On Sun, Oct 21, 2012 at 12:53:15PM +0200, Lekensteyn wrote: > From: Peter Wu <lekenst...@gmail.com> > > Since commit "drm/nouveau/bios: attempt to fetch entire acpi rom image in one > shot", the ACPI spec is broken in order to gain speed. In theory, since the > _ROM method is supposed to return 4 KiB only, the returned buffer size could > be > less than the requested length. This could lead to reading past the buffer > boundaries which could make worse thing happen. To fix that, do not read more > than the buffer contains. As an extra side-effect, the function returns the > bytes that have really been read which is more natural. > > Signed-off-by: Peter Wu <lekenst...@gmail.com> > --- > drivers/gpu/drm/nouveau/nouveau_acpi.c | 1 + > 1 file changed, 1 insertion(+) > > diff --git a/drivers/gpu/drm/nouveau/nouveau_acpi.c > b/drivers/gpu/drm/nouveau/nouveau_acpi.c > index 48783e1..368e45c 100644 > --- a/drivers/gpu/drm/nouveau/nouveau_acpi.c > +++ b/drivers/gpu/drm/nouveau/nouveau_acpi.c > @@ -356,6 +356,7 @@ static int nouveau_rom_call(acpi_handle rom_handle, > uint8_t *bios, > return -ENODEV; > } > obj = (union acpi_object *)buffer.pointer; > + len = min(len, (int)obj->buffer.size); > memcpy(bios+offset, obj->buffer.pointer, len); > kfree(buffer.pointer); > return len; > --
BTW, _ROM method from https://lkml.org/lkml/2012/10/21/11 multiplies length by 8, so maybe we can read 32kB in one batch? Marcin _______________________________________________ Nouveau mailing list Nouveau@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/nouveau
