All of lore.kernel.org
 help / color / mirror / Atom feed
From: Emil Velikov <emil.l.velikov-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
To: nouveau-PD4FTy7X32lNgt0PjOBp9y5qC8QIuHrW@public.gmane.org
Subject: [PATCH 13/14] drm/nouveau/perf: Prevent buffer oveflow
Date: Mon, 21 May 2012 00:15:02 +0100	[thread overview]
Message-ID: <1337555703-18925-14-git-send-email-emil.l.velikov@gmail.com> (raw)
In-Reply-To: <1337555703-18925-1-git-send-email-emil.l.velikov-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>

If the vbios is corrupted it can indicate more performance entries than the
ones statically allocated, causing overwriting of kernel memory

Signed-off-by: Emil Velikov <emil.l.velikov-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
---
 drivers/gpu/drm/nouveau/nouveau_perf.c |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/gpu/drm/nouveau/nouveau_perf.c b/drivers/gpu/drm/nouveau/nouveau_perf.c
index af03fb4..36a9ae3 100644
--- a/drivers/gpu/drm/nouveau/nouveau_perf.c
+++ b/drivers/gpu/drm/nouveau/nouveau_perf.c
@@ -61,7 +61,7 @@ nouveau_perf_entry(struct nouveau_device *ndev, int idx,
 		   u8 *ver, u8 *hdr, u8 *cnt, u8 *len)
 {
 	u8 *perf = nouveau_perf_table(ndev, ver);
-	if (perf) {
+	if (perf && idx < NOUVEAU_PM_MAX_LEVEL) {
 		if (*ver >= 0x12 && *ver < 0x20 && idx < perf[2]) {
 			*hdr = perf[3];
 			*cnt = 0;
-- 
1.7.10.2

  parent reply	other threads:[~2012-05-20 23:15 UTC|newest]

Thread overview: 22+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2012-05-20 23:14 nouveau_subdev & misc patches Emil Velikov
     [not found] ` <1337555703-18925-1-git-send-email-emil.l.velikov-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
2012-05-20 23:14   ` [PATCH 01/14] drm/nouveau: Check dsm on switcheroo unregister Emil Velikov
2012-05-20 23:14   ` [PATCH 02/14] drm/nouveau: Unregister switcheroo client on exit Emil Velikov
2012-05-20 23:14   ` [PATCH 03/14] drm/nouveau/device: Simplify init, fini fuction Emil Velikov
     [not found]     ` <1337555703-18925-4-git-send-email-emil.l.velikov-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
2012-05-21  6:27       ` Ben Skeggs
2012-05-20 23:14   ` [PATCH 04/14] drm/nouveau: Remove non-relevant function prototypes Emil Velikov
2012-05-20 23:14   ` [PATCH 05/14] drm/nouveau/gpuobj: Do not handle gpuobj_init during fail path in gpuobj_fini Emil Velikov
2012-05-20 23:14   ` [PATCH 06/14] drm/nouveau/instmem: Do not handle instmem_init during fail path in instmem_fini Emil Velikov
2012-05-20 23:14   ` [PATCH 07/14] drm/nouveau/volt: Purge volt->get and volt->set checks Emil Velikov
2012-05-20 23:14   ` [PATCH 08/14] drm/nv50_bar: Remove duplicate assignments Emil Velikov
2012-05-20 23:14   ` [PATCH 09/14] drm/nv04_instmem: Remove duplicate assignment Emil Velikov
2012-05-20 23:14   ` [PATCH 10/14] drm/nv30_fb: Purge optional variable Emil Velikov
2012-05-20 23:15   ` [PATCH 11/14] drm/nv40/fb: Blend if statement within the switch Emil Velikov
2012-05-20 23:15   ` [PATCH 12/14] drm/nv10/fb: Prevent double memory allocation Emil Velikov
2012-05-20 23:15   ` Emil Velikov [this message]
2012-05-20 23:15   ` [PATCH 14/14] drm/nouveau/therm: Rework nouveau_therm_create() Emil Velikov
     [not found]     ` <1337555703-18925-15-git-send-email-emil.l.velikov-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
2012-05-21  6:30       ` Ben Skeggs
     [not found]         ` <20120521063032.GC10508-7ZJhIA9XobDzA+JJ9lL7d4GKTjYczspe@public.gmane.org>
2012-05-21  6:13           ` Emil Velikov
2012-05-21 11:47             ` Ben Skeggs
2012-05-21  6:36           ` Maarten Maathuis
     [not found]             ` <CAGZ4FEQOd3E=RwZ8-Rr9NdM+gUoFnjC8bid2FbCCn=z72gqECw-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2012-05-21  5:49               ` Emil Velikov
2012-05-21  6:25   ` nouveau_subdev & misc patches Ben Skeggs

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1337555703-18925-14-git-send-email-emil.l.velikov@gmail.com \
    --to=emil.l.velikov-re5jqeeqqe8avxtiumwx3w@public.gmane.org \
    --cc=nouveau-PD4FTy7X32lNgt0PjOBp9y5qC8QIuHrW@public.gmane.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.