CVE-2023-52625: drm/amd/display: Refactor DMCUB enter/exit idle interface

From: Lee Jones <lee@kernel.org>
To: linux-cve-announce@vger.kernel.org
Cc: Lee Jones <lee@kernel.org>
Subject: CVE-2023-52625: drm/amd/display: Refactor DMCUB enter/exit idle interface
Date: Tue, 26 Mar 2024 17:50:09 +0000	[thread overview]
Message-ID: <20240326175007.1388794-11-lee@kernel.org> (raw)

Description
===========

In the Linux kernel, the following vulnerability has been resolved:

drm/amd/display: Refactor DMCUB enter/exit idle interface

[Why]
We can hang in place trying to send commands when the DMCUB isn't
powered on.

[How]
We need to exit out of the idle state prior to sending a command,
but the process that performs the exit also invokes a command itself.

Fixing this issue involves the following:

1. Using a software state to track whether or not we need to start
   the process to exit idle or notify idle.

It's possible for the hardware to have exited an idle state without
driver knowledge, but entering one is always restricted to a driver
allow - which makes the SW state vs HW state mismatch issue purely one
of optimization, which should seldomly be hit, if at all.

2. Refactor any instances of exit/notify idle to use a single wrapper
   that maintains this SW state.

This works simialr to dc_allow_idle_optimizations, but works at the
DMCUB level and makes sure the state is marked prior to any notify/exit
idle so we don't enter an infinite loop.

3. Make sure we exit out of idle prior to sending any commands or
   waiting for DMCUB idle.

This patch takes care of 1/2. A future patch will take care of wrapping
DMCUB command submission with calls to this new interface.

The Linux kernel CVE team has assigned CVE-2023-52625 to this issue.

Affected and fixed versions
===========================

	Fixed in 6.7.3 with commit 820c3870c491
	Fixed in 6.8 with commit 8e57c06bf4b0

Please see https://www.kernel.org for a full list of currently supported
kernel versions by the kernel community.

Unaffected versions might change over time as fixes are backported to
older supported kernel versions.  The official CVE entry at
	https://cve.org/CVERecord/?id=CVE-2023-52625
will be updated if fixes are backported, please check that for the most
up to date information about this issue.

Affected files
==============

The file(s) affected by this issue are:
	drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c
	drivers/gpu/drm/amd/display/dc/dc_dmub_srv.c
	drivers/gpu/drm/amd/display/dc/dc_dmub_srv.h
	drivers/gpu/drm/amd/display/dc/hwss/dcn35/dcn35_hwseq.c

Mitigation
==========

The Linux kernel CVE team recommends that you update to the latest
stable kernel version for this, and many other bugfixes.  Individual
changes are never tested alone, but rather are part of a larger kernel
release.  Cherry-picking individual commits is not recommended or
supported by the Linux kernel community at all.  If however, updating to
the latest release is impossible, the individual changes to resolve this
issue can be found at these commits:
	https://git.kernel.org/stable/c/820c3870c491946a78950cdf961bf40e28c1025f
	https://git.kernel.org/stable/c/8e57c06bf4b0f51a4d6958e15e1a99c9520d00fa