[MIPI,SEQ,PARSING,v3,04/13] drm/i915: Do opregion VBT validation during opregion setup

Submitted by Deepak M on Nov. 30, 2015, 10:47 p.m.

Details

Message ID 1448923632-16760-5-git-send-email-m.deepak@intel.com
State New
Headers show
Series "Patches to support the version 3 of MIPI sequence in VBT." ( rev: 2 1 ) in Intel GFX

Not browsing as part of any series.

Commit Message

Deepak M Nov. 30, 2015, 10:47 p.m.
Calling the validate_vbt before assiging the opregion vbt blob.
Size of the VBT blob cant be more than 6KB when VBT is present
in mailbox 4.

Cc: Jani Nikula <jani.nikula@intel.com>
Signed-off-by: Deepak M <m.deepak@intel.com>
---
 drivers/gpu/drm/i915/i915_drv.h       |  3 +++
 drivers/gpu/drm/i915/intel_bios.c     | 43 +++++++++++++++++++----------------
 drivers/gpu/drm/i915/intel_opregion.c | 31 +++++++++++++++++++++++++
 3 files changed, 57 insertions(+), 20 deletions(-)

Patch hide | download patch | download mbox

diff --git a/drivers/gpu/drm/i915/i915_drv.h b/drivers/gpu/drm/i915/i915_drv.h
index 135d32a..8cf8375 100644
--- a/drivers/gpu/drm/i915/i915_drv.h
+++ b/drivers/gpu/drm/i915/i915_drv.h
@@ -3324,6 +3324,9 @@  intel_opregion_notify_adapter(struct drm_device *dev, pci_power_t state)
 }
 #endif
 
+const struct vbt_header *validate_vbt(const void *_vbt, size_t size,
+						const char *source);
+
 /* intel_acpi.c */
 #ifdef CONFIG_ACPI
 extern void intel_register_dsm_handler(void);
diff --git a/drivers/gpu/drm/i915/intel_bios.c b/drivers/gpu/drm/i915/intel_bios.c
index 6756a1c..57a77aa 100644
--- a/drivers/gpu/drm/i915/intel_bios.c
+++ b/drivers/gpu/drm/i915/intel_bios.c
@@ -1237,16 +1237,15 @@  static const struct dmi_system_id intel_no_opregion_vbt[] = {
 	{ }
 };
 
-static const struct bdb_header *validate_vbt(const void *base,
+const struct vbt_header *validate_vbt(const void *_vbt,
 					     size_t size,
-					     const void *_vbt,
 					     const char *source)
 {
-	size_t offset = _vbt - base;
-	const struct vbt_header *vbt = _vbt;
+	const struct vbt_header *vbt = (const struct vbt_header *)_vbt;
 	const struct bdb_header *bdb;
+	size_t offset;
 
-	if (offset + sizeof(struct vbt_header) > size) {
+	if (sizeof(struct vbt_header) > size) {
 		DRM_DEBUG_DRIVER("VBT header incomplete\n");
 		return NULL;
 	}
@@ -1256,26 +1255,26 @@  static const struct bdb_header *validate_vbt(const void *base,
 		return NULL;
 	}
 
-	offset += vbt->bdb_offset;
+	offset = vbt->bdb_offset;
 	if (offset + sizeof(struct bdb_header) > size) {
 		DRM_DEBUG_DRIVER("BDB header incomplete\n");
 		return NULL;
 	}
 
-	bdb = base + offset;
+	bdb = (const void *)_vbt + offset;
 	if (offset + bdb->bdb_size > size) {
 		DRM_DEBUG_DRIVER("BDB incomplete\n");
 		return NULL;
 	}
 
 	DRM_DEBUG_KMS("Using VBT from %s: %20s\n",
-		      source, vbt->signature);
-	return bdb;
+			source, vbt->signature);
+	return vbt;
 }
 
-static const struct bdb_header *find_vbt(void __iomem *bios, size_t size)
+static const struct vbt_header *find_vbt(void __iomem *bios, size_t size)
 {
-	const struct bdb_header *bdb = NULL;
+	const struct vbt_header *vbt = NULL;
 	size_t i;
 
 	/* Scour memory looking for the VBT signature. */
@@ -1289,12 +1288,12 @@  static const struct bdb_header *find_vbt(void __iomem *bios, size_t size)
 			 */
 			void *_bios = (void __force *) bios;
 
-			bdb = validate_vbt(_bios, size, _bios + i, "PCI ROM");
+			vbt = validate_vbt(_bios + i, size - i, "PCI ROM");
 			break;
 		}
 	}
 
-	return bdb;
+	return vbt;
 }
 
 /**
@@ -1311,6 +1310,7 @@  intel_parse_bios(struct drm_device *dev)
 {
 	struct drm_i915_private *dev_priv = dev->dev_private;
 	struct pci_dev *pdev = dev->pdev;
+	const struct vbt_header *vbt = NULL;
 	const struct bdb_header *bdb = NULL;
 	u8 __iomem *bios = NULL;
 
@@ -1319,23 +1319,26 @@  intel_parse_bios(struct drm_device *dev)
 
 	init_vbt_defaults(dev_priv);
 
-	/* XXX Should this validation be moved to intel_opregion.c? */
-	if (!dmi_check_system(intel_no_opregion_vbt) && dev_priv->opregion.vbt)
-		bdb = validate_vbt(dev_priv->opregion.header, OPREGION_SIZE,
-				   dev_priv->opregion.vbt, "OpRegion");
+	if (!dmi_check_system(intel_no_opregion_vbt) &&
+					dev_priv->opregion.vbt) {
+		vbt = (const struct vbt_header *)dev_priv->opregion.vbt;
+		bdb = (const void *)dev_priv->opregion.vbt + vbt->bdb_offset;
+	}
 
-	if (bdb == NULL) {
+	if (vbt == NULL) {
 		size_t size;
 
 		bios = pci_map_rom(pdev, &size);
 		if (!bios)
 			return -1;
 
-		bdb = find_vbt(bios, size);
-		if (!bdb) {
+		vbt = find_vbt(bios, size);
+		if (!vbt) {
 			pci_unmap_rom(pdev, bios);
 			return -1;
 		}
+
+		bdb = (const void *)vbt + vbt->bdb_offset;
 	}
 
 	/* Grab useful general definitions */
diff --git a/drivers/gpu/drm/i915/intel_opregion.c b/drivers/gpu/drm/i915/intel_opregion.c
index 43b7c3b..4a78282 100644
--- a/drivers/gpu/drm/i915/intel_opregion.c
+++ b/drivers/gpu/drm/i915/intel_opregion.c
@@ -48,6 +48,27 @@ 
 #define OPREGION_VBT_OFFSET    0x400
 #define OPREGION_ASLE_EXT_OFFSET	0x1C00
 
+#define MAILBOX_4_SIZE		0x1800
+
+/*
+ *	Opregion Structure:
+ *	      +-------------------------------+
+ *            |      Mailbox1 : ACPI          |
+ *            |      Offset   : 0x100         |
+ *            +-------------------------------+
+ *            |      Mailbox2 : SWSCI	      |
+ *            |      Offset   : 0x200         |
+ *            +-------------------------------+
+ *            |      Mailbox3 : ASLE	      |
+ *            |      Offset   : 0x300         |
+ *            +-------------------------------+
+ *            |      Mailbox4 : VBT	      |
+ *            |      Offset   : 0x400         |
+ *            +-------------------------------+
+ *            |      Mailbox5 : ASLE_EXT      |
+ *            |      Offset   : 0x1C00        |
+ *            +-------------------------------+
+*/
 #define OPREGION_SIGNATURE "IntelGraphicsMem"
 #define MBOX_ACPI      (1<<0)
 #define MBOX_SWSCI     (1<<1)
@@ -910,6 +931,7 @@  int intel_opregion_setup(struct drm_device *dev)
 	struct intel_opregion *opregion = &dev_priv->opregion;
 	u32 asls, mboxes;
 	char buf[sizeof(OPREGION_SIGNATURE)];
+	const struct vbt_header *vbt = NULL;
 	int err = 0;
 	void *base;
 
@@ -940,6 +962,15 @@  int intel_opregion_setup(struct drm_device *dev)
 		err = -EINVAL;
 		goto err_out;
 	}
+
+	vbt = validate_vbt(base + OPREGION_VBT_OFFSET,
+				MAILBOX_4_SIZE, "OpRegion");
+
+	if (vbt == NULL) {
+		err = -EINVAL;
+		goto err_out;
+	}
+
 	opregion->header = base;
 	opregion->vbt = base + OPREGION_VBT_OFFSET;
 

Comments

On Tue, 2015-12-01 at 04:17 +0530, Deepak M wrote:
> Calling the validate_vbt before assiging the opregion vbt blob.
> Size of the VBT blob cant be more than 6KB when VBT is present
> in mailbox 4.
> 
> Cc: Jani Nikula <jani.nikula@intel.com>
Tested-by: Mika Kahola <mika.kahola@intel.com>
> Signed-off-by: Deepak M <m.deepak@intel.com>
> ---
>  drivers/gpu/drm/i915/i915_drv.h       |  3 +++
>  drivers/gpu/drm/i915/intel_bios.c     | 43 +++++++++++++++++++----------------
>  drivers/gpu/drm/i915/intel_opregion.c | 31 +++++++++++++++++++++++++
>  3 files changed, 57 insertions(+), 20 deletions(-)
> 
> diff --git a/drivers/gpu/drm/i915/i915_drv.h b/drivers/gpu/drm/i915/i915_drv.h
> index 135d32a..8cf8375 100644
> --- a/drivers/gpu/drm/i915/i915_drv.h
> +++ b/drivers/gpu/drm/i915/i915_drv.h
> @@ -3324,6 +3324,9 @@ intel_opregion_notify_adapter(struct drm_device *dev, pci_power_t state)
>  }
>  #endif
>  
> +const struct vbt_header *validate_vbt(const void *_vbt, size_t size,
> +						const char *source);
> +
>  /* intel_acpi.c */
>  #ifdef CONFIG_ACPI
>  extern void intel_register_dsm_handler(void);
> diff --git a/drivers/gpu/drm/i915/intel_bios.c b/drivers/gpu/drm/i915/intel_bios.c
> index 6756a1c..57a77aa 100644
> --- a/drivers/gpu/drm/i915/intel_bios.c
> +++ b/drivers/gpu/drm/i915/intel_bios.c
> @@ -1237,16 +1237,15 @@ static const struct dmi_system_id intel_no_opregion_vbt[] = {
>  	{ }
>  };
>  
> -static const struct bdb_header *validate_vbt(const void *base,
> +const struct vbt_header *validate_vbt(const void *_vbt,
>  					     size_t size,
> -					     const void *_vbt,
>  					     const char *source)
>  {
> -	size_t offset = _vbt - base;
> -	const struct vbt_header *vbt = _vbt;
> +	const struct vbt_header *vbt = (const struct vbt_header *)_vbt;
>  	const struct bdb_header *bdb;
> +	size_t offset;
>  
> -	if (offset + sizeof(struct vbt_header) > size) {
> +	if (sizeof(struct vbt_header) > size) {
>  		DRM_DEBUG_DRIVER("VBT header incomplete\n");
>  		return NULL;
>  	}
> @@ -1256,26 +1255,26 @@ static const struct bdb_header *validate_vbt(const void *base,
>  		return NULL;
>  	}
>  
> -	offset += vbt->bdb_offset;
> +	offset = vbt->bdb_offset;
>  	if (offset + sizeof(struct bdb_header) > size) {
>  		DRM_DEBUG_DRIVER("BDB header incomplete\n");
>  		return NULL;
>  	}
>  
> -	bdb = base + offset;
> +	bdb = (const void *)_vbt + offset;
>  	if (offset + bdb->bdb_size > size) {
>  		DRM_DEBUG_DRIVER("BDB incomplete\n");
>  		return NULL;
>  	}
>  
>  	DRM_DEBUG_KMS("Using VBT from %s: %20s\n",
> -		      source, vbt->signature);
> -	return bdb;
> +			source, vbt->signature);
> +	return vbt;
>  }
>  
> -static const struct bdb_header *find_vbt(void __iomem *bios, size_t size)
> +static const struct vbt_header *find_vbt(void __iomem *bios, size_t size)
>  {
> -	const struct bdb_header *bdb = NULL;
> +	const struct vbt_header *vbt = NULL;
>  	size_t i;
>  
>  	/* Scour memory looking for the VBT signature. */
> @@ -1289,12 +1288,12 @@ static const struct bdb_header *find_vbt(void __iomem *bios, size_t size)
>  			 */
>  			void *_bios = (void __force *) bios;
>  
> -			bdb = validate_vbt(_bios, size, _bios + i, "PCI ROM");
> +			vbt = validate_vbt(_bios + i, size - i, "PCI ROM");
>  			break;
>  		}
>  	}
>  
> -	return bdb;
> +	return vbt;
>  }
>  
>  /**
> @@ -1311,6 +1310,7 @@ intel_parse_bios(struct drm_device *dev)
>  {
>  	struct drm_i915_private *dev_priv = dev->dev_private;
>  	struct pci_dev *pdev = dev->pdev;
> +	const struct vbt_header *vbt = NULL;
>  	const struct bdb_header *bdb = NULL;
>  	u8 __iomem *bios = NULL;
>  
> @@ -1319,23 +1319,26 @@ intel_parse_bios(struct drm_device *dev)
>  
>  	init_vbt_defaults(dev_priv);
>  
> -	/* XXX Should this validation be moved to intel_opregion.c? */
> -	if (!dmi_check_system(intel_no_opregion_vbt) && dev_priv->opregion.vbt)
> -		bdb = validate_vbt(dev_priv->opregion.header, OPREGION_SIZE,
> -				   dev_priv->opregion.vbt, "OpRegion");
> +	if (!dmi_check_system(intel_no_opregion_vbt) &&
> +					dev_priv->opregion.vbt) {
> +		vbt = (const struct vbt_header *)dev_priv->opregion.vbt;
> +		bdb = (const void *)dev_priv->opregion.vbt + vbt->bdb_offset;
> +	}
>  
> -	if (bdb == NULL) {
> +	if (vbt == NULL) {
>  		size_t size;
>  
>  		bios = pci_map_rom(pdev, &size);
>  		if (!bios)
>  			return -1;
>  
> -		bdb = find_vbt(bios, size);
> -		if (!bdb) {
> +		vbt = find_vbt(bios, size);
> +		if (!vbt) {
>  			pci_unmap_rom(pdev, bios);
>  			return -1;
>  		}
> +
> +		bdb = (const void *)vbt + vbt->bdb_offset;
>  	}
>  
>  	/* Grab useful general definitions */
> diff --git a/drivers/gpu/drm/i915/intel_opregion.c b/drivers/gpu/drm/i915/intel_opregion.c
> index 43b7c3b..4a78282 100644
> --- a/drivers/gpu/drm/i915/intel_opregion.c
> +++ b/drivers/gpu/drm/i915/intel_opregion.c
> @@ -48,6 +48,27 @@
>  #define OPREGION_VBT_OFFSET    0x400
>  #define OPREGION_ASLE_EXT_OFFSET	0x1C00
>  
> +#define MAILBOX_4_SIZE		0x1800
> +
> +/*
> + *	Opregion Structure:
> + *	      +-------------------------------+
> + *            |      Mailbox1 : ACPI          |
> + *            |      Offset   : 0x100         |
> + *            +-------------------------------+
> + *            |      Mailbox2 : SWSCI	      |
> + *            |      Offset   : 0x200         |
> + *            +-------------------------------+
> + *            |      Mailbox3 : ASLE	      |
> + *            |      Offset   : 0x300         |
> + *            +-------------------------------+
> + *            |      Mailbox4 : VBT	      |
> + *            |      Offset   : 0x400         |
> + *            +-------------------------------+
> + *            |      Mailbox5 : ASLE_EXT      |
> + *            |      Offset   : 0x1C00        |
> + *            +-------------------------------+
> +*/
>  #define OPREGION_SIGNATURE "IntelGraphicsMem"
>  #define MBOX_ACPI      (1<<0)
>  #define MBOX_SWSCI     (1<<1)
> @@ -910,6 +931,7 @@ int intel_opregion_setup(struct drm_device *dev)
>  	struct intel_opregion *opregion = &dev_priv->opregion;
>  	u32 asls, mboxes;
>  	char buf[sizeof(OPREGION_SIGNATURE)];
> +	const struct vbt_header *vbt = NULL;
>  	int err = 0;
>  	void *base;
>  
> @@ -940,6 +962,15 @@ int intel_opregion_setup(struct drm_device *dev)
>  		err = -EINVAL;
>  		goto err_out;
>  	}
> +
> +	vbt = validate_vbt(base + OPREGION_VBT_OFFSET,
> +				MAILBOX_4_SIZE, "OpRegion");
> +
> +	if (vbt == NULL) {
> +		err = -EINVAL;
> +		goto err_out;
> +	}
> +
>  	opregion->header = base;
>  	opregion->vbt = base + OPREGION_VBT_OFFSET;
>