->len) + 64) / 4;
>   	data[0] = sign->val[i].sigval[0];
>   	data[1] = sign->val[i].sigval[1];
>   	data[2] = sign->val[i].sigval[2];