PCI/BIOS/int10 handling in X.org

Thomas Winischhofer thomas at winischhofer.net
Fri Jul 15 19:14:15 PDT 2005 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Jon Smirl wrote:
>>(OT: Besides, there is a bug in that code. The size of the ROM which is
>>used to map the area is not checked against the byte from the ROM which
>>is returned to the called as romsize. I have a case here where this byte
>>is wrong: It says the BIOS is 64k, but in fact the BIOS is only 32k - as
>>correctly shown by the pci resource length. You should at least check
>>that the size info from the BIOS isn't bigger than the size of the area
>>you mapped. If the caller uses the returned romsize to copy the BIOS
>>image, this will lead to an Ooops.)
> 
> 
> The people on the PCI list recommend this code to determine the size.
> The size byte after the 55 AA is almost always wrong on ROMs that were
> built for different platforms. The byte after 55 AA represents pages
> and there is disagreement what the page size is.
> 
> from drivers/pci/rom.c
> 	/*
> 	 * Try to find the true size of the ROM since sometimes the PCI window
> 	 * size is much larger than the actual size of the ROM.
> 	 * True size is important if the ROM is going to be copied.
> 	 */
> 	image = rom;
> 	do {
> 		void __iomem *pds;
> 		/* Standard PCI ROMs start out with these bytes 55 AA */
> 		if (readb(image) != 0x55)
> 			break;
> 		if (readb(image + 1) != 0xAA)
> 			break;
> 		/* get the PCI data structure and check its signature */
> 		pds = image + readw(image + 24);
> 		if (readb(pds) != 'P')
> 			break;
> 		if (readb(pds + 1) != 'C')
> 			break;
> 		if (readb(pds + 2) != 'I')
> 			break;
> 		if (readb(pds + 3) != 'R')
> 			break;
> 		last_image = readb(pds + 21) & 0x80;
> 		/* this length is reliable */


No, it's not. Whatever whoever says.


> 		image += readw(pds + 16) * 512;



> 	} while (!last_image);

At least check that the size returned is not bigger than the
(preliminaray) size you submitted to ioremap.

- --
Thomas Winischhofer
Vienna/Austria
thomas AT winischhofer DOT net          http://www.winischhofer.net/

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFC2G13zydIRAktyUcRAhjFAKDYxkn0an8c/awHkZ3ZD14Nh4lS+wCgvSry
dUw42KtwSWk2WVCq9VnBXrY=
=q61I
-----END PGP SIGNATURE-----

More information about the xorg mailing list