mirrors/linux-stable
1
0
Fork 0
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git synced 2024-10-14 12:37:32 +00:00
Code Issues Releases Wiki Activity
linux-stable/drivers
History
Igor Murzov a3f83ab1a7 drm/radeon: fix invalid memory access in radeon_atrm_get_bios() 
At a boot time I observed following bug:

 BUG: unable to handle kernel paging request at ffff8800a4244000
 IP: [<ffffffff81275b5b>] memcpy+0xb/0x120
 PGD 1816063 PUD 1fe7d067 PMD 1ff9f067 PTE 80000000a4244160
 Oops: 0000 [#1] SMP DEBUG_PAGEALLOC
 CPU 0
 Modules linked in: btusb bluetooth brcmsmac brcmutil crc8 cordic b43 radeon(+)
  mac80211 cfg80211 ttm ohci_hcd drm_kms_helper rfkill drm ssb agpgart mmc_core
  sp5100_tco video battery ac thermal processor rtc_cmos thermal_sys snd_hda_codec_hdmi
  joydev snd_hda_codec_conexant button bcma pcmcia snd_hda_intel snd_hda_codec
  snd_hwdep snd_pcm shpchp pcmcia_core k8temp snd_timer atl1c snd psmouse hwmon
  i2c_piix4 i2c_algo_bit soundcore evdev i2c_core ehci_hcd sg serio_raw snd_page_alloc
  loop btrfs

 Pid: 1008, comm: modprobe Not tainted 3.3.0-rc1 #21 LENOVO 20046                           /AMD CRB
 RIP: 0010:[<ffffffff81275b5b>]  [<ffffffff81275b5b>] memcpy+0xb/0x120
 RSP: 0018:ffff8800aa72db00  EFLAGS: 00010246
 RAX: ffff8800a4150000 RBX: 0000000000001000 RCX: 0000000000000087
 RDX: 0000000000000000 RSI: ffff8800a4244000 RDI: ffff8800a4150bc8
 RBP: ffff8800aa72db78 R08: 0000000000000010 R09: ffffffff8174bbec
 R10: ffffffff812ee010 R11: 0000000000000001 R12: 0000000000001000
 R13: 0000000000010000 R14: ffff8800a4140000 R15: ffff8800aaba1800
 FS:  00007ff9a3bd4720(0000) GS:ffff8800afa00000(0000) knlGS:0000000000000000
 CS:  0010 DS: 0000 ES: 0000 CR0: 000000008005003b
 CR2: ffff8800a4244000 CR3: 00000000a9c18000 CR4: 00000000000006f0
 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
 DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
 Process modprobe (pid: 1008, threadinfo ffff8800aa72c000, task ffff8800aa0e4000)
 Stack:
  ffffffffa04e7c7b 0000000000000001 0000000000010000 ffff8800aa72db28
  ffffffff00000001 0000000000001000 ffffffff8113cbef 0000000000000020
  ffff8800a4243420 ffff880000000002 ffff8800aa72db08 ffff8800a9d42000
 Call Trace:
  [<ffffffffa04e7c7b>] ? radeon_atrm_get_bios_chunk+0x8b/0xd0 [radeon]
  [<ffffffff8113cbef>] ? kmalloc_order_trace+0x3f/0xb0
  [<ffffffffa04a9298>] radeon_get_bios+0x68/0x2f0 [radeon]
  [<ffffffffa04c7a30>] rv770_init+0x40/0x280 [radeon]
  [<ffffffffa047d740>] radeon_device_init+0x560/0x600 [radeon]
  [<ffffffffa047ef4f>] radeon_driver_load_kms+0xaf/0x170 [radeon]
  [<ffffffffa043cdde>] drm_get_pci_dev+0x18e/0x2c0 [drm]
  [<ffffffffa04e7e95>] radeon_pci_probe+0xad/0xb5 [radeon]
  [<ffffffff81296c5f>] local_pci_probe+0x5f/0xd0
  [<ffffffff81297418>] pci_device_probe+0x88/0xb0
  [<ffffffff813417aa>] ? driver_sysfs_add+0x7a/0xb0
  [<ffffffff813418d8>] really_probe+0x68/0x180
  [<ffffffff81341be5>] driver_probe_device+0x45/0x70
  [<ffffffff81341cb3>] __driver_attach+0xa3/0xb0
  [<ffffffff81341c10>] ? driver_probe_device+0x70/0x70
  [<ffffffff813400ce>] bus_for_each_dev+0x5e/0x90
  [<ffffffff8134172e>] driver_attach+0x1e/0x20
  [<ffffffff81341298>] bus_add_driver+0xc8/0x280
  [<ffffffff813422c6>] driver_register+0x76/0x140
  [<ffffffff812976d6>] __pci_register_driver+0x66/0xe0
  [<ffffffffa043d021>] drm_pci_init+0x111/0x120 [drm]
  [<ffffffff8133c67a>] ? vga_switcheroo_register_handler+0x3a/0x60
  [<ffffffffa0229000>] ? 0xffffffffa0228fff
  [<ffffffffa02290ec>] radeon_init+0xec/0xee [radeon]
  [<ffffffff810002f2>] do_one_initcall+0x42/0x180
  [<ffffffff8109d8d2>] sys_init_module+0x92/0x1e0
  [<ffffffff815407a9>] system_call_fastpath+0x16/0x1b
 Code: 58 2a 43 50 88 43 4e 48 83 c4 08 5b c9 c3 66 90 e8 cb fd ff ff eb
  e6 90 90 90 90 90 90 90 90 90 48 89 f8 89 d1 c1 e9 03 83 e2 07 <f3> 48
  a5 89 d1 f3 a4 c3 20 48 83 ea 20 4c 8b 06 4c 8b 4e 08 4c
 RIP  [<ffffffff81275b5b>] memcpy+0xb/0x120
  RSP <ffff8800aa72db00>
 CR2: ffff8800a4244000
 ---[ end trace fcffa1599cf56382 ]---

Call to acpi_evaluate_object() not always returns 4096 bytes chunks,
on my system it can return 2048 bytes chunk, so pass the length of
retrieved chunk to memcpy(), not the length of the recieving buffer.

Signed-off-by: Igor Murzov <e-mail@date.by>
Reviewed-by: Alex Deucher <alexander.deucher@amd.com>
Signed-off-by: Dave Airlie <airlied@redhat.com>
2012-01-24 17:34:02 +00:00
..
accessibility module_param: make bool parameters really bool (drivers & misc) 2012-01-13 09:32:20 +10:30
acpi Merge branch 'release' of git://git.kernel.org/pub/scm/linux/kernel/git/lenb/linux 2012-01-18 15:51:48 -08:00
amba Merge branch 'pm-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm 2012-01-08 13:10:57 -08:00
ata [libata] ata_piix: Add Toshiba Satellite Pro A120 to the quirks list 2012-01-17 20:50:53 -05:00
atm module_param: make bool parameters really bool (drivers & misc) 2012-01-13 09:32:20 +10:30
auxdisplay
base Merge branch 'pm-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm 2012-01-16 15:02:30 -08:00
bcma bcma: connect the bcma bus suspend/resume to the bcma driver suspend/resume 2012-01-17 09:54:08 -05:00
block nvme: fix merge error due to change of 'make_request_fn' fn type 2012-01-18 15:41:27 -08:00
bluetooth module_param: make bool parameters really bool (drivers & misc) 2012-01-13 09:32:20 +10:30
cdrom block: add and use scsi_blk_cmd_ioctl 2012-01-14 15:07:24 -08:00
char tpm: fix (ACPI S3) suspend regression 2012-01-18 15:50:17 -08:00
clk
clocksource Merge branch 'for-linus' of git://ftp.arm.linux.org.uk/pub/linux/arm/kernel/git-cur/linux-2.6-arm 2012-01-06 18:15:25 -08:00
connector
cpufreq Merge branch 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/davej/cpufreq 2012-01-11 18:53:33 -08:00
cpuidle
crypto Merge git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6 2012-01-10 22:01:27 -08:00
dca
devfreq
dio
dma Merge branch 'next' of git://git.infradead.org/users/vkoul/slave-dma 2012-01-17 18:40:24 -08:00
edac module_param: make bool parameters really bool (drivers & misc) 2012-01-13 09:32:20 +10:30
eisa
firewire module_param: make bool parameters really bool (drivers & misc) 2012-01-13 09:32:20 +10:30
firmware Merge commit '070680218379e15c1901f4bf21b98e3cbf12b527' into stable/for-linus-fixes-3.3 2012-01-12 11:53:55 -05:00
gpio gpio: tps65910: Use correct offset for gpio initialization 2012-01-18 13:48:43 -07:00
gpu drm/radeon: fix invalid memory access in radeon_atrm_get_bios() 2012-01-24 17:34:02 +00:00
hid module_param: make bool parameters really bool (drivers & misc) 2012-01-13 09:32:20 +10:30
hv Merge branch 'usb-next' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb 2012-01-09 12:09:47 -08:00
hwmon hwmon: (adm1031) Fix coding style issues 2012-01-16 22:51:48 +01:00
hwspinlock
i2c Merge branches 'for-33/i2c/eg20t' and 'for-33/i2c/omap' into for-linus/i2c-33 2012-01-17 23:30:41 +00:00
ide block: add and use scsi_blk_cmd_ioctl 2012-01-14 15:07:24 -08:00
idle Merge branches 'einj', 'intel_idle', 'misc', 'srat' and 'turbostat-ivb' into release 2012-01-18 01:15:54 -05:00
ieee802154
infiniband Merge branch 'for-next-merge' of git://git.kernel.org/pub/scm/linux/kernel/git/nab/target-pending 2012-01-18 16:29:42 -08:00
input Autogenerated GPG tag for Rusty D1ADB8F1: 15EE 8D6C AB0E 7F0C F999 BFCB D920 0E6C D1AD B8F1 2012-01-14 12:32:16 -08:00
iommu Merge branch 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/joro/iommu 2012-01-10 11:08:21 -08:00
isdn Autogenerated GPG tag for Rusty D1ADB8F1: 15EE 8D6C AB0E 7F0C F999 BFCB D920 0E6C D1AD B8F1 2012-01-14 12:32:16 -08:00
leds Autogenerated GPG tag for Rusty D1ADB8F1: 15EE 8D6C AB0E 7F0C F999 BFCB D920 0E6C D1AD B8F1 2012-01-14 12:32:16 -08:00
lguest lguest: Make sure interrupt is allocated ok by lguest_setup_irq 2012-01-12 15:44:47 +10:30
macintosh module_param: make bool parameters really bool (drivers & misc) 2012-01-13 09:32:20 +10:30
mca
md Merge branch 'for-3.3/core' of git://git.kernel.dk/linux-block 2012-01-15 12:24:45 -08:00
media Merge branch 'v4l_for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mchehab/linux-media 2012-01-18 12:53:54 -08:00
memstick module_param: make bool parameters really bool (drivers & misc) 2012-01-13 09:32:20 +10:30
message SCSI updates for post 3.2 merge window 2012-01-10 10:36:08 -08:00
mfd Autogenerated GPG tag for Rusty D1ADB8F1: 15EE 8D6C AB0E 7F0C F999 BFCB D920 0E6C D1AD B8F1 2012-01-14 12:32:16 -08:00
misc Merge branch 'next' of git://git.infradead.org/users/vkoul/slave-dma 2012-01-17 18:40:24 -08:00
mmc Merge branch 'next' of git://git.infradead.org/users/vkoul/slave-dma 2012-01-17 18:40:24 -08:00
mtd Merge branch 'next' of git://git.infradead.org/users/vkoul/slave-dma 2012-01-17 18:40:24 -08:00
net Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2012-01-17 22:26:41 -08:00
nfc Merge branch 'driver-core-next' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/driver-core 2012-01-07 12:03:30 -08:00
nubus
of 2nd set of device tree changes for v3.3 2012-01-14 13:25:55 -08:00
oprofile Merge branch 'perf-core-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2012-01-06 08:02:58 -08:00
parisc Merge branch 'linux-next' of git://git.kernel.org/pub/scm/linux/kernel/git/jbarnes/pci 2012-01-11 18:50:26 -08:00
parport Autogenerated GPG tag for Rusty D1ADB8F1: 15EE 8D6C AB0E 7F0C F999 BFCB D920 0E6C D1AD B8F1 2012-01-14 12:32:16 -08:00
pci Merge branch 'for-linus' of git://selinuxproject.org/~jmorris/linux-security 2012-01-14 18:36:33 -08:00
pcmcia Merge branch 'upstream' of git://git.linux-mips.org/pub/scm/ralf/upstream-linus 2012-01-14 13:05:21 -08:00
pinctrl
platform module_param: make bool parameters really bool (drivers & misc) 2012-01-13 09:32:20 +10:30
pnp PNP: work around Dell 1536/1546 BIOS MMCONFIG bug that breaks USB 2012-01-06 12:11:20 -08:00
power module_param: make bool parameters really bool (drivers & misc) 2012-01-13 09:32:20 +10:30
pps
ps3
ptp
rapidio
regulator Merge branch 'for-next' of git://git.kernel.org/pub/scm/linux/kernel/git/sameo/mfd-2.6 2012-01-13 20:43:32 -08:00
rtc Merge branch 'for-next' of git://git.kernel.org/pub/scm/linux/kernel/git/sameo/mfd-2.6 2012-01-13 20:43:32 -08:00
s390 module_param: make bool parameters really bool (drivers & misc) 2012-01-13 09:32:20 +10:30
sbus
scsi SCSI updates on 20120118 2012-01-18 12:35:17 -08:00
sfi
sh SH/R-Mobile updates for 3.3 merge window. 2012-01-11 23:29:20 -08:00
sn
spi Merge branch 'next' of git://git.infradead.org/users/vkoul/slave-dma 2012-01-17 18:40:24 -08:00
ssb
staging Merge branch 'v4l_for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mchehab/linux-media 2012-01-15 12:49:56 -08:00
target
tc
telephony
thermal
tty Merge branch 'next' of git://git.infradead.org/users/vkoul/slave-dma 2012-01-17 18:40:24 -08:00
uio Merge branch 'linux-next' of git://git.kernel.org/pub/scm/linux/kernel/git/jbarnes/pci 2012-01-11 18:50:26 -08:00
usb Merge branch 'next' of git://git.infradead.org/users/vkoul/slave-dma 2012-01-17 18:40:24 -08:00
uwb Merge branch 'usb-next' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb 2012-01-09 12:09:47 -08:00
vhost vhost-net: add module alias (v2.1) 2012-01-13 10:12:23 -08:00
video Merge branch 'next' of git://git.infradead.org/users/vkoul/slave-dma 2012-01-17 18:40:24 -08:00
virt
virtio virtio: balloon: Add freeze, restore handlers to support S4 2012-01-12 15:44:47 +10:30
vlynq
w1
watchdog module_param: make bool parameters really bool (drivers & misc) 2012-01-13 09:32:20 +10:30
xen xen: using EXPORT_SYMBOL requires including export.h 2012-01-18 15:37:49 -08:00
zorro
Kconfig
Makefile mmc: sdhci-pci: add platform data 2012-01-11 23:58:47 -05:00