[Nouveau] [PATCH] drm/nouveau/pm: Prevent overflow in nouveau_perf_init()
Ben Skeggs
skeggsb at gmail.com
Wed Jun 15 20:43:59 PDT 2011
On Sat, 2011-06-11 at 13:30 +0100, Emil Velikov wrote:
> While parsing the perf table, there is no check if
> the num of entries read from the vbios is less than
> the currently allocated number.
>
> In case of a buggy vbios this will cause overwriting
> of kernel memory, causing aditional problems.
>
> Add a simple check in order to prevent the case
I've pushed this. I'm not entirely certain we shouldn't just bail out
completely if this is the case, I suspect that if there's this many, the
VBIOS image is probably very screwed.
This'll do for now :)
Ben.
>
> Signed-off-by: Emil Velikov <emil.l.velikov at gmail.com>
> ---
> drivers/gpu/drm/nouveau/nouveau_perf.c | 5 +++++
> 1 files changed, 5 insertions(+), 0 deletions(-)
>
> diff --git a/drivers/gpu/drm/nouveau/nouveau_perf.c b/drivers/gpu/drm/nouveau/nouveau_perf.c
> index f2d98c9..b0e995f 100644
> --- a/drivers/gpu/drm/nouveau/nouveau_perf.c
> +++ b/drivers/gpu/drm/nouveau/nouveau_perf.c
> @@ -225,6 +225,11 @@ nouveau_perf_init(struct drm_device *dev)
> entries = perf[2];
> }
>
> + if (entries > NOUVEAU_PM_MAX_LEVEL) {
> + NV_DEBUG(dev, "perf table has too many entries - buggy vbios?\n");
> + entries = NOUVEAU_PM_MAX_LEVEL;
> + }
> +
> entry = perf + headerlen;
> for (i = 0; i < entries; i++) {
> struct nouveau_pm_level *perflvl = &pm->perflvl[pm->nr_perflvl];
More information about the Nouveau
mailing list