[Nouveau] [PATCH] drm/nouveau/pm: Prevent overflow in nouveau_perf_init()
Emil Velikov
emil.l.velikov at gmail.com
Thu Jun 16 15:40:21 PDT 2011
On Thu, 16 Jun 2011 04:43:59 +0100, Ben Skeggs <skeggsb at gmail.com> wrote:
> On Sat, 2011-06-11 at 13:30 +0100, Emil Velikov wrote:
>> While parsing the perf table, there is no check if
>> the num of entries read from the vbios is less than
>> the currently allocated number.
>>
>> In case of a buggy vbios this will cause overwriting
>> of kernel memory, causing aditional problems.
>>
>> Add a simple check in order to prevent the case
> I've pushed this. I'm not entirely certain we shouldn't just bail out
> completely if this is the case, I suspect that if there's this many, the
> VBIOS image is probably very screwed.
>
> This'll do for now :)
>
> Ben.
The case I was thinking about had a completely screwed vbios (see
the attached dmesg) and bailing out would be a good idea.
The main reason could have been the method used to fetch
it as nvclock (uses PRAMIN) worked fine on the system
Cheers
Emil
>>
>> Signed-off-by: Emil Velikov <emil.l.velikov at gmail.com>
>> ---
>> drivers/gpu/drm/nouveau/nouveau_perf.c | 5 +++++
>> 1 files changed, 5 insertions(+), 0 deletions(-)
>>
>> diff --git a/drivers/gpu/drm/nouveau/nouveau_perf.c b/drivers/gpu/drm/nouveau/nouveau_perf.c
>> index f2d98c9..b0e995f 100644
>> --- a/drivers/gpu/drm/nouveau/nouveau_perf.c
>> +++ b/drivers/gpu/drm/nouveau/nouveau_perf.c
>> @@ -225,6 +225,11 @@ nouveau_perf_init(struct drm_device *dev)
>> entries = perf[2];
>> }
>>
>> + if (entries > NOUVEAU_PM_MAX_LEVEL) {
>> + NV_DEBUG(dev, "perf table has too many entries - buggy vbios?\n");
>> + entries = NOUVEAU_PM_MAX_LEVEL;
>> + }
>> +
>> entry = perf + headerlen;
>> for (i = 0; i < entries; i++) {
>> struct nouveau_pm_level *perflvl = &pm->perflvl[pm->nr_perflvl];
>
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: dmesg.log
Type: application/octet-stream
Size: 98710 bytes
Desc: not available
URL: <http://lists.freedesktop.org/archives/nouveau/attachments/20110616/f83e7d87/attachment-0001.obj>
More information about the Nouveau
mailing list