Jacob Garber has uploaded this change for review. ( https://review.coreboot.org/c/coreboot/+/34355 )
Change subject: nb/via/vx900: Assert framebuffer size is within limits ......................................................................
nb/via/vx900: Assert framebuffer size is within limits
The framebuffer size needs to be between 8 and 512 MiB, or alternatively, its power needs to be between 3 and 9. If the power is too small, an undefined integer shift will occur in the call to pci_update_config8(), so let's do a sanity check beforehand to make sure that doesn't happen.
Change-Id: I3962e5cdc094c8da22d8dbadf16637e02fa98689 Signed-off-by: Jacob Garber jgarber1@ualberta.ca Found-by: Coverity CID 1391086 --- M src/northbridge/via/vx900/memmap.c 1 file changed, 8 insertions(+), 4 deletions(-)
git pull ssh://review.coreboot.org:29418/coreboot refs/changes/55/34355/1
diff --git a/src/northbridge/via/vx900/memmap.c b/src/northbridge/via/vx900/memmap.c index 0c3b7bf..ae8fb78 100644 --- a/src/northbridge/via/vx900/memmap.c +++ b/src/northbridge/via/vx900/memmap.c @@ -26,8 +26,8 @@
#define MCU PCI_DEV(0, 0, 3)
-#define CHROME_9_HD_MIN_FB_SIZE 8 -#define CHROME_9_HD_MAX_FB_SIZE 512 +#define CHROME_9_HD_MIN_FB_POW 3 /* 8 MiB */ +#define CHROME_9_HD_MAX_FB_POW 9 /* 512 MiB */
/* Helper to determine the framebuffer size */ void vx900_set_chrome9hd_fb_size(u32 size_mb) @@ -37,7 +37,7 @@ int i;
/* The minimum framebuffer size is 8MB. */ - size_mb = MAX(size_mb, CHROME_9_HD_MIN_FB_SIZE); + size_mb = MAX(size_mb, (1U << CHROME_9_HD_MIN_FB_POW));
/* * We have two limitations on the maximum framebuffer size: @@ -79,10 +79,14 @@ }
/* Now round the framebuffer size to the closest power of 2 */ - u8 fb_pow = 0; + int fb_pow = 0; while (size_mb >> fb_pow) fb_pow++; fb_pow--; + + if (fb_pow < CHROME_9_HD_MIN_FB_POW || fb_pow > CHROME_9_HD_MAX_FB_POW) + die("Framebuffer power %u is out of range\n", fb_pow); + size_mb = (1 << fb_pow);
pci_update_config8(MCU, 0xa1, ~(7 << 4), (fb_pow - 2) << 4);