Commit cb5ed37f authored by Evan Quan's avatar Evan Quan Committed by Alex Deucher

drm/amdgpu: fix parsing indirect register list v2

WARN_ON possible buffer overflow and avoid unnecessary dereference.

v2: change BUG_ON to WARN_ON
Signed-off-by: default avatarEvan Quan <evan.quan@amd.com>
Reviewed-by: default avatarHuang Rui <ray.huang@amd.com>
Signed-off-by: default avatarAlex Deucher <alexander.deucher@amd.com>
parent b0f6b809
...@@ -1838,13 +1838,15 @@ static void gfx_v9_1_parse_ind_reg_list(int *register_list_format, ...@@ -1838,13 +1838,15 @@ static void gfx_v9_1_parse_ind_reg_list(int *register_list_format,
int indirect_offset, int indirect_offset,
int list_size, int list_size,
int *unique_indirect_regs, int *unique_indirect_regs,
int *unique_indirect_reg_count, int unique_indirect_reg_count,
int *indirect_start_offsets, int *indirect_start_offsets,
int *indirect_start_offsets_count) int *indirect_start_offsets_count,
int max_start_offsets_count)
{ {
int idx; int idx;
for (; indirect_offset < list_size; indirect_offset++) { for (; indirect_offset < list_size; indirect_offset++) {
WARN_ON(*indirect_start_offsets_count >= max_start_offsets_count);
indirect_start_offsets[*indirect_start_offsets_count] = indirect_offset; indirect_start_offsets[*indirect_start_offsets_count] = indirect_offset;
*indirect_start_offsets_count = *indirect_start_offsets_count + 1; *indirect_start_offsets_count = *indirect_start_offsets_count + 1;
...@@ -1852,14 +1854,14 @@ static void gfx_v9_1_parse_ind_reg_list(int *register_list_format, ...@@ -1852,14 +1854,14 @@ static void gfx_v9_1_parse_ind_reg_list(int *register_list_format,
indirect_offset += 2; indirect_offset += 2;
/* look for the matching indice */ /* look for the matching indice */
for (idx = 0; idx < *unique_indirect_reg_count; idx++) { for (idx = 0; idx < unique_indirect_reg_count; idx++) {
if (unique_indirect_regs[idx] == if (unique_indirect_regs[idx] ==
register_list_format[indirect_offset] || register_list_format[indirect_offset] ||
!unique_indirect_regs[idx]) !unique_indirect_regs[idx])
break; break;
} }
BUG_ON(idx >= *unique_indirect_reg_count); BUG_ON(idx >= unique_indirect_reg_count);
if (!unique_indirect_regs[idx]) if (!unique_indirect_regs[idx])
unique_indirect_regs[idx] = register_list_format[indirect_offset]; unique_indirect_regs[idx] = register_list_format[indirect_offset];
...@@ -1894,9 +1896,10 @@ static int gfx_v9_1_init_rlc_save_restore_list(struct amdgpu_device *adev) ...@@ -1894,9 +1896,10 @@ static int gfx_v9_1_init_rlc_save_restore_list(struct amdgpu_device *adev)
adev->gfx.rlc.reg_list_format_direct_reg_list_length, adev->gfx.rlc.reg_list_format_direct_reg_list_length,
adev->gfx.rlc.reg_list_format_size_bytes >> 2, adev->gfx.rlc.reg_list_format_size_bytes >> 2,
unique_indirect_regs, unique_indirect_regs,
&unique_indirect_reg_count, unique_indirect_reg_count,
indirect_start_offsets, indirect_start_offsets,
&indirect_start_offsets_count); &indirect_start_offsets_count,
ARRAY_SIZE(indirect_start_offsets));
/* enable auto inc in case it is disabled */ /* enable auto inc in case it is disabled */
tmp = RREG32(SOC15_REG_OFFSET(GC, 0, mmRLC_SRM_CNTL)); tmp = RREG32(SOC15_REG_OFFSET(GC, 0, mmRLC_SRM_CNTL));
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment