All of lore.kernel.org
 help / color / mirror / Atom feed
From: Deepak M <m.deepak@intel.com>
To: intel-gfx@lists.freedesktop.org
Cc: Deepak M <m.deepak@intel.com>, Jani Nikula <jani.nikula@intel.com>
Subject: [MIPI SEQ PARSING v3 04/13] drm/i915: Do opregion VBT validation during opregion setup
Date: Tue,  1 Dec 2015 04:17:07 +0530	[thread overview]
Message-ID: <1448923632-16760-5-git-send-email-m.deepak@intel.com> (raw)
In-Reply-To: <1448923632-16760-1-git-send-email-m.deepak@intel.com>

Calling the validate_vbt before assiging the opregion vbt blob.
Size of the VBT blob cant be more than 6KB when VBT is present
in mailbox 4.

Cc: Jani Nikula <jani.nikula@intel.com>
Signed-off-by: Deepak M <m.deepak@intel.com>
---
 drivers/gpu/drm/i915/i915_drv.h       |  3 +++
 drivers/gpu/drm/i915/intel_bios.c     | 43 +++++++++++++++++++----------------
 drivers/gpu/drm/i915/intel_opregion.c | 31 +++++++++++++++++++++++++
 3 files changed, 57 insertions(+), 20 deletions(-)

diff --git a/drivers/gpu/drm/i915/i915_drv.h b/drivers/gpu/drm/i915/i915_drv.h
index 135d32a..8cf8375 100644
--- a/drivers/gpu/drm/i915/i915_drv.h
+++ b/drivers/gpu/drm/i915/i915_drv.h
@@ -3324,6 +3324,9 @@ intel_opregion_notify_adapter(struct drm_device *dev, pci_power_t state)
 }
 #endif
 
+const struct vbt_header *validate_vbt(const void *_vbt, size_t size,
+						const char *source);
+
 /* intel_acpi.c */
 #ifdef CONFIG_ACPI
 extern void intel_register_dsm_handler(void);
diff --git a/drivers/gpu/drm/i915/intel_bios.c b/drivers/gpu/drm/i915/intel_bios.c
index 6756a1c..57a77aa 100644
--- a/drivers/gpu/drm/i915/intel_bios.c
+++ b/drivers/gpu/drm/i915/intel_bios.c
@@ -1237,16 +1237,15 @@ static const struct dmi_system_id intel_no_opregion_vbt[] = {
 	{ }
 };
 
-static const struct bdb_header *validate_vbt(const void *base,
+const struct vbt_header *validate_vbt(const void *_vbt,
 					     size_t size,
-					     const void *_vbt,
 					     const char *source)
 {
-	size_t offset = _vbt - base;
-	const struct vbt_header *vbt = _vbt;
+	const struct vbt_header *vbt = (const struct vbt_header *)_vbt;
 	const struct bdb_header *bdb;
+	size_t offset;
 
-	if (offset + sizeof(struct vbt_header) > size) {
+	if (sizeof(struct vbt_header) > size) {
 		DRM_DEBUG_DRIVER("VBT header incomplete\n");
 		return NULL;
 	}
@@ -1256,26 +1255,26 @@ static const struct bdb_header *validate_vbt(const void *base,
 		return NULL;
 	}
 
-	offset += vbt->bdb_offset;
+	offset = vbt->bdb_offset;
 	if (offset + sizeof(struct bdb_header) > size) {
 		DRM_DEBUG_DRIVER("BDB header incomplete\n");
 		return NULL;
 	}
 
-	bdb = base + offset;
+	bdb = (const void *)_vbt + offset;
 	if (offset + bdb->bdb_size > size) {
 		DRM_DEBUG_DRIVER("BDB incomplete\n");
 		return NULL;
 	}
 
 	DRM_DEBUG_KMS("Using VBT from %s: %20s\n",
-		      source, vbt->signature);
-	return bdb;
+			source, vbt->signature);
+	return vbt;
 }
 
-static const struct bdb_header *find_vbt(void __iomem *bios, size_t size)
+static const struct vbt_header *find_vbt(void __iomem *bios, size_t size)
 {
-	const struct bdb_header *bdb = NULL;
+	const struct vbt_header *vbt = NULL;
 	size_t i;
 
 	/* Scour memory looking for the VBT signature. */
@@ -1289,12 +1288,12 @@ static const struct bdb_header *find_vbt(void __iomem *bios, size_t size)
 			 */
 			void *_bios = (void __force *) bios;
 
-			bdb = validate_vbt(_bios, size, _bios + i, "PCI ROM");
+			vbt = validate_vbt(_bios + i, size - i, "PCI ROM");
 			break;
 		}
 	}
 
-	return bdb;
+	return vbt;
 }
 
 /**
@@ -1311,6 +1310,7 @@ intel_parse_bios(struct drm_device *dev)
 {
 	struct drm_i915_private *dev_priv = dev->dev_private;
 	struct pci_dev *pdev = dev->pdev;
+	const struct vbt_header *vbt = NULL;
 	const struct bdb_header *bdb = NULL;
 	u8 __iomem *bios = NULL;
 
@@ -1319,23 +1319,26 @@ intel_parse_bios(struct drm_device *dev)
 
 	init_vbt_defaults(dev_priv);
 
-	/* XXX Should this validation be moved to intel_opregion.c? */
-	if (!dmi_check_system(intel_no_opregion_vbt) && dev_priv->opregion.vbt)
-		bdb = validate_vbt(dev_priv->opregion.header, OPREGION_SIZE,
-				   dev_priv->opregion.vbt, "OpRegion");
+	if (!dmi_check_system(intel_no_opregion_vbt) &&
+					dev_priv->opregion.vbt) {
+		vbt = (const struct vbt_header *)dev_priv->opregion.vbt;
+		bdb = (const void *)dev_priv->opregion.vbt + vbt->bdb_offset;
+	}
 
-	if (bdb == NULL) {
+	if (vbt == NULL) {
 		size_t size;
 
 		bios = pci_map_rom(pdev, &size);
 		if (!bios)
 			return -1;
 
-		bdb = find_vbt(bios, size);
-		if (!bdb) {
+		vbt = find_vbt(bios, size);
+		if (!vbt) {
 			pci_unmap_rom(pdev, bios);
 			return -1;
 		}
+
+		bdb = (const void *)vbt + vbt->bdb_offset;
 	}
 
 	/* Grab useful general definitions */
diff --git a/drivers/gpu/drm/i915/intel_opregion.c b/drivers/gpu/drm/i915/intel_opregion.c
index 43b7c3b..4a78282 100644
--- a/drivers/gpu/drm/i915/intel_opregion.c
+++ b/drivers/gpu/drm/i915/intel_opregion.c
@@ -48,6 +48,27 @@
 #define OPREGION_VBT_OFFSET    0x400
 #define OPREGION_ASLE_EXT_OFFSET	0x1C00
 
+#define MAILBOX_4_SIZE		0x1800
+
+/*
+ *	Opregion Structure:
+ *	      +-------------------------------+
+ *            |      Mailbox1 : ACPI          |
+ *            |      Offset   : 0x100         |
+ *            +-------------------------------+
+ *            |      Mailbox2 : SWSCI	      |
+ *            |      Offset   : 0x200         |
+ *            +-------------------------------+
+ *            |      Mailbox3 : ASLE	      |
+ *            |      Offset   : 0x300         |
+ *            +-------------------------------+
+ *            |      Mailbox4 : VBT	      |
+ *            |      Offset   : 0x400         |
+ *            +-------------------------------+
+ *            |      Mailbox5 : ASLE_EXT      |
+ *            |      Offset   : 0x1C00        |
+ *            +-------------------------------+
+*/
 #define OPREGION_SIGNATURE "IntelGraphicsMem"
 #define MBOX_ACPI      (1<<0)
 #define MBOX_SWSCI     (1<<1)
@@ -910,6 +931,7 @@ int intel_opregion_setup(struct drm_device *dev)
 	struct intel_opregion *opregion = &dev_priv->opregion;
 	u32 asls, mboxes;
 	char buf[sizeof(OPREGION_SIGNATURE)];
+	const struct vbt_header *vbt = NULL;
 	int err = 0;
 	void *base;
 
@@ -940,6 +962,15 @@ int intel_opregion_setup(struct drm_device *dev)
 		err = -EINVAL;
 		goto err_out;
 	}
+
+	vbt = validate_vbt(base + OPREGION_VBT_OFFSET,
+				MAILBOX_4_SIZE, "OpRegion");
+
+	if (vbt == NULL) {
+		err = -EINVAL;
+		goto err_out;
+	}
+
 	opregion->header = base;
 	opregion->vbt = base + OPREGION_VBT_OFFSET;
 
-- 
1.9.1

_______________________________________________
Intel-gfx mailing list
Intel-gfx@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/intel-gfx

  parent reply	other threads:[~2015-11-30 17:13 UTC|newest]

Thread overview: 22+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2015-11-30 22:47 [MIPI SEQ PARSING v3 00/13] Patches to support the version 3 of MIPI sequence in VBT Deepak M
2015-11-30 22:47 ` [MIPI SEQ PARSING v3 01/13] drm/i915: Adding the parsing logic for the i2c element Deepak M
2015-12-11  8:40   ` Mika Kahola
2015-11-30 22:47 ` [MIPI SEQ PARSING v3 02/13] drm/i915: Updating asle structure with new fields Deepak M
2015-12-11  8:41   ` Mika Kahola
2015-12-14 11:02   ` Jani Nikula
2015-11-30 22:47 ` [MIPI SEQ PARSING v3 03/13] drm/i915: Add Intel opregion mailbox 5 structure Deepak M
2015-12-11  8:42   ` Mika Kahola
2015-11-30 22:47 ` Deepak M [this message]
2015-12-11  8:43   ` [MIPI SEQ PARSING v3 04/13] drm/i915: Do opregion VBT validation during opregion setup Mika Kahola
2015-11-30 22:47 ` [MIPI SEQ PARSING v3 05/13] drm/i915: Add debug entry to get the opregion VBT blob Deepak M
2015-12-11  8:46   ` Mika Kahola
2015-12-14 12:16     ` [PATCH] drm/i915: Parsing VBT if size of VBT exceeds 6KB Deepak M
2015-12-14  9:19       ` Chris Wilson
2015-12-14 10:56         ` Jani Nikula
2015-11-30 22:47 ` [MIPI SEQ PARSING v3 06/13] " Deepak M
2015-12-11  8:51   ` Mika Kahola
2015-11-30 22:47 ` [MIPI SEQ PARSING v3 07/13] drm/i915: Added support the v3 mipi sequence block Deepak M
2015-11-30 22:47 ` [MIPI SEQ PARSING v3 08/13] drm/i915: Extend gpio read/write to other cores Deepak M
2015-12-15 19:53   ` Ville Syrjälä
2015-11-30 22:47 ` [MIPI SEQ PARSING v3 09/13] drm/i915: Added the generic gpio sequence support and gpio table Deepak M
2015-12-15 20:05   ` Ville Syrjälä

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1448923632-16760-5-git-send-email-m.deepak@intel.com \
    --to=m.deepak@intel.com \
    --cc=intel-gfx@lists.freedesktop.org \
    --cc=jani.nikula@intel.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.