drm/i915/opregion: rvda is relative from opregion base, not absolute

Submitted by Jani Nikula on Jan. 29, 2019, 1:31 p.m.

Details

Message ID 20190129133121.32564-1-jani.nikula@intel.com
State New
Headers show
Series "drm/i915/opregion: rvda is relative from opregion base, not absolute" ( rev: 3 2 ) in Intel GFX

Not browsing as part of any series.

Commit Message

Jani Nikula Jan. 29, 2019, 1:31 p.m.
We've supported the opregion RVDA/RVDS fields for VBT size >= 6 KB since
commit 04ebaadb9f2d ("drm/i915/opregion: handle VBT sizes bigger than 6
KB"). That's three years, almost to the date.

The implementation was based on spec only, in anticipation of systems
with big VBT. Now, the spec has been changed. The RVDA is supposed to be
relative from the beginning of opregion, not absolute address.

This is obviously a backward/forward incompatible change. I've been told
there are no systems out there using the field. Fingers crossed. This
will still be problematic for older kernels, and we can only try to
backport the fix.

Fix the error path while at it.

Fixes: 04ebaadb9f2d ("drm/i915/opregion: handle VBT sizes bigger than 6 KB")
Cc: Ville Syrjälä <ville.syrjala@linux.intel.com>
Cc: Imre Deak <imre.deak@intel.com>
Signed-off-by: Jani Nikula <jani.nikula@intel.com>
---
 drivers/gpu/drm/i915/intel_opregion.c | 12 ++++++++++--
 1 file changed, 10 insertions(+), 2 deletions(-)

Patch hide | download patch | download mbox

diff --git a/drivers/gpu/drm/i915/intel_opregion.c b/drivers/gpu/drm/i915/intel_opregion.c
index 30ae96c5c97c..30324b963e24 100644
--- a/drivers/gpu/drm/i915/intel_opregion.c
+++ b/drivers/gpu/drm/i915/intel_opregion.c
@@ -118,7 +118,7 @@  struct opregion_asle {
 	u64 fdss;
 	u32 fdsp;
 	u32 stat;
-	u64 rvda;	/* Physical address of raw vbt data */
+	u64 rvda;	/* Address of raw vbt data, relative from opregion */
 	u32 rvds;	/* Size of raw vbt data */
 	u8 rsvd[58];
 } __packed;
@@ -954,7 +954,13 @@  int intel_opregion_setup(struct drm_i915_private *dev_priv)
 
 	if (opregion->header->opregion_ver >= 2 && opregion->asle &&
 	    opregion->asle->rvda && opregion->asle->rvds) {
-		opregion->rvda = memremap(opregion->asle->rvda,
+		/*
+		 * rvda is unsigned, relative from opregion base, and should
+		 * never point within opregion.
+		 */
+		WARN_ON(opregion->asle->rvda < OPREGION_SIZE);
+
+		opregion->rvda = memremap(asls + opregion->asle->rvda,
 					  opregion->asle->rvds,
 					  MEMREMAP_WB);
 		vbt = opregion->rvda;
@@ -966,6 +972,8 @@  int intel_opregion_setup(struct drm_i915_private *dev_priv)
 			goto out;
 		} else {
 			DRM_DEBUG_KMS("Invalid VBT in ACPI OpRegion (RVDA)\n");
+			memunmap(opregion->rvda);
+			opregion->rvda = NULL;
 		}
 	}
 

Comments

On Tue, Jan 29, 2019 at 03:31:21PM +0200, Jani Nikula wrote:
> We've supported the opregion RVDA/RVDS fields for VBT size >= 6 KB since
> commit 04ebaadb9f2d ("drm/i915/opregion: handle VBT sizes bigger than 6
> KB"). That's three years, almost to the date.
> 
> The implementation was based on spec only, in anticipation of systems
> with big VBT. Now, the spec has been changed. The RVDA is supposed to be
> relative from the beginning of opregion, not absolute address.
> 
> This is obviously a backward/forward incompatible change. I've been told
> there are no systems out there using the field. Fingers crossed. This
> will still be problematic for older kernels, and we can only try to
> backport the fix.
> 
> Fix the error path while at it.
> 
> Fixes: 04ebaadb9f2d ("drm/i915/opregion: handle VBT sizes bigger than 6 KB")
> Cc: Ville Syrjälä <ville.syrjala@linux.intel.com>
> Cc: Imre Deak <imre.deak@intel.com>
> Signed-off-by: Jani Nikula <jani.nikula@intel.com>

Reviewed-by: Ville Syrjälä <ville.syrjala@linux.intel.com>

> ---
>  drivers/gpu/drm/i915/intel_opregion.c | 12 ++++++++++--
>  1 file changed, 10 insertions(+), 2 deletions(-)
> 
> diff --git a/drivers/gpu/drm/i915/intel_opregion.c b/drivers/gpu/drm/i915/intel_opregion.c
> index 30ae96c5c97c..30324b963e24 100644
> --- a/drivers/gpu/drm/i915/intel_opregion.c
> +++ b/drivers/gpu/drm/i915/intel_opregion.c
> @@ -118,7 +118,7 @@ struct opregion_asle {
>  	u64 fdss;
>  	u32 fdsp;
>  	u32 stat;
> -	u64 rvda;	/* Physical address of raw vbt data */
> +	u64 rvda;	/* Address of raw vbt data, relative from opregion */
>  	u32 rvds;	/* Size of raw vbt data */
>  	u8 rsvd[58];
>  } __packed;
> @@ -954,7 +954,13 @@ int intel_opregion_setup(struct drm_i915_private *dev_priv)
>  
>  	if (opregion->header->opregion_ver >= 2 && opregion->asle &&
>  	    opregion->asle->rvda && opregion->asle->rvds) {
> -		opregion->rvda = memremap(opregion->asle->rvda,
> +		/*
> +		 * rvda is unsigned, relative from opregion base, and should
> +		 * never point within opregion.
> +		 */
> +		WARN_ON(opregion->asle->rvda < OPREGION_SIZE);
> +
> +		opregion->rvda = memremap(asls + opregion->asle->rvda,
>  					  opregion->asle->rvds,
>  					  MEMREMAP_WB);
>  		vbt = opregion->rvda;
> @@ -966,6 +972,8 @@ int intel_opregion_setup(struct drm_i915_private *dev_priv)
>  			goto out;
>  		} else {
>  			DRM_DEBUG_KMS("Invalid VBT in ACPI OpRegion (RVDA)\n");
> +			memunmap(opregion->rvda);
> +			opregion->rvda = NULL;
>  		}
>  	}
>  
> -- 
> 2.20.1
On Tue, 29 Jan 2019, Jani Nikula <jani.nikula@intel.com> wrote:
> This is obviously a backward/forward incompatible change. I've been
> told there are no systems out there using the field.

There are systems like that, in our CI too. Back to the drawing board.

BR,
Jani.