[Nouveau] [Bug 111371] [NV04] bios OOB on kernel driver initialization

Sun Aug 11 20:53:55 UTC 2019

https://bugs.freedesktop.org/show_bug.cgi?id=111371

--- Comment #9 from Ilia Mirkin <imirkin at alum.mit.edu> ---
(In reply to Jorge Natz from comment #6)
> When I try to use nvagetbios without arguments, it gives me this message:

Congratulations on having such an old card. Esp one that still works, and a
motherboard you can plug it into. From the PRAMIN data, we can see that it's

16MB Diamond Viper TNT AGP Video Card

(which you probably knew already). So nvbios is (mostly) OK with this:

~/src/envytools/nvbios/nvbios pramin.bios 
warning: No strap specified
BIOS size 0x8000 [orig: 0x10000], 1 valid parts:

BIOS part 0 at 0x0 size 0x8000 [init: 0x8800]. Sig:
PCIR [rev 0x00]:
PCI device: 0x10de:0x0020, class 0x030000
Code type 0x00, rev 0x0001
PCIR indicator: 0x80

BIOS type: NV04

Subsystem id: 0x1092:0x5802

BMP 0x00.01 at 0x2df2

Bios version 0x30.2e.8e.7e

(note the straps thing is unrelated to this).

No tables at all decoded by nvbios though. I think that was semi-common though
in those days. And the PCIR signature really is at 0x3b6f.

It's weird since the bytes "PCIR" are definitely there in the dumps at 0x3b6f,
however the driver clearly sees a 0 instead of 0x52494350. Oh, that's because
it thinks they're out-of-bounds... which in turn looks like it's because we
only pre-fetch the first 4K. To make this work, we'd have to fetch the first
16K. Annoying.

OK, so a super-quick workaround is to change

drivers/gpu/drm/nouveau/nvkm/subdev/bios/shadow.c:shadow_image

                if (!shadow_fetch(bios, mthd, offset + 0x1000)) {

to

                if (!shadow_fetch(bios, mthd, offset + 0x4000)) {

This isn't generally OK - I don't know that all VBIOS's are even that large,
but it's OK for these methods.

Ben - what do you think an appropriate workaround is for something like this?

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.freedesktop.org/archives/nouveau/attachments/20190811/fb778944/attachment.html>