Martin Peres
2014-Apr-03 20:12 UTC
[Nouveau] [PATCH] bios: fix a potential NULL deref in the PROM shadowing function
Reported-by: Dan Carpenter <dan.carpenter at oracle.com>
Signed-off-by: Martin Peres <martin.peres at free.fr>
---
nvkm/subdev/bios/base.c | 9 +++++----
1 file changed, 5 insertions(+), 4 deletions(-)
diff --git a/nvkm/subdev/bios/base.c b/nvkm/subdev/bios/base.c
index 3de7d81..5f8643d 100644
--- a/nvkm/subdev/bios/base.c
+++ b/nvkm/subdev/bios/base.c
@@ -183,10 +183,11 @@ nouveau_bios_shadow_prom(struct nouveau_bios *bios)
goto out;
bios->data = kmalloc(bios->size, GFP_KERNEL);
- if (bios->data) {
- for (i = 0; i < bios->size; i += 4)
- ((u32 *)bios->data)[i/4] = nv_rd32(bios, 0x300000 + i);
- }
+ if (!bios->data)
+ goto out;
+
+ for (i = 0; i < bios->size; i += 4)
+ ((u32 *)bios->data)[i/4] = nv_rd32(bios, 0x300000 + i);
/* check the PCI record header */
pcir = nv_ro16(bios, 0x0018);
--
1.9.1
Martin Peres
2014-May-27 09:15 UTC
[Nouveau] [PATCH] bios: fix a potential NULL deref in the PROM shadowing function
Le 03/04/2014 22:12, Martin Peres a ?crit :> Reported-by: Dan Carpenter <dan.carpenter at oracle.com> > Signed-off-by: Martin Peres <martin.peres at free.fr> > --- > nvkm/subdev/bios/base.c | 9 +++++---- > 1 file changed, 5 insertions(+), 4 deletions(-) > > diff --git a/nvkm/subdev/bios/base.c b/nvkm/subdev/bios/base.c > index 3de7d81..5f8643d 100644 > --- a/nvkm/subdev/bios/base.c > +++ b/nvkm/subdev/bios/base.c > @@ -183,10 +183,11 @@ nouveau_bios_shadow_prom(struct nouveau_bios *bios) > goto out; > > bios->data = kmalloc(bios->size, GFP_KERNEL); > - if (bios->data) { > - for (i = 0; i < bios->size; i += 4) > - ((u32 *)bios->data)[i/4] = nv_rd32(bios, 0x300000 + i); > - } > + if (!bios->data) > + goto out; > + > + for (i = 0; i < bios->size; i += 4) > + ((u32 *)bios->data)[i/4] = nv_rd32(bios, 0x300000 + i); > > /* check the PCI record header */ > pcir = nv_ro16(bios, 0x0018); >This patch never got reviewed or pushed. It should also be sent as a fix for the next 3.15 rc, if possible.
Ben Skeggs
2014-May-29 23:39 UTC
[Nouveau] [PATCH] bios: fix a potential NULL deref in the PROM shadowing function
On Tue, May 27, 2014 at 7:15 PM, Martin Peres <martin.peres at free.fr> wrote:> Le 03/04/2014 22:12, Martin Peres a ?crit : > >> Reported-by: Dan Carpenter <dan.carpenter at oracle.com> >> Signed-off-by: Martin Peres <martin.peres at free.fr> >> --- >> nvkm/subdev/bios/base.c | 9 +++++---- >> 1 file changed, 5 insertions(+), 4 deletions(-) >> >> diff --git a/nvkm/subdev/bios/base.c b/nvkm/subdev/bios/base.c >> index 3de7d81..5f8643d 100644 >> --- a/nvkm/subdev/bios/base.c >> +++ b/nvkm/subdev/bios/base.c >> @@ -183,10 +183,11 @@ nouveau_bios_shadow_prom(struct nouveau_bios *bios) >> goto out; >> >> bios->data = kmalloc(bios->size, GFP_KERNEL); >> - if (bios->data) { >> - for (i = 0; i < bios->size; i += 4) >> - ((u32 *)bios->data)[i/4] = nv_rd32(bios, 0x300000 >> + i); >> - } >> + if (!bios->data) >> + goto out; >> + >> + for (i = 0; i < bios->size; i += 4) >> + ((u32 *)bios->data)[i/4] = nv_rd32(bios, 0x300000 + i); >> >> /* check the PCI record header */ >> pcir = nv_ro16(bios, 0x0018); >> > > This patch never got reviewed or pushed. It should also be sent as a fix for > the next 3.15 rc, if possible.Apologies, this was indeed overlooked. I've merged it. Thanks.> > _______________________________________________ > Nouveau mailing list > Nouveau at lists.freedesktop.org > http://lists.freedesktop.org/mailman/listinfo/nouveau
Reasonably Related Threads
- [PATCH] bios: fix a potential NULL deref in the PROM shadowing function
- [PATCH] bios: fix a potential NULL deref in the PROM shadowing function
- [PATCH 4/4] vbios/prom: fetch the vbios using only aligned 32-bit accesses
- [PATCH 4/4] vbios/prom: fetch the vbios using only aligned 32-bit accesses
- [PATCH 1/4] pm/fan: drop the fan lock in fan_update() before rescheduling