drm/nouveau/ttm: avoid using nouveau_drm.ttm.type_vram prior to nv50

Pre-NV50 chipsets don't currently use the MMU subsystem that later
chipsets use, and type_vram is negative here, leading to an OOB memory
access.

This was previously guarded by a chipset check, restore that.

Reported-by: Thomas Zimmermann <tzimmermann@suse.de>
Fixes: 5839172f0980 ("drm/nouveau: explicitly specify caching to use")
Signed-off-by: Ben Skeggs <bskeggs@redhat.com>
Reviewed-by: Michael J. Ruhl <michael.j.ruhl@intel.com>
Reviewed-by: Christian König <christian.koenig@amd.com>

diff --git a/drivers/gpu/drm/nouveau/nouveau_bo.c b/drivers/gpu/drm/nouveau/nouveau_bo.c
index 8133377..0400a21 100644 (file)
--- a/drivers/gpu/drm/nouveau/nouveau_bo.c
+++ b/drivers/gpu/drm/nouveau/nouveau_bo.c
@@ -1142,7 +1142,6 @@ nouveau_ttm_io_mem_reserve(struct ttm_bo_device *bdev, struct ttm_resource *reg)
        struct nvkm_device *device = nvxx_device(&drm->client.device);
        struct nouveau_mem *mem = nouveau_mem(reg);
        struct nvif_mmu *mmu = &drm->client.mmu;
-       const u8 type = mmu->type[drm->ttm.type_vram].type;
        int ret;
 
        mutex_lock(&drm->ttm.io_reserve_mutex);
@@ -1175,7 +1174,7 @@ retry:
 
                /* Some BARs do not support being ioremapped WC */
                if (drm->client.device.info.family >= NV_DEVICE_INFO_V0_TESLA &&
-                   type & NVIF_MEM_UNCACHED)
+                   mmu->type[drm->ttm.type_vram].type & NVIF_MEM_UNCACHED)
                        reg->bus.caching = ttm_uncached;
                else
                        reg->bus.caching = ttm_write_combined;