diff options
| author | Chris Wilson | 2014-04-18 23:04:23 +0200 |
|---|---|---|
| committer | Daniel Vetter | 2014-05-05 09:08:58 +0200 |
| commit | d1f13fd261f4490b3b69c1da87711fd3813c2a9f (patch) | |
| tree | c75ef06becb199d9aeaada1c3bd7b27c43fe64fb | |
| parent | drm/i915: get a runtime PM ref for the deferred GT powersave enabling (diff) | |
| download | kernel-qcow2-linux-d1f13fd261f4490b3b69c1da87711fd3813c2a9f.tar.gz kernel-qcow2-linux-d1f13fd261f4490b3b69c1da87711fd3813c2a9f.tar.xz kernel-qcow2-linux-d1f13fd261f4490b3b69c1da87711fd3813c2a9f.zip | |
drm/i915: Validate BDB section before reading
Make sure that the whole BDB section is within the MMIO region prior to
accessing it contents. That we don't read outside of the secion is left
up to the individual section parsers.
Signed-off-by: Chris Wilson <chris@chris-wilson.co.uk>
Signed-off-by: Rodrigo Vivi <rodrigo.vivi@gmail.com>
Reviewed-by: Shobhit Kumar <shobhit.kumar@intel.com>
Signed-off-by: Daniel Vetter <daniel.vetter@ffwll.ch>
| -rw-r--r-- | drivers/gpu/drm/i915/intel_bios.c | 8 |
1 files changed, 7 insertions, 1 deletions
diff --git a/drivers/gpu/drm/i915/intel_bios.c b/drivers/gpu/drm/i915/intel_bios.c index fba9efd09e87..148d8a786c8c 100644 --- a/drivers/gpu/drm/i915/intel_bios.c +++ b/drivers/gpu/drm/i915/intel_bios.c @@ -49,13 +49,19 @@ find_section(struct bdb_header *bdb, int section_id) total = bdb->bdb_size; /* walk the sections looking for section_id */ - while (index < total) { + while (index + 3 < total) { current_id = *(base + index); index++; + current_size = *((u16 *)(base + index)); index += 2; + + if (index + current_size > total) + return NULL; + if (current_id == section_id) return base + index; + index += current_size; } |