On Thu, Apr 24, 2014 at 09:23:24PM +0530, Kumar, Shobhit wrote:
> On 4/19/2014 2:34 AM, Rodrigo Vivi wrote:
> >From: Chris Wilson <chris@xxxxxxxxxxxxxxxxxx>
> >
> >Make sure that the whole BDB section is within the MMIO region prior to
> >accessing it contents. That we don't read outside of the secion is left
> >up to the individual section parsers.
> >
> >Signed-off-by: Chris Wilson <chris@xxxxxxxxxxxxxxxxxx>
> >Signed-off-by: Rodrigo Vivi <rodrigo.vivi@xxxxxxxxx>
> >---
> > drivers/gpu/drm/i915/intel_bios.c | 8 +++++++-
> > 1 file changed, 7 insertions(+), 1 deletion(-)
> >
> >diff --git a/drivers/gpu/drm/i915/intel_bios.c b/drivers/gpu/drm/i915/intel_bios.c
> >index fc9e806..2945f57 100644
> >--- a/drivers/gpu/drm/i915/intel_bios.c
> >+++ b/drivers/gpu/drm/i915/intel_bios.c
> >@@ -49,13 +49,19 @@ find_section(struct bdb_header *bdb, int section_id)
> > total = bdb->bdb_size;
> >
> > /* walk the sections looking for section_id */
> >- while (index < total) {
> >+ while (index + 3 < total) {
> > current_id = *(base + index);
> > index++;
> >+
> > current_size = *((u16 *)(base + index));
> > index += 2;
> >+
> >+ if (index + current_size > total)
> >+ return NULL;
> >+
> > if (current_id == section_id)
> > return base + index;
> >+
> > index += current_size;
> > }
> >
>
> Reviewed-by: Shobhit Kumar <shobhit.kumar@xxxxxxxxx>
Queued for -next, thanks for the patch.
-Daniel
--
Daniel Vetter
Software Engineer, Intel Corporation
+41 (0) 79 365 57 48 - http://blog.ffwll.ch
_______________________________________________
Intel-gfx mailing list
Intel-gfx@xxxxxxxxxxxxxxxxxxxxx
http://lists.freedesktop.org/mailman/listinfo/intel-gfx
