drm/radeon: fix handling of v6 power tables
Alex Deucher [Wed, 1 May 2013 18:34:54 +0000 (14:34 -0400)]
commit 441e76ca83ac604eaf0f046def96d8e3a27eea28 upstream.

The code was mis-handling variable sized arrays.

Reported-by: Sylvain BERTRAND <sylware@legeek.net>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

drivers/gpu/drm/radeon/radeon_atombios.c

index 78d584e..38d87e1 100644 (file)
@@ -2482,6 +2482,7 @@ static int radeon_atombios_parse_power_table_6(struct radeon_device *rdev)
        int index = GetIndexIntoMasterTable(DATA, PowerPlayInfo);
         u16 data_offset;
        u8 frev, crev;
+       u8 *power_state_offset;
 
        if (!atom_parse_data_header(mode_info->atom_context, index, NULL,
                                   &frev, &crev, &data_offset))
@@ -2504,11 +2505,11 @@ static int radeon_atombios_parse_power_table_6(struct radeon_device *rdev)
                                       state_array->ucNumEntries, GFP_KERNEL);
        if (!rdev->pm.power_state)
                return state_index;
+       power_state_offset = (u8 *)state_array->states;
        for (i = 0; i < state_array->ucNumEntries; i++) {
                mode_index = 0;
-               power_state = (union pplib_power_state *)&state_array->states[i];
-               /* XXX this might be an inagua bug... */
-               non_clock_array_index = i; /* power_state->v2.nonClockInfoIndex */
+               power_state = (union pplib_power_state *)power_state_offset;
+               non_clock_array_index = power_state->v2.nonClockInfoIndex;
                non_clock_info = (struct _ATOM_PPLIB_NONCLOCK_INFO *)
                        &non_clock_info_array->nonClockInfo[non_clock_array_index];
                rdev->pm.power_state[i].clock_info = kzalloc(sizeof(struct radeon_pm_clock_info) *
@@ -2520,9 +2521,6 @@ static int radeon_atombios_parse_power_table_6(struct radeon_device *rdev)
                if (power_state->v2.ucNumDPMLevels) {
                        for (j = 0; j < power_state->v2.ucNumDPMLevels; j++) {
                                clock_array_index = power_state->v2.clockInfoIndex[j];
-                               /* XXX this might be an inagua bug... */
-                               if (clock_array_index >= clock_info_array->ucNumEntries)
-                                       continue;
                                clock_info = (union pplib_clock_info *)
                                        &clock_info_array->clockInfo[clock_array_index * clock_info_array->ucEntrySize];
                                valid = radeon_atombios_parse_pplib_clock_info(rdev,
@@ -2544,6 +2542,7 @@ static int radeon_atombios_parse_power_table_6(struct radeon_device *rdev)
                                                                   non_clock_info);
                        state_index++;
                }
+               power_state_offset += 2 + power_state->v2.ucNumDPMLevels;
        }
        /* if multiple clock modes, mark the lowest as no display */
        for (i = 0; i < state_index; i++) {