All of lore.kernel.org
 help / color / mirror / Atom feed
* [PATCH] drm/nv50/fb: Fix nullptr-deref on IGPs
@ 2013-01-09  2:40 Roy Spliet
       [not found] ` <1357699233-29046-1-git-send-email-r.spliet-oe7qfRrRQfeEZXFvZSAUrfP6llvjuJOh@public.gmane.org>
  0 siblings, 1 reply; 4+ messages in thread
From: Roy Spliet @ 2013-01-09  2:40 UTC (permalink / raw)
  To: Nouveau devlist; +Cc: Ben Skeggs, Roy Spliet

When COMP_MAX_TAG == 0, the tags mm was uninitialised. Fixed by initialising with zero length.

v2: Fix style error

Signed-off-by: Roy Spliet <r.spliet-oe7qfRrRQfeEZXFvZSAUrfP6llvjuJOh@public.gmane.org>
Tested-by: Roy Spliet <r.spliet-oe7qfRrRQfeEZXFvZSAUrfP6llvjuJOh@public.gmane.org>
---
 drivers/gpu/drm/nouveau/core/subdev/fb/base.c | 9 +++++++--
 drivers/gpu/drm/nouveau/core/subdev/fb/nv50.c | 5 +++--
 2 files changed, 10 insertions(+), 4 deletions(-)

diff --git a/drivers/gpu/drm/nouveau/core/subdev/fb/base.c b/drivers/gpu/drm/nouveau/core/subdev/fb/base.c
index d6d1600..e1b5773 100644
--- a/drivers/gpu/drm/nouveau/core/subdev/fb/base.c
+++ b/drivers/gpu/drm/nouveau/core/subdev/fb/base.c
@@ -86,8 +86,13 @@ nouveau_fb_preinit(struct nouveau_fb *pfb)
 			return ret;
 	}
 
-	if (!nouveau_mm_initialised(&pfb->tags) && tags) {
-		ret = nouveau_mm_init(&pfb->tags, 0, ++tags, 1);
+	if (!nouveau_mm_initialised(&pfb->tags)) {
+		if(tags) {
+			ret = nouveau_mm_init(&pfb->tags, 0, ++tags, 1);
+		} else {
+			ret = nouveau_mm_init(&pfb->tags, 0, 0, 1);
+		}
+
 		if (ret)
 			return ret;
 	}
diff --git a/drivers/gpu/drm/nouveau/core/subdev/fb/nv50.c b/drivers/gpu/drm/nouveau/core/subdev/fb/nv50.c
index a4338d9..0772ec9 100644
--- a/drivers/gpu/drm/nouveau/core/subdev/fb/nv50.c
+++ b/drivers/gpu/drm/nouveau/core/subdev/fb/nv50.c
@@ -101,7 +101,7 @@ nv50_fb_vram_init(struct nouveau_fb *pfb)
 	struct nouveau_bios *bios = nouveau_bios(device);
 	const u32 rsvd_head = ( 256 * 1024) >> 12; /* vga memory */
 	const u32 rsvd_tail = (1024 * 1024) >> 12; /* vbios etc */
-	u32 size;
+	u32 size, tags = 0;
 	int ret;
 
 	pfb->ram.size = nv_rd32(pfb, 0x10020c);
@@ -142,10 +142,11 @@ nv50_fb_vram_init(struct nouveau_fb *pfb)
 			return ret;
 
 		pfb->ram.ranks = (nv_rd32(pfb, 0x100200) & 0x4) ? 2 : 1;
+		tags = nv_rd32(pfb, 0x100320);
 		break;
 	}
 
-	return nv_rd32(pfb, 0x100320);
+	return tags;
 }
 
 static int
-- 
1.8.0.1

^ permalink raw reply related	[flat|nested] 4+ messages in thread
* [PATCH] drm/nv50/fb: Fix nullptr-deref on IGPs
@ 2013-01-09  2:36 Roy Spliet
  0 siblings, 0 replies; 4+ messages in thread
From: Roy Spliet @ 2013-01-09  2:36 UTC (permalink / raw)
  To: Nouveau devlist; +Cc: Ben Skeggs, Roy Spliet

When COMP_MAX_TAG == 0, the tags mm was uninitialised. Fixed by initialising with zero length.

Signed-off-by: Roy Spliet <r.spliet-oe7qfRrRQfeEZXFvZSAUrfP6llvjuJOh@public.gmane.org>
Tested-by: Roy Spliet <r.spliet-oe7qfRrRQfeEZXFvZSAUrfP6llvjuJOh@public.gmane.org>
---
 drivers/gpu/drm/nouveau/core/subdev/fb/base.c | 11 ++++++++---
 drivers/gpu/drm/nouveau/core/subdev/fb/nv50.c |  5 +++--
 2 files changed, 11 insertions(+), 5 deletions(-)

diff --git a/drivers/gpu/drm/nouveau/core/subdev/fb/base.c b/drivers/gpu/drm/nouveau/core/subdev/fb/base.c
index d6d1600..695dde8 100644
--- a/drivers/gpu/drm/nouveau/core/subdev/fb/base.c
+++ b/drivers/gpu/drm/nouveau/core/subdev/fb/base.c
@@ -86,10 +86,15 @@ nouveau_fb_preinit(struct nouveau_fb *pfb)
 			return ret;
 	}
 
-	if (!nouveau_mm_initialised(&pfb->tags) && tags) {
-		ret = nouveau_mm_init(&pfb->tags, 0, ++tags, 1);
+	if (!nouveau_mm_initialised(&pfb->tags)) {
+		if(tags) {
+			ret = nouveau_mm_init(&pfb->tags, 0, ++tags, 1);
+		} else {
+			ret = nouveau_mm_init(&pfb->tags, 0, 0, 1);
+		}
+
 		if (ret)
-			return ret;
+					return ret;
 	}
 
 	nv_info(pfb, "RAM type: %s\n", name[pfb->ram.type]);
diff --git a/drivers/gpu/drm/nouveau/core/subdev/fb/nv50.c b/drivers/gpu/drm/nouveau/core/subdev/fb/nv50.c
index a4338d9..0772ec9 100644
--- a/drivers/gpu/drm/nouveau/core/subdev/fb/nv50.c
+++ b/drivers/gpu/drm/nouveau/core/subdev/fb/nv50.c
@@ -101,7 +101,7 @@ nv50_fb_vram_init(struct nouveau_fb *pfb)
 	struct nouveau_bios *bios = nouveau_bios(device);
 	const u32 rsvd_head = ( 256 * 1024) >> 12; /* vga memory */
 	const u32 rsvd_tail = (1024 * 1024) >> 12; /* vbios etc */
-	u32 size;
+	u32 size, tags = 0;
 	int ret;
 
 	pfb->ram.size = nv_rd32(pfb, 0x10020c);
@@ -142,10 +142,11 @@ nv50_fb_vram_init(struct nouveau_fb *pfb)
 			return ret;
 
 		pfb->ram.ranks = (nv_rd32(pfb, 0x100200) & 0x4) ? 2 : 1;
+		tags = nv_rd32(pfb, 0x100320);
 		break;
 	}
 
-	return nv_rd32(pfb, 0x100320);
+	return tags;
 }
 
 static int
-- 
1.8.0.1

^ permalink raw reply related	[flat|nested] 4+ messages in thread
end of thread, other threads:[~2013-01-09 10:49 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2013-01-09  2:40 [PATCH] drm/nv50/fb: Fix nullptr-deref on IGPs Roy Spliet
     [not found] ` <1357699233-29046-1-git-send-email-r.spliet-oe7qfRrRQfeEZXFvZSAUrfP6llvjuJOh@public.gmane.org>
2013-01-09  5:46   ` Emil Velikov
     [not found]     ` <50ED0440.5060609-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
2013-01-09 10:49       ` Roy Spliet
  -- strict thread matches above, loose matches on Subject: below --
2013-01-09  2:36 Roy Spliet

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.