This is a note to let you know that I've just added the patch titled
drm/radeon: fix possible segfault when parsing pm tables
to the 3.8-stable tree which can be found at:
http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary
The filename of the patch is:
drm-radeon-fix-possible-segfault-when-parsing-pm-tables.patch
and it can be found in the queue-3.8 subdirectory.
If you, or anyone else, feels it should not be added to the stable tree,
please let <[email protected]> know about it.
>From f8e6bfc2ce162855fa4f9822a45659f4b542c960 Mon Sep 17 00:00:00 2001
From: Alex Deucher <[email protected]>
Date: Thu, 25 Apr 2013 09:29:17 -0400
Subject: drm/radeon: fix possible segfault when parsing pm tables
From: Alex Deucher <[email protected]>
commit f8e6bfc2ce162855fa4f9822a45659f4b542c960 upstream.
If we have a empty power table, bail early and allocate
the default power state.
Should fix:
https://bugs.freedesktop.org/show_bug.cgi?id=63865
Signed-off-by: Alex Deucher <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
---
drivers/gpu/drm/radeon/radeon_atombios.c | 10 +++++++++-
1 file changed, 9 insertions(+), 1 deletion(-)
--- a/drivers/gpu/drm/radeon/radeon_atombios.c
+++ b/drivers/gpu/drm/radeon/radeon_atombios.c
@@ -2028,6 +2028,8 @@ static int radeon_atombios_parse_power_t
num_modes = power_info->info.ucNumOfPowerModeEntries;
if (num_modes > ATOM_MAX_NUMBEROF_POWER_BLOCK)
num_modes = ATOM_MAX_NUMBEROF_POWER_BLOCK;
+ if (num_modes == 0)
+ return state_index;
rdev->pm.power_state = kzalloc(sizeof(struct radeon_power_state) *
num_modes, GFP_KERNEL);
if (!rdev->pm.power_state)
return state_index;
@@ -2432,6 +2434,8 @@ static int radeon_atombios_parse_power_t
power_info = (union power_info *)(mode_info->atom_context->bios +
data_offset);
radeon_atombios_add_pplib_thermal_controller(rdev,
&power_info->pplib.sThermalController);
+ if (power_info->pplib.ucNumStates == 0)
+ return state_index;
rdev->pm.power_state = kzalloc(sizeof(struct radeon_power_state) *
power_info->pplib.ucNumStates,
GFP_KERNEL);
if (!rdev->pm.power_state)
@@ -2530,6 +2534,8 @@ static int radeon_atombios_parse_power_t
non_clock_info_array = (struct _NonClockInfoArray *)
(mode_info->atom_context->bios + data_offset +
le16_to_cpu(power_info->pplib.usNonClockInfoArrayOffset));
+ if (state_array->ucNumEntries == 0)
+ return state_index;
rdev->pm.power_state = kzalloc(sizeof(struct radeon_power_state) *
state_array->ucNumEntries, GFP_KERNEL);
if (!rdev->pm.power_state)
@@ -2620,7 +2626,9 @@ void radeon_atombios_get_power_modes(str
default:
break;
}
- } else {
+ }
+
+ if (state_index == 0) {
rdev->pm.power_state = kzalloc(sizeof(struct
radeon_power_state), GFP_KERNEL);
if (rdev->pm.power_state) {
rdev->pm.power_state[0].clock_info =
Patches currently in stable-queue which might be from [email protected]
are
queue-3.8/drm-radeon-fix-typo-in-rv515_mc_resume.patch
queue-3.8/drm-radeon-fix-possible-segfault-when-parsing-pm-tables.patch
queue-3.8/drm-radeon-disable-the-crtcs-in-mc_stop-r5xx-r7xx-v2.patch
queue-3.8/drm-radeon-fix-handling-of-v6-power-tables.patch
queue-3.8/drm-radeon-update-wait_for_vblank-for-evergreen.patch
queue-3.8/drm-radeon-fix-endian-bugs-in-atom_allocate_fb_scratch.patch
queue-3.8/drm-radeon-add-some-new-si-pci-ids.patch
queue-3.8/drm-radeon-dce6-add-missing-display-reg-for-tiling-setup.patch
queue-3.8/drm-radeon-fix-hdmi-mode-enable-on-rs600-rs690-rs740.patch
queue-3.8/drm-radeon-always-flush-the-vm.patch
queue-3.8/drm-radeon-don-t-use-get_engine_clock-on-apus.patch
queue-3.8/drm-radeon-add-new-richland-pci-ids.patch
queue-3.8/drm-radeon-update-wait_for_vblank-for-r5xx-r7xx.patch
queue-3.8/drm-radeon-properly-lock-disp-in-mc_stop-resume-for-r5xx-r7xx.patch
queue-3.8/drm-radeon-update-wait_for_vblank-for-r1xx-r4xx.patch
queue-3.8/drm-radeon-disable-the-crtcs-in-mc_stop-evergreen-v2.patch
queue-3.8/drm-radeon-use-frac-fb-div-on-rs780-rs880.patch
queue-3.8/drm-radeon-cleanup-properly-if-mmio-mapping-fails.patch
queue-3.8/drm-radeon-evergreen-don-t-enable-hpd-interrupts-on-edp-lvds.patch
queue-3.8/drm-radeon-fix-typo-in-si_select_se_sh.patch
queue-3.8/drm-radeon-properly-lock-disp-in-mc_stop-resume-for-evergreen.patch
--
To unsubscribe from this list: send the line "unsubscribe stable" in
the body of a message to [email protected]
More majordomo info at http://vger.kernel.org/majordomo-info.html
