* [PATCH] drm/msm/dsi: don't dump registers past the mapped region
@ 2026-04-28 17:21 Dmitry Baryshkov
2026-04-29 8:55 ` Konrad Dybcio
0 siblings, 1 reply; 2+ messages in thread
From: Dmitry Baryshkov @ 2026-04-28 17:21 UTC (permalink / raw)
To: Rob Clark, Dmitry Baryshkov, Abhinav Kumar, Jessica Zhang,
Sean Paul, Marijn Suijten, David Airlie, Simona Vetter
Cc: linux-arm-msm, dri-devel, freedreno, linux-kernel
On DSI 6G platforms the IO address space is internally adjusted by
io_offset. Later this adjusted address might be used for memory dumping.
However the size that is used for memory dumping isn't adjusted to
account for the io_offset, leading to the potential access to the
unmapped region. Lower ctrl_size by the io_offset value to prevent
access past the mapped area.
msm_disp_snapshot_add_block+0x1d4/0x3c8 [msm] (P)
msm_dsi_host_snapshot+0x4c/0x78 [msm]
msm_dsi_snapshot+0x28/0x50 [msm]
msm_disp_snapshot_capture_state+0x74/0x140 [msm]
msm_disp_snapshot_state_sync+0x60/0x90 [msm]
_msm_disp_snapshot_work+0x30/0x90 [msm]
kthread_worker_fn+0xdc/0x460
kthread+0x120/0x140
Fixes: bac2c6a62ed9 ("drm/msm: get rid of msm_iomap_size")
Signed-off-by: Dmitry Baryshkov <dmitry.baryshkov@oss.qualcomm.com>
---
drivers/gpu/drm/msm/dsi/dsi_host.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/gpu/drm/msm/dsi/dsi_host.c b/drivers/gpu/drm/msm/dsi/dsi_host.c
index 565d425f88b8..982abaaac00d 100644
--- a/drivers/gpu/drm/msm/dsi/dsi_host.c
+++ b/drivers/gpu/drm/msm/dsi/dsi_host.c
@@ -2033,6 +2033,7 @@ int msm_dsi_host_init(struct msm_dsi *msm_dsi)
/* fixup base address by io offset */
msm_host->ctrl_base += cfg->io_offset;
+ msm_host->ctrl_size -= cfg->io_offset;
ret = devm_regulator_bulk_get_const(&pdev->dev, cfg->num_regulators,
cfg->regulator_data,
---
base-commit: bee6ea30c48788e18348309f891ed8afbf7702ac
change-id: 20260428-msm-fix-dsi-dump-14cd71b5c33e
Best regards,
--
With best wishes
Dmitry
^ permalink raw reply related [flat|nested] 2+ messages in thread
* Re: [PATCH] drm/msm/dsi: don't dump registers past the mapped region
2026-04-28 17:21 [PATCH] drm/msm/dsi: don't dump registers past the mapped region Dmitry Baryshkov
@ 2026-04-29 8:55 ` Konrad Dybcio
0 siblings, 0 replies; 2+ messages in thread
From: Konrad Dybcio @ 2026-04-29 8:55 UTC (permalink / raw)
To: Dmitry Baryshkov, Rob Clark, Dmitry Baryshkov, Abhinav Kumar,
Jessica Zhang, Sean Paul, Marijn Suijten, David Airlie,
Simona Vetter
Cc: linux-arm-msm, dri-devel, freedreno, linux-kernel
On 4/28/26 7:21 PM, Dmitry Baryshkov wrote:
> On DSI 6G platforms the IO address space is internally adjusted by
> io_offset. Later this adjusted address might be used for memory dumping.
> However the size that is used for memory dumping isn't adjusted to
> account for the io_offset, leading to the potential access to the
> unmapped region. Lower ctrl_size by the io_offset value to prevent
> access past the mapped area.
>
> msm_disp_snapshot_add_block+0x1d4/0x3c8 [msm] (P)
> msm_dsi_host_snapshot+0x4c/0x78 [msm]
> msm_dsi_snapshot+0x28/0x50 [msm]
> msm_disp_snapshot_capture_state+0x74/0x140 [msm]
> msm_disp_snapshot_state_sync+0x60/0x90 [msm]
> _msm_disp_snapshot_work+0x30/0x90 [msm]
> kthread_worker_fn+0xdc/0x460
> kthread+0x120/0x140
>
> Fixes: bac2c6a62ed9 ("drm/msm: get rid of msm_iomap_size")
> Signed-off-by: Dmitry Baryshkov <dmitry.baryshkov@oss.qualcomm.com>
> ---
Reviewed-by: Konrad Dybcio <konrad.dybcio@oss.qualcomm.com>
Konrad
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2026-04-29 8:55 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2026-04-28 17:21 [PATCH] drm/msm/dsi: don't dump registers past the mapped region Dmitry Baryshkov
2026-04-29 8:55 ` Konrad Dybcio
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox