[Nouveau] [PATCH] drm/nv50/fb: Fix nullptr-deref on IGPs

Emil Velikov emil.l.velikov at gmail.com
Tue Jan 8 21:46:40 PST 2013 

On 09/01/13 02:40, Roy Spliet wrote:
> When COMP_MAX_TAG == 0, the tags mm was uninitialised. Fixed by initialising with zero length.
> 
> v2: Fix style error
> 
> Signed-off-by: Roy Spliet <r.spliet at student.tudelft.nl>
> Tested-by: Roy Spliet <r.spliet at student.tudelft.nl>
> ---
>  drivers/gpu/drm/nouveau/core/subdev/fb/base.c | 9 +++++++--
>  drivers/gpu/drm/nouveau/core/subdev/fb/nv50.c | 5 +++--
>  2 files changed, 10 insertions(+), 4 deletions(-)
> 
> diff --git a/drivers/gpu/drm/nouveau/core/subdev/fb/base.c b/drivers/gpu/drm/nouveau/core/subdev/fb/base.c
> index d6d1600..e1b5773 100644
> --- a/drivers/gpu/drm/nouveau/core/subdev/fb/base.c
> +++ b/drivers/gpu/drm/nouveau/core/subdev/fb/base.c
> @@ -86,8 +86,13 @@ nouveau_fb_preinit(struct nouveau_fb *pfb)
>  			return ret;
>  	}
>  
> -	if (!nouveau_mm_initialised(&pfb->tags) && tags) {
> -		ret = nouveau_mm_init(&pfb->tags, 0, ++tags, 1);
Btw the commit that introduced this code, changed "tags" to "++tags"

> +	if (!nouveau_mm_initialised(&pfb->tags)) {
> +		if(tags) {
> +			ret = nouveau_mm_init(&pfb->tags, 0, ++tags, 1);
> +		} else {
> +			ret = nouveau_mm_init(&pfb->tags, 0, 0, 1);
> +		}
> +
>  		if (ret)
>  			return ret;
>  	}
> diff --git a/drivers/gpu/drm/nouveau/core/subdev/fb/nv50.c b/drivers/gpu/drm/nouveau/core/subdev/fb/nv50.c
> index a4338d9..0772ec9 100644
> --- a/drivers/gpu/drm/nouveau/core/subdev/fb/nv50.c
> +++ b/drivers/gpu/drm/nouveau/core/subdev/fb/nv50.c
> @@ -101,7 +101,7 @@ nv50_fb_vram_init(struct nouveau_fb *pfb)
>  	struct nouveau_bios *bios = nouveau_bios(device);
>  	const u32 rsvd_head = ( 256 * 1024) >> 12; /* vga memory */
>  	const u32 rsvd_tail = (1024 * 1024) >> 12; /* vbios etc */
> -	u32 size;
> +	u32 size, tags = 0;
>  	int ret;
>  
>  	pfb->ram.size = nv_rd32(pfb, 0x10020c);
> @@ -142,10 +142,11 @@ nv50_fb_vram_init(struct nouveau_fb *pfb)
>  			return ret;
>  
>  		pfb->ram.ranks = (nv_rd32(pfb, 0x100200) & 0x4) ? 2 : 1;
> +		tags = nv_rd32(pfb, 0x100320);
>  		break;
>  	}
>  
> -	return nv_rd32(pfb, 0x100320);
> +	return tags;
>  }
>  
>  static int
>

More information about the Nouveau mailing list