On Sat, 2011-06-11 at 13:30 +0100, Emil Velikov wrote: > While parsing the perf table, there is no check if > the num of entries read from the vbios is less than > the currently allocated number. > > In case of a buggy vbios this will cause overwriting > of kernel memory, causing aditional problems. > > Add a simple check in order to prevent the case I've pushed this. I'm not entirely certain we shouldn't just bail out completely if this is the case, I suspect that if there's this many, the VBIOS image is probably very screwed.
This'll do for now :) Ben. > > Signed-off-by: Emil Velikov <[email protected]> > --- > drivers/gpu/drm/nouveau/nouveau_perf.c | 5 +++++ > 1 files changed, 5 insertions(+), 0 deletions(-) > > diff --git a/drivers/gpu/drm/nouveau/nouveau_perf.c > b/drivers/gpu/drm/nouveau/nouveau_perf.c > index f2d98c9..b0e995f 100644 > --- a/drivers/gpu/drm/nouveau/nouveau_perf.c > +++ b/drivers/gpu/drm/nouveau/nouveau_perf.c > @@ -225,6 +225,11 @@ nouveau_perf_init(struct drm_device *dev) > entries = perf[2]; > } > > + if (entries > NOUVEAU_PM_MAX_LEVEL) { > + NV_DEBUG(dev, "perf table has too many entries - buggy > vbios?\n"); > + entries = NOUVEAU_PM_MAX_LEVEL; > + } > + > entry = perf + headerlen; > for (i = 0; i < entries; i++) { > struct nouveau_pm_level *perflvl = &pm->perflvl[pm->nr_perflvl]; _______________________________________________ Nouveau mailing list [email protected] http://lists.freedesktop.org/mailman/listinfo/nouveau
