[Nouveau] [PATCH] drm/nouveau/bios: use size provided by _ROM method
Lekensteyn
lekensteyn at gmail.com
Sun Oct 21 03:53:15 PDT 2012
From: Peter Wu <lekensteyn at gmail.com>
Since commit "drm/nouveau/bios: attempt to fetch entire acpi rom image in one
shot", the ACPI spec is broken in order to gain speed. In theory, since the
_ROM method is supposed to return 4 KiB only, the returned buffer size could be
less than the requested length. This could lead to reading past the buffer
boundaries which could make worse thing happen. To fix that, do not read more
than the buffer contains. As an extra side-effect, the function returns the
bytes that have really been read which is more natural.
Signed-off-by: Peter Wu <lekensteyn at gmail.com>
---
drivers/gpu/drm/nouveau/nouveau_acpi.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/gpu/drm/nouveau/nouveau_acpi.c b/drivers/gpu/drm/nouveau/nouveau_acpi.c
index 48783e1..368e45c 100644
--- a/drivers/gpu/drm/nouveau/nouveau_acpi.c
+++ b/drivers/gpu/drm/nouveau/nouveau_acpi.c
@@ -356,6 +356,7 @@ static int nouveau_rom_call(acpi_handle rom_handle, uint8_t *bios,
return -ENODEV;
}
obj = (union acpi_object *)buffer.pointer;
+ len = min(len, (int)obj->buffer.size);
memcpy(bios+offset, obj->buffer.pointer, len);
kfree(buffer.pointer);
return len;
--
1.7.9.5
More information about the Nouveau
mailing list