drm/nouveau/ttm: avoid using nouveau_drm.ttm.type_vram prior to nv50

Pre-NV50 chipsets don't currently use the MMU subsystem that later
chipsets use, and type_vram is negative here, leading to an OOB memory
access.

This was previously guarded by a chipset check, restore that.

Reported-by: Thomas Zimmermann <tzimmermann@suse.de>
Fixes: 5839172f0980 ("drm/nouveau: explicitly specify caching to use")
Signed-off-by: Ben Skeggs <bskeggs@redhat.com>

diff --git a/drivers/gpu/drm/nouveau/nouveau_bo.c b/drivers/gpu/drm/nouveau/nouveau_bo.c
index 2ee7564..56b335a 100644 (file)
--- a/drivers/gpu/drm/nouveau/nouveau_bo.c
+++ b/drivers/gpu/drm/nouveau/nouveau_bo.c
@@ -350,14 +350,13 @@ set_placement_list(struct nouveau_drm *drm, struct ttm_place *pl, unsigned *n,
 
        if (domain & NOUVEAU_GEM_DOMAIN_VRAM) {
                struct nvif_mmu *mmu = &drm->client.mmu;
-               const u8 type = mmu->type[drm->ttm.type_vram].type;
 
                pl[*n].mem_type = TTM_PL_VRAM;
                pl[*n].flags = flags & ~TTM_PL_FLAG_CACHED;
 
                /* Some BARs do not support being ioremapped WC */
                if (drm->client.device.info.family >= NV_DEVICE_INFO_V0_TESLA &&
-                   type & NVIF_MEM_UNCACHED)
+                   mmu->type[drm->ttm.type_vram].type & NVIF_MEM_UNCACHED)
                        pl[*n].flags &= ~TTM_PL_FLAG_WC;
 
                (*n)++;