On Thu, Sep 12, 2024 at 03:02:03PM +0300, Jani Nikula wrote: > On Tue, 10 Sep 2024, Ville Syrjala <ville.syrjala@xxxxxxxxxxxxxxx> wrote: > > From: Ville Syrjälä <ville.syrjala@xxxxxxxxxxxxxxx> > > > > The SPI VBT codepath only knows how to read 4 bytes at a time. > > So to read the 2 byte vbt_size it masks out the unwanted msbs. > > Hide that little implementation detail inside a new intel_spi_read16() > > helper. Alse rename the existing intel_spi_read() to intel_spi_read32() > > to make it clear what it does. > > > > Signed-off-by: Ville Syrjälä <ville.syrjala@xxxxxxxxxxxxxxx> > > --- > > drivers/gpu/drm/i915/display/intel_bios.c | 16 ++++++++++------ > > 1 file changed, 10 insertions(+), 6 deletions(-) > > > > diff --git a/drivers/gpu/drm/i915/display/intel_bios.c b/drivers/gpu/drm/i915/display/intel_bios.c > > index cc4a4cc2bf3e..cbbda94c3dab 100644 > > --- a/drivers/gpu/drm/i915/display/intel_bios.c > > +++ b/drivers/gpu/drm/i915/display/intel_bios.c > > @@ -3053,13 +3053,18 @@ static struct vbt_header *firmware_get_vbt(struct intel_display *display, > > return vbt; > > } > > > > -static u32 intel_spi_read(struct intel_uncore *uncore, u32 offset) > > +static u32 intel_spi_read32(struct intel_uncore *uncore, u32 offset) > > { > > intel_uncore_write(uncore, PRIMARY_SPI_ADDRESS, offset); > > > > return intel_uncore_read(uncore, PRIMARY_SPI_TRIGGER); > > } > > > > +static u16 intel_spi_read16(struct intel_uncore *uncore, u32 offset) > > +{ > > + return intel_spi_read32(uncore, offset) & 0xffff; > > +} > > + > > static struct vbt_header *spi_oprom_get_vbt(struct intel_display *display, > > size_t *size) > > { > > @@ -3078,7 +3083,7 @@ static struct vbt_header *spi_oprom_get_vbt(struct intel_display *display, > > oprom_offset &= OROM_OFFSET_MASK; > > > > for (count = 0; count < oprom_size; count += 4) { > > - data = intel_spi_read(&i915->uncore, oprom_offset + count); > > + data = intel_spi_read32(&i915->uncore, oprom_offset + count); > > if (data == *((const u32 *)"$VBT")) { > > found = oprom_offset + count; > > break; > > @@ -3094,9 +3099,8 @@ static struct vbt_header *spi_oprom_get_vbt(struct intel_display *display, > > } > > > > /* Get VBT size and allocate space for the VBT */ > > - vbt_size = intel_spi_read(&i915->uncore, > > - found + offsetof(struct vbt_header, vbt_size)); > > - vbt_size &= 0xffff; > > + vbt_size = intel_spi_read16(&i915->uncore, > > + found + offsetof(struct vbt_header, vbt_size)); > > Pedantically if vbt_size was the last member of struct vbt_header this > could read past the checked size, but it's not and meh. Also nothing to > do with this change, apart from this hiding the detail. Still meh. This code raises a lot of other lingering questions as well: - do 8/16 bit accesses not work at all? - what happens on an unaligned 32bit access? > > Reviewed-by: Jani Nikula <jani.nikula@xxxxxxxxx> > > > > > > if (vbt_size > oprom_size - count) { > > drm_dbg(display->drm, > > @@ -3109,7 +3113,7 @@ static struct vbt_header *spi_oprom_get_vbt(struct intel_display *display, > > goto err_not_found; > > > > for (count = 0; count < vbt_size; count += 4) > > - *(vbt + store++) = intel_spi_read(&i915->uncore, found + count); > > + *(vbt + store++) = intel_spi_read32(&i915->uncore, found + count); > > > > if (!intel_bios_is_valid_vbt(display, vbt, vbt_size)) > > goto err_free_vbt; > > -- > Jani Nikula, Intel -- Ville Syrjälä Intel