On Tue, 2007-01-09 at 22:54 +0100, Andreas Johansson wrote:
> On Tue, Jan 09, 2007 at 06:18:24PM +0100, Michel Dänzer wrote:
>
> > I'm not sure how this could happen though; can you also post the full
> > kernel output, or at least everything related to AGP and the DRI?
>
> Sure. Attached are the entries from /var/log/messages that I believe
> matches the two Xorg log files. Below are the results of grep:ing
> for agp and drm.
Thanks. I think this is another integer overflow bug in the radeon DRM;
can you try the attached patch?
--
Earthling Michel Dänzer | http://tungstengraphics.com
Libre software enthusiast | Debian, X and DRI developer
diff --git a/shared-core/radeon_cp.c b/shared-core/radeon_cp.c
index 4135f4d..0fa6535 100644
--- a/shared-core/radeon_cp.c
+++ b/shared-core/radeon_cp.c
@@ -1563,8 +1563,8 @@ static int radeon_do_init_cp(drm_device_t * dev, drm_radeon_init_t * init)
if (dev_priv->flags & RADEON_IS_AGP) {
base = dev->agp->base;
/* Check if valid */
- if ((base + dev_priv->gart_size) > dev_priv->fb_location &&
- base < (dev_priv->fb_location + dev_priv->fb_size)) {
+ if ((base + dev_priv->gart_size - 1) >= dev_priv->fb_location &&
+ base < (dev_priv->fb_location + dev_priv->fb_size - 1)) {
DRM_INFO("Can't use AGP base @0x%08lx, won't fit\n",
dev->agp->base);
base = 0;
@@ -1574,8 +1574,8 @@ static int radeon_do_init_cp(drm_device_t * dev, drm_radeon_init_t * init)
/* If not or if AGP is at 0 (Macs), try to put it elsewhere */
if (base == 0) {
base = dev_priv->fb_location + dev_priv->fb_size;
- if (((base + dev_priv->gart_size) & 0xfffffffful)
- < base)
+ if (base < dev_priv->fb_location ||
+ ((base + dev_priv->gart_size) & 0xfffffffful) < base)
base = dev_priv->fb_location
- dev_priv->gart_size;
}
