[PATCH] drm/nouveau/bios: use size provided by

All of lore.kernel.org
 help / color / mirror / Atom feed

* [PATCH] drm/nouveau/bios: use size provided by _ROM method
@ 2012-10-21 10:53 Lekensteyn
  2012-10-21 12:20 ` Marcin Slusarz
  0 siblings, 1 reply; 3+ messages in thread
From: Lekensteyn @ 2012-10-21 10:53 UTC (permalink / raw)
  To: nouveau-PD4FTy7X32lNgt0PjOBp9y5qC8QIuHrW, Ben Skeggs

From: Peter Wu <lekensteyn-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>

Since commit "drm/nouveau/bios: attempt to fetch entire acpi rom image in one
shot", the ACPI spec is broken in order to gain speed. In theory, since the
_ROM method is supposed to return 4 KiB only, the returned buffer size could be
less than the requested length. This could lead to reading past the buffer
boundaries which could make worse thing happen. To fix that, do not read more
than the buffer contains. As an extra side-effect, the function returns the
bytes that have really been read which is more natural.

Signed-off-by: Peter Wu <lekensteyn-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
---
 drivers/gpu/drm/nouveau/nouveau_acpi.c |    1 +
 1 file changed, 1 insertion(+)

diff --git a/drivers/gpu/drm/nouveau/nouveau_acpi.c b/drivers/gpu/drm/nouveau/nouveau_acpi.c
index 48783e1..368e45c 100644
--- a/drivers/gpu/drm/nouveau/nouveau_acpi.c
+++ b/drivers/gpu/drm/nouveau/nouveau_acpi.c
@@ -356,6 +356,7 @@ static int nouveau_rom_call(acpi_handle rom_handle, uint8_t *bios,
 		return -ENODEV;
 	}
 	obj = (union acpi_object *)buffer.pointer;
+	len = min(len, (int)obj->buffer.size);
 	memcpy(bios+offset, obj->buffer.pointer, len);
 	kfree(buffer.pointer);
 	return len;
-- 
1.7.9.5

^ permalink raw reply related	[flat|nested] 3+ messages in thread

* Re: [PATCH] drm/nouveau/bios: use size provided by _ROM method
  2012-10-21 10:53 [PATCH] drm/nouveau/bios: use size provided by _ROM method Lekensteyn
@ 2012-10-21 12:20 ` Marcin Slusarz
       [not found]   ` <20121021122005.GB22587-OI9uyE9O0yo@public.gmane.org>
  0 siblings, 1 reply; 3+ messages in thread
From: Marcin Slusarz @ 2012-10-21 12:20 UTC (permalink / raw)
  To: Lekensteyn; +Cc: nouveau-PD4FTy7X32lNgt0PjOBp9y5qC8QIuHrW, Ben Skeggs

On Sun, Oct 21, 2012 at 12:53:15PM +0200, Lekensteyn wrote:
> From: Peter Wu <lekensteyn-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
> 
> Since commit "drm/nouveau/bios: attempt to fetch entire acpi rom image in one
> shot", the ACPI spec is broken in order to gain speed. In theory, since the
> _ROM method is supposed to return 4 KiB only, the returned buffer size could be
> less than the requested length. This could lead to reading past the buffer
> boundaries which could make worse thing happen. To fix that, do not read more
> than the buffer contains. As an extra side-effect, the function returns the
> bytes that have really been read which is more natural.
> 
> Signed-off-by: Peter Wu <lekensteyn-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
> ---
>  drivers/gpu/drm/nouveau/nouveau_acpi.c |    1 +
>  1 file changed, 1 insertion(+)
> 
> diff --git a/drivers/gpu/drm/nouveau/nouveau_acpi.c b/drivers/gpu/drm/nouveau/nouveau_acpi.c
> index 48783e1..368e45c 100644
> --- a/drivers/gpu/drm/nouveau/nouveau_acpi.c
> +++ b/drivers/gpu/drm/nouveau/nouveau_acpi.c
> @@ -356,6 +356,7 @@ static int nouveau_rom_call(acpi_handle rom_handle, uint8_t *bios,
>  		return -ENODEV;
>  	}
>  	obj = (union acpi_object *)buffer.pointer;
> +	len = min(len, (int)obj->buffer.size);
>  	memcpy(bios+offset, obj->buffer.pointer, len);
>  	kfree(buffer.pointer);
>  	return len;
> -- 

BTW, _ROM method from https://lkml.org/lkml/2012/10/21/11 multiplies length
by 8, so maybe we can read 32kB in one batch?

Marcin

^ permalink raw reply	[flat|nested] 3+ messages in thread

[parent not found: <20121021122005.GB22587-OI9uyE9O0yo@public.gmane.org>]

* Re: [PATCH] drm/nouveau/bios: use size provided by _ROM method
       [not found]   ` <20121021122005.GB22587-OI9uyE9O0yo@public.gmane.org>
@ 2012-10-21 12:53     ` Lekensteyn
  0 siblings, 0 replies; 3+ messages in thread
From: Lekensteyn @ 2012-10-21 12:53 UTC (permalink / raw)
  To: Marcin Slusarz; +Cc: nouveau-PD4FTy7X32lNgt0PjOBp9y5qC8QIuHrW, Ben Skeggs

On Sunday 21 October 2012 14:20:05 Marcin Slusarz wrote:
> BTW, _ROM method from https://lkml.org/lkml/2012/10/21/11 multiplies length
> by 8, so maybe we can read 32kB in one batch?
> 
> Marcin

That holds for that specific model, but it is not standard (in ACPI). Ben 
Skeggs has a laptop (Lenovo?) W530 that allows you to read the whole VBIOS in 
one call (that means chunk size > 4KiB), but there is another machine where 
this does not work (https://bugs.freedesktop.org/show_bug.cgi?id=55948). That 
machine allows you to read lengths of 4 KiB only (the buffer size is hard-coded 
to 4096, the upper bound of the returned size).

I'd say, stick to 4 KiB for the first read, then try to read the remaining 
VBIOS in one shot and finally fallback to reading in chunks of min(4096, bios-
>size - i). That should give a count of least 512 bytes. On my machine the 
length is 0x7d which translates to exactly 64 KB (not KiB).

After your patch in https://lkml.org/lkml/2012/10/20/150, "drm/nouveau/bios: 
attempt to fetch entire acpi rom image in one shot" could be improved to only 
read the unknown VBIOS:
 /* disobey the acpi spec - much faster on at least w530 ... */
- ret = nouveau_acpi_get_bios_chunk(bios->data, 0, bios->size);
+ ret = nouveau_acpi_get_bios_chunk(bios->data, 4096, bios->size - 4096);

Peter

^ permalink raw reply	[flat|nested] 3+ messages in thread

end of thread, other threads:[~2012-10-21 12:53 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2012-10-21 10:53 [PATCH] drm/nouveau/bios: use size provided by _ROM method Lekensteyn
2012-10-21 12:20 ` Marcin Slusarz
     [not found]   ` <20121021122005.GB22587-OI9uyE9O0yo@public.gmane.org>
2012-10-21 12:53     ` Lekensteyn

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.