From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: "Greg Kroah-Hartman" <gregkh@linuxfoundation.org>,
stable@vger.kernel.org,
"Ville Syrjälä" <ville.syrjala@linux.intel.com>,
"Jani Nikula" <jani.nikula@intel.com>
Subject: [PATCH 6.0 01/20] drm/i915/bios: Validate fp_timing terminator presence
Date: Mon, 24 Oct 2022 13:31:03 +0200 [thread overview]
Message-ID: <20221024112934.482437706@linuxfoundation.org> (raw)
In-Reply-To: <20221024112934.415391158@linuxfoundation.org>
From: Ville Syrjälä <ville.syrjala@linux.intel.com>
commit 4e78d6023c15c6acce8fbe42e13027c460395522 upstream.
Validate the LFP data block a bit hardwer by making sure the
fp_timing terminators (0xffff) are where we expect them to be.
Signed-off-by: Ville Syrjälä <ville.syrjala@linux.intel.com>
Link: https://patchwork.freedesktop.org/patch/msgid/20220818192223.29881-2-ville.syrjala@linux.intel.com
Reviewed-by: Jani Nikula <jani.nikula@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/gpu/drm/i915/display/intel_bios.c | 60 ++++++++++++++++--------------
1 file changed, 32 insertions(+), 28 deletions(-)
--- a/drivers/gpu/drm/i915/display/intel_bios.c
+++ b/drivers/gpu/drm/i915/display/intel_bios.c
@@ -135,18 +135,6 @@ static u32 raw_block_offset(const void *
return block - bdb;
}
-/* size of the block excluding the header */
-static u32 raw_block_size(const void *bdb, enum bdb_block_id section_id)
-{
- const void *block;
-
- block = find_raw_section(bdb, section_id);
- if (!block)
- return 0;
-
- return get_blocksize(block);
-}
-
struct bdb_block_entry {
struct list_head node;
enum bdb_block_id section_id;
@@ -231,9 +219,14 @@ static bool validate_lfp_data_ptrs(const
{
int fp_timing_size, dvo_timing_size, panel_pnp_id_size, panel_name_size;
int data_block_size, lfp_data_size;
+ const void *data_block;
int i;
- data_block_size = raw_block_size(bdb, BDB_LVDS_LFP_DATA);
+ data_block = find_raw_section(bdb, BDB_LVDS_LFP_DATA);
+ if (!data_block)
+ return false;
+
+ data_block_size = get_blocksize(data_block);
if (data_block_size == 0)
return false;
@@ -261,21 +254,6 @@ static bool validate_lfp_data_ptrs(const
if (16 * lfp_data_size > data_block_size)
return false;
- /*
- * Except for vlv/chv machines all real VBTs seem to have 6
- * unaccounted bytes in the fp_timing table. And it doesn't
- * appear to be a really intentional hole as the fp_timing
- * 0xffff terminator is always within those 6 missing bytes.
- */
- if (fp_timing_size + dvo_timing_size + panel_pnp_id_size != lfp_data_size &&
- fp_timing_size + 6 + dvo_timing_size + panel_pnp_id_size != lfp_data_size)
- return false;
-
- if (ptrs->ptr[0].fp_timing.offset + fp_timing_size > ptrs->ptr[0].dvo_timing.offset ||
- ptrs->ptr[0].dvo_timing.offset + dvo_timing_size != ptrs->ptr[0].panel_pnp_id.offset ||
- ptrs->ptr[0].panel_pnp_id.offset + panel_pnp_id_size != lfp_data_size)
- return false;
-
/* make sure the table entries have uniform size */
for (i = 1; i < 16; i++) {
if (ptrs->ptr[i].fp_timing.table_size != fp_timing_size ||
@@ -289,6 +267,23 @@ static bool validate_lfp_data_ptrs(const
return false;
}
+ /*
+ * Except for vlv/chv machines all real VBTs seem to have 6
+ * unaccounted bytes in the fp_timing table. And it doesn't
+ * appear to be a really intentional hole as the fp_timing
+ * 0xffff terminator is always within those 6 missing bytes.
+ */
+ if (fp_timing_size + 6 + dvo_timing_size + panel_pnp_id_size == lfp_data_size)
+ fp_timing_size += 6;
+
+ if (fp_timing_size + dvo_timing_size + panel_pnp_id_size != lfp_data_size)
+ return false;
+
+ if (ptrs->ptr[0].fp_timing.offset + fp_timing_size != ptrs->ptr[0].dvo_timing.offset ||
+ ptrs->ptr[0].dvo_timing.offset + dvo_timing_size != ptrs->ptr[0].panel_pnp_id.offset ||
+ ptrs->ptr[0].panel_pnp_id.offset + panel_pnp_id_size != lfp_data_size)
+ return false;
+
/* make sure the tables fit inside the data block */
for (i = 0; i < 16; i++) {
if (ptrs->ptr[i].fp_timing.offset + fp_timing_size > data_block_size ||
@@ -300,6 +295,15 @@ static bool validate_lfp_data_ptrs(const
if (ptrs->panel_name.offset + 16 * panel_name_size > data_block_size)
return false;
+ /* make sure fp_timing terminators are present at expected locations */
+ for (i = 0; i < 16; i++) {
+ const u16 *t = data_block + ptrs->ptr[i].fp_timing.offset +
+ fp_timing_size - 2;
+
+ if (*t != 0xffff)
+ return false;
+ }
+
return true;
}
next prev parent reply other threads:[~2022-10-24 11:31 UTC|newest]
Thread overview: 42+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-10-24 11:31 [PATCH 6.0 00/20] 6.0.4-rc1 review Greg Kroah-Hartman
2022-10-24 11:31 ` Greg Kroah-Hartman [this message]
2022-10-24 11:31 ` [PATCH 6.0 02/20] drm/i915/bios: Use hardcoded fp_timing size for generating LFP data pointers Greg Kroah-Hartman
2022-10-24 11:31 ` [PATCH 6.0 03/20] pinctrl: amd: change dev_warn to dev_dbg for additional feature support Greg Kroah-Hartman
2022-10-24 11:31 ` [PATCH 6.0 04/20] thermal: intel_powerclamp: Use first online CPU as control_cpu Greg Kroah-Hartman
2022-10-24 11:31 ` [PATCH 6.0 05/20] io_uring/net: fail zc send when unsupported by socket Greg Kroah-Hartman
2022-10-24 11:31 ` [PATCH 6.0 06/20] HID: playstation: stop DualSense output work on remove Greg Kroah-Hartman
2022-10-24 11:31 ` [PATCH 6.0 07/20] HID: playstation: add initial DualSense Edge controller support Greg Kroah-Hartman
2022-10-24 11:31 ` [PATCH 6.0 08/20] net: flag sockets supporting msghdr originated zerocopy Greg Kroah-Hartman
2022-10-24 11:31 ` [PATCH 6.0 09/20] drm/amd/pm: fulfill SMU13.0.7 cstate control interface Greg Kroah-Hartman
2022-10-24 11:31 ` [PATCH 6.0 10/20] drm/amd/pm: add SMU IP v13.0.4 IF version define to V7 Greg Kroah-Hartman
2022-10-24 11:31 ` [PATCH 6.0 11/20] drm/amd/pm: disable cstate feature for gpu reset scenario Greg Kroah-Hartman
2022-10-24 11:31 ` [PATCH 6.0 12/20] drm/amd/pm: fulfill SMU13.0.0 cstate control interface Greg Kroah-Hartman
2022-10-24 11:31 ` [PATCH 6.0 13/20] drm/amd/pm: update SMU IP v13.0.4 driver interface version Greg Kroah-Hartman
2022-10-24 11:31 ` [PATCH 6.0 14/20] dm clone: Fix typo in block_device format specifier Greg Kroah-Hartman
2022-10-24 11:31 ` [PATCH 6.0 15/20] efi: efivars: Fix variable writes without query_variable_store() Greg Kroah-Hartman
2022-10-24 11:31 ` [PATCH 6.0 16/20] efi: ssdt: Dont free memory if ACPI table was loaded successfully Greg Kroah-Hartman
2022-10-24 11:31 ` [PATCH 6.0 17/20] gcov: support GCC 12.1 and newer compilers Greg Kroah-Hartman
2022-10-24 11:31 ` [PATCH 6.0 18/20] io-wq: Fix memory leak in worker creation Greg Kroah-Hartman
2022-10-24 11:31 ` [PATCH 6.0 19/20] mm/huge_memory: do not clobber swp_entry_t during THP split Greg Kroah-Hartman
2022-10-25 15:11 ` Hugh Dickins
2022-10-25 15:58 ` Greg Kroah-Hartman
2022-10-30 3:33 ` Hugh Dickins
2022-10-31 6:44 ` Greg Kroah-Hartman
2022-10-24 11:31 ` [PATCH 6.0 20/20] fbdev/core: Remove remove_conflicting_pci_framebuffers() Greg Kroah-Hartman
2022-11-01 8:42 ` Boris V.
2022-11-01 10:34 ` Thomas Zimmermann
2022-11-01 11:34 ` Boris V.
2022-10-24 15:47 ` [PATCH 6.0 00/20] 6.0.4-rc1 review Luna Jernberg
2022-10-24 19:10 ` Rudi Heitbaum
2022-10-24 19:21 ` Jon Hunter
2022-10-24 19:28 ` Florian Fainelli
2022-10-24 20:48 ` Shuah Khan
2022-10-24 21:55 ` Ron Economos
2022-10-25 0:20 ` Slade Watkins
2022-10-25 7:51 ` Fenil Jain
2022-10-25 9:08 ` Bagas Sanjaya
2022-10-25 12:33 ` Naresh Kamboju
2022-10-25 15:32 ` Guenter Roeck
2022-10-25 22:43 ` Justin Forbes
2022-10-26 6:36 ` Ernst Herzberg
2022-10-26 6:59 ` Greg Kroah-Hartman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20221024112934.482437706@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=jani.nikula@intel.com \
--cc=linux-kernel@vger.kernel.org \
--cc=stable@vger.kernel.org \
--cc=ville.syrjala@linux.intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.