On Thu, Sep 17, 2015 at 04:42:07PM +0300, Jani Nikula wrote:
> The VBT MIPI Sequence Block version 3 has forward incompatible changes:
>
> First, the block size in the header has been specified reserved, and the
> actual size is a separate 32-bit value within the block. The current
> find_section() function to will only look at the size in the block
> header, and, depending on what's in that now reserved size field,
> continue looking for other sections in the wrong place.
>
> Fix this by taking the new block size field into account. This will
> ensure that the lookups for other sections will work properly, as long
> as the new 32-bit size does not go beyond the opregion VBT mailbox size.
>
> Second, the contents of the block have been completely
> changed. Gracefully refuse parsing the yet unknown data version.
>
> Cc: Deepak M <m.deepak@xxxxxxxxx>
> Cc: stable@xxxxxxxxxxxxxxx
> Signed-off-by: Jani Nikula <jani.nikula@xxxxxxxxx>
Deepak, ping for review.
-Daniel
> ---
> drivers/gpu/drm/i915/intel_bios.c | 12 +++++++++++-
> 1 file changed, 11 insertions(+), 1 deletion(-)
>
> diff --git a/drivers/gpu/drm/i915/intel_bios.c b/drivers/gpu/drm/i915/intel_bios.c
> index c8acc2952f82..68421c273c8c 100644
> --- a/drivers/gpu/drm/i915/intel_bios.c
> +++ b/drivers/gpu/drm/i915/intel_bios.c
> @@ -42,7 +42,7 @@ find_section(const void *_bdb, int section_id)
> const struct bdb_header *bdb = _bdb;
> const u8 *base = _bdb;
> int index = 0;
> - u16 total, current_size;
> + u32 total, current_size;
> u8 current_id;
>
> /* skip to first section */
> @@ -57,6 +57,10 @@ find_section(const void *_bdb, int section_id)
> current_size = *((const u16 *)(base + index));
> index += 2;
>
> + /* The MIPI Sequence Block v3+ has a separate size field. */
> + if (current_id == BDB_MIPI_SEQUENCE && *(base + index) >= 3)
> + current_size = *((const u32 *)(base + index + 1));
> +
> if (index + current_size > total)
> return NULL;
>
> @@ -799,6 +803,12 @@ parse_mipi(struct drm_i915_private *dev_priv, const struct bdb_header *bdb)
> return;
> }
>
> + /* Fail gracefully for forward incompatible sequence block. */
> + if (sequence->version >= 3) {
> + DRM_ERROR("Unable to parse MIPI Sequence Block v3+\n");
> + return;
> + }
> +
> DRM_DEBUG_DRIVER("Found MIPI sequence block\n");
>
> block_size = get_blocksize(sequence);
> --
> 2.1.4
>
> _______________________________________________
> Intel-gfx mailing list
> Intel-gfx@xxxxxxxxxxxxxxxxxxxxx
> http://lists.freedesktop.org/mailman/listinfo/intel-gfx
--
Daniel Vetter
Software Engineer, Intel Corporation
http://blog.ffwll.ch
_______________________________________________
Intel-gfx mailing list
Intel-gfx@xxxxxxxxxxxxxxxxxxxxx
http://lists.freedesktop.org/mailman/listinfo/intel-gfx
