drm/nouveau/bios/bitP: check that table is long enough for optional pointers

author Ben Skeggs <bskeggs@redhat.com>

Mon, 10 Apr 2017 22:25:22 +0000 (08:25 +1000)

committer Ben Skeggs <bskeggs@redhat.com>

Sat, 29 Apr 2017 12:39:23 +0000 (22:39 +1000)
author Ben Skeggs <bskeggs@redhat.com>
Mon, 10 Apr 2017 22:25:22 +0000 (08:25 +1000)
committer Ben Skeggs <bskeggs@redhat.com>
Sat, 29 Apr 2017 12:39:23 +0000 (22:39 +1000)
diff --git a/drivers/gpu/drm/nouveau/nvkm/subdev/bios/boost.c b/drivers/gpu/drm/nouveau/nvkm/subdev/bios/boost.c

index eaf74eb..8ab896d 100644 (file)
--- a/drivers/gpu/drm/nouveau/nvkm/subdev/bios/boost.c
+++ b/drivers/gpu/drm/nouveau/nvkm/subdev/bios/boost.c
@@ -33,7 +33,7 @@ nvbios_boostTe(struct nvkm_bios *bios,
         u32 boost = 0;
  
         if (!bit_entry(bios, 'P', &bit_P)) {
-               if (bit_P.version == 2)
+               if (bit_P.version == 2 && bit_P.length >= 0x34)
                         boost = nvbios_rd32(bios, bit_P.offset + 0x30);
  
                 if (boost) {
diff --git a/drivers/gpu/drm/nouveau/nvkm/subdev/bios/cstep.c b/drivers/gpu/drm/nouveau/nvkm/subdev/bios/cstep.c

index 5063382..7c8c360 100644 (file)
--- a/drivers/gpu/drm/nouveau/nvkm/subdev/bios/cstep.c
+++ b/drivers/gpu/drm/nouveau/nvkm/subdev/bios/cstep.c
@@ -33,7 +33,7 @@ nvbios_cstepTe(struct nvkm_bios *bios,
         u32 cstep = 0;
  
         if (!bit_entry(bios, 'P', &bit_P)) {
-               if (bit_P.version == 2)
+               if (bit_P.version == 2 && bit_P.length >= 0x38)
                         cstep = nvbios_rd32(bios, bit_P.offset + 0x34);
  
                 if (cstep) {
diff --git a/drivers/gpu/drm/nouveau/nvkm/subdev/bios/fan.c b/drivers/gpu/drm/nouveau/nvkm/subdev/bios/fan.c

index 456f9ea..0dfb15a 100644 (file)
--- a/drivers/gpu/drm/nouveau/nvkm/subdev/bios/fan.c
+++ b/drivers/gpu/drm/nouveau/nvkm/subdev/bios/fan.c
@@ -32,7 +32,7 @@ nvbios_fan_table(struct nvkm_bios *bios, u8 *ver, u8 *hdr, u8 *cnt, u8 *len)
         u32 fan = 0;
  
         if (!bit_entry(bios, 'P', &bit_P)) {
-               if (bit_P.version == 2 && bit_P.length >= 0x5a)
+               if (bit_P.version == 2 && bit_P.length >= 0x5c)
                         fan = nvbios_rd32(bios, bit_P.offset + 0x58);
  
                 if (fan) {
diff --git a/drivers/gpu/drm/nouveau/nvkm/subdev/bios/power_budget.c b/drivers/gpu/drm/nouveau/nvkm/subdev/bios/power_budget.c

index 617bfff..03d2f97 100644 (file)
--- a/drivers/gpu/drm/nouveau/nvkm/subdev/bios/power_budget.c
+++ b/drivers/gpu/drm/nouveau/nvkm/subdev/bios/power_budget.c
@@ -33,7 +33,7 @@ nvbios_power_budget_table(struct nvkm_bios *bios, u8 *ver, u8 *hdr, u8 *cnt,
         u32 power_budget;
  
         if (bit_entry(bios, 'P', &bit_P) || bit_P.version != 2 ||
-           bit_P.length < 0x2c)
+           bit_P.length < 0x30)
                 return 0;
  
         power_budget = nvbios_rd32(bios, bit_P.offset + 0x2c);
diff --git a/drivers/gpu/drm/nouveau/nvkm/subdev/bios/vpstate.c b/drivers/gpu/drm/nouveau/nvkm/subdev/bios/vpstate.c

index f199270..20b6fc8 100644 (file)
--- a/drivers/gpu/drm/nouveau/nvkm/subdev/bios/vpstate.c
+++ b/drivers/gpu/drm/nouveau/nvkm/subdev/bios/vpstate.c
@@ -31,7 +31,7 @@ nvbios_vpstate_offset(struct nvkm_bios *b)
         struct bit_entry bit_P;
  
         if (!bit_entry(b, 'P', &bit_P)) {
-               if (bit_P.version == 2)
+               if (bit_P.version == 2 && bit_P.length >= 0x3c)
                         return nvbios_rd32(b, bit_P.offset + 0x38);
         }
author	Ben Skeggs <bskeggs@redhat.com>
	Mon, 10 Apr 2017 22:25:22 +0000 (08:25 +1000)
committer	Ben Skeggs <bskeggs@redhat.com>
	Sat, 29 Apr 2017 12:39:23 +0000 (22:39 +1000)
drivers/gpu/drm/nouveau/nvkm/subdev/bios/boost.c		patch \| blob \| history
drivers/gpu/drm/nouveau/nvkm/subdev/bios/cstep.c		patch \| blob \| history
drivers/gpu/drm/nouveau/nvkm/subdev/bios/fan.c		patch \| blob \| history
drivers/gpu/drm/nouveau/nvkm/subdev/bios/power_budget.c		patch \| blob \| history
drivers/gpu/drm/nouveau/nvkm/subdev/bios/vpstate.c		patch \| blob \| history