We use the number_instance index that we get from the fw discovery blob
to index into an array for example.
Signed-off-by: Ernst Sjöstrand <ernstp@xxxxxxxxx>
---
drivers/gpu/drm/amd/amdgpu/amdgpu_discovery.c | 19 +++++++++++++++++++
1 file changed, 19 insertions(+)
diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_discovery.c b/drivers/gpu/drm/amd/amdgpu/amdgpu_discovery.c
index ada7bc19118a..b3fc46ba8144 100644
--- a/drivers/gpu/drm/amd/amdgpu/amdgpu_discovery.c
+++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_discovery.c
@@ -245,6 +245,20 @@ void amdgpu_discovery_fini(struct amdgpu_device *adev)
adev->mman.discovery_bin = NULL;
}
+static int amdgpu_discovery_validate_ip(const struct ip *ip)
+{
+ if (ip->number_instance >= HWIP_MAX_INSTANCE) {
+ DRM_ERROR("Unexpected number_instance from ip discovery blob\n");
+ return -EINVAL;
+ }
+ if (le16_to_cpu(ip->hw_id) >= HW_ID_MAX) {
+ DRM_ERROR("Unexpected hw_id from ip discovery blob\n");
+ return -EINVAL;
+ }
+
+ return 0;
+}
+
int amdgpu_discovery_reg_base_init(struct amdgpu_device *adev)
{
struct binary_header *bhdr;
@@ -290,6 +304,10 @@ int amdgpu_discovery_reg_base_init(struct amdgpu_device *adev)
for (j = 0; j < num_ips; j++) {
ip = (struct ip *)(adev->mman.discovery_bin + ip_offset);
+
+ if (amdgpu_discovery_validate_ip(ip))
+ goto next_ip;
+
num_base_address = ip->num_base_address;
DRM_DEBUG("%s(%d) #%d v%d.%d.%d:\n",
@@ -321,6 +339,7 @@ int amdgpu_discovery_reg_base_init(struct amdgpu_device *adev)
}
+next_ip:
ip_offset += sizeof(*ip) + 4 * (ip->num_base_address - 1);
}
}
--
2.30.2
