drm/nouveau: fix size check for cards without vm
Op 24-07-13 17:55, Dan Carpenter schreef: > Hello Maarten Lankhorst, > > This is a semi-automatic email about new static checker warnings. > > The patch 0108bc808107: "drm/nouveau: do not allow negative sizes for > now" from Jul 7, 2013, leads to the following Smatch complaint: > > drivers/gpu/drm/nouveau/nouveau_bo.c:222 nouveau_bo_new() > warn: variable dereferenced before check 'drm->client.base.vm' (see line 201) > > drivers/gpu/drm/nouveau/nouveau_bo.c > 200 int type = ttm_bo_type_device; > 201 int max_size = INT_MAX & ~((1 << drm->client.base.vm->vmm->lpg_shift) - 1); > ^^^^^^^^^^^^^^^^^^^ > New dereference. > > 202 > 203 if (size <= 0 || size > max_size) { > 204 nv_warn(drm, "skipped size %x\n", (u32)size); > 205 return -EINVAL; > 206 } > 207 > 208 if (sg) > 209 type = ttm_bo_type_sg; > 210 > 211 nvbo = kzalloc(sizeof(struct nouveau_bo), GFP_KERNEL); > 212 if (!nvbo) > 213 return -ENOMEM; > 214 INIT_LIST_HEAD(&nvbo->head); > 215 INIT_LIST_HEAD(&nvbo->entry); > 216 INIT_LIST_HEAD(&nvbo->vma_list); > 217 nvbo->tile_mode = tile_mode; > 218 nvbo->tile_flags = tile_flags; > 219 nvbo->bo.bdev = &drm->ttm.bdev; > 220 > 221 nvbo->page_shift = 12; > 222 if (drm->client.base.vm) { > ^^^^^^^^^^^^^^^^^^^ > Old check. > > 223 if (!(flags & TTM_PL_FLAG_TT) && size > 256 * 1024) > 224 nvbo->page_shift = drm->client.base.vm->vmm->lpg_shift; > > regards, > dan carpenter 8<----- Commit 0108bc808107: "drm/nouveau: do not allow negative sizes for now" broke older nvidia gpu's that lack a vm. Add an explicit check to handle this. Reported-by: Dan Carpenter <dan.carpenter@oracle.com> Reported-by: konrad wilk <konrad.wilk@oracle.com> Signed-off-by: Maarten Lankhorst <maarten.lankhorst@canonical.com> Signed-off-by: Ben Skeggs <bskeggs@redhat.com>
This commit is contained in:
parent
9a7046d55f
commit
35095f7529
|
@ -198,7 +198,12 @@ nouveau_bo_new(struct drm_device *dev, int size, int align,
|
|||
size_t acc_size;
|
||||
int ret;
|
||||
int type = ttm_bo_type_device;
|
||||
int max_size = INT_MAX & ~((1 << drm->client.base.vm->vmm->lpg_shift) - 1);
|
||||
int lpg_shift = 12;
|
||||
int max_size;
|
||||
|
||||
if (drm->client.base.vm)
|
||||
lpg_shift = drm->client.base.vm->vmm->lpg_shift;
|
||||
max_size = INT_MAX & ~((1 << lpg_shift) - 1);
|
||||
|
||||
if (size <= 0 || size > max_size) {
|
||||
nv_warn(drm, "skipped size %x\n", (u32)size);
|
||||
|
|
Loading…
Reference in New Issue