[Intel-gfx] [PATCH 07/14] drm/i915: Validate BDB section before reading
Kumar, Shobhit
shobhit.kumar at intel.com
Thu Apr 24 17:53:24 CEST 2014
On 4/19/2014 2:34 AM, Rodrigo Vivi wrote:
> From: Chris Wilson <chris at chris-wilson.co.uk>
>
> Make sure that the whole BDB section is within the MMIO region prior to
> accessing it contents. That we don't read outside of the secion is left
> up to the individual section parsers.
>
> Signed-off-by: Chris Wilson <chris at chris-wilson.co.uk>
> Signed-off-by: Rodrigo Vivi <rodrigo.vivi at gmail.com>
> ---
> drivers/gpu/drm/i915/intel_bios.c | 8 +++++++-
> 1 file changed, 7 insertions(+), 1 deletion(-)
>
> diff --git a/drivers/gpu/drm/i915/intel_bios.c b/drivers/gpu/drm/i915/intel_bios.c
> index fc9e806..2945f57 100644
> --- a/drivers/gpu/drm/i915/intel_bios.c
> +++ b/drivers/gpu/drm/i915/intel_bios.c
> @@ -49,13 +49,19 @@ find_section(struct bdb_header *bdb, int section_id)
> total = bdb->bdb_size;
>
> /* walk the sections looking for section_id */
> - while (index < total) {
> + while (index + 3 < total) {
> current_id = *(base + index);
> index++;
> +
> current_size = *((u16 *)(base + index));
> index += 2;
> +
> + if (index + current_size > total)
> + return NULL;
> +
> if (current_id == section_id)
> return base + index;
> +
> index += current_size;
> }
>
Reviewed-by: Shobhit Kumar <shobhit.kumar at intel.com>
More information about the Intel-gfx
mailing list