[Nouveau] [PATCH] drm/nouveau/mxm: fix null deref on load

Linus Torvalds torvalds at linux-foundation.org
Sun Jan 19 19:06:04 PST 2014 

Ok, I applied this, even though I hate the timing.

I also suspect that that whole commit 61b365a50 ("drm/nouveau:
populate master subdev pointer only when fully constructed") is just
completely buggered and the wrong thing to do. It also caused another
nasty change (fdd239ac99a0 "drm/nouveau: fix null ptr dereferences on
some boards") because it wasn't just the mxm data that was missing.

Whatever. It is what it is.

              Linus


On Sun, Jan 19, 2014 at 7:30 AM, Ilia Mirkin <imirkin at alum.mit.edu> wrote:
> Since commit 61b365a50 (drm/nouveau: populate master subdev pointer only
> when fully constructed), the nouveau_mxm(bios) call will return NULL,
> since it's still being called from the constructor. Instead, pass the
> mxm pointer via the unused data field.
>
> See https://bugs.freedesktop.org/show_bug.cgi?id=73791
>
> Reported-by: Andreas Reis <andreas.reis at gmail.com>
> Tested-by: Andreas Reis <andreas.reis at gmail.com>
> Signed-off-by: Ilia Mirkin <imirkin at alum.mit.edu>
> ---
>
> 3.13 release time is approaching, so I'm expanding the To list, as this is a
> crashing bug for potentially a lot of people (not sure how common the MXM
> stuff is) and it'd be silly not to include the fix because someone along the
> chain wasn't around. Hope I'm not stepping on any toes by sending to the full
> upstream path...
>
>  drivers/gpu/drm/nouveau/core/subdev/mxm/nv50.c | 4 ++--
>  1 file changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/drivers/gpu/drm/nouveau/core/subdev/mxm/nv50.c b/drivers/gpu/drm/nouveau/core/subdev/mxm/nv50.c
> index af129c2..0bd3774 100644
> --- a/drivers/gpu/drm/nouveau/core/subdev/mxm/nv50.c
> +++ b/drivers/gpu/drm/nouveau/core/subdev/mxm/nv50.c
> @@ -100,7 +100,7 @@ mxm_match_dcb(struct nouveau_mxm *mxm, u8 *data, void *info)
>  static int
>  mxm_dcb_sanitise_entry(struct nouveau_bios *bios, void *data, int idx, u16 pdcb)
>  {
> -       struct nouveau_mxm *mxm = nouveau_mxm(bios);
> +       struct nouveau_mxm *mxm = data;
>         struct context ctx = { .outp = (u32 *)(bios->data + pdcb) };
>         u8 type, i2cidx, link, ver, len;
>         u8 *conn;
> @@ -199,7 +199,7 @@ mxm_dcb_sanitise(struct nouveau_mxm *mxm)
>                 return;
>         }
>
> -       dcb_outp_foreach(bios, NULL, mxm_dcb_sanitise_entry);
> +       dcb_outp_foreach(bios, mxm, mxm_dcb_sanitise_entry);
>         mxms_foreach(mxm, 0x01, mxm_show_unmatched, NULL);
>  }
>
> --
> 1.8.3.2
>

More information about the Nouveau mailing list