[PATCH 5.14 046/125] drm/i915/dp: Skip the HW readout of DPCD on disabled encoders

From: Greg Kroah-Hartman
Date: Mon Nov 01 2021 - 05:45:16 EST

Next message: Greg Kroah-Hartman: "[PATCH 5.14 057/125] Revert "watchdog: iTCO_wdt: Account for rebooting on second timeout""
Previous message: Greg Kroah-Hartman: "[PATCH 5.14 044/125] drm/i915: Convert unconditional clflush to drm_clflush_virt_range()"
In reply to: Greg Kroah-Hartman: "[PATCH 5.14 044/125] drm/i915: Convert unconditional clflush to drm_clflush_virt_range()"
Next in thread: Greg Kroah-Hartman: "[PATCH 5.14 057/125] Revert "watchdog: iTCO_wdt: Account for rebooting on second timeout""
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Imre Deak <imre.deak@xxxxxxxxx>

commit 6e6f96630805874fa80b0067e1a57aafc06225f6 upstream.

Reading out the DP encoders' DPCD during booting or resume is only
required for enabled encoders: such encoders may be modesetted during
the initial commit and the link training this involves depends on an
initialized DPCD. For DDI encoders reading out the DPCD is skipped, do
the same on pre-DDI platforms.

Atm, the first DPCD readout without a sink connected - which is a likely
scneario if the encoder is disabled - leaves intel_dp->num_common_rates
at 0, which resulted in

intel_dp_sync_state()->intel_dp_max_common_rate()

in a

intel_dp->common_rates[-1]

access. This by definition results in an undefined behaviour, though to
my best knowledge in all HW/compiler configurations it actually results
in accessing the array item type value preceding the array. In this
case the preceding value happens to be intel_dp->num_common_rates,
which is 0, so this issue - by luck - didn't cause a user visible
problem.

Nevertheless it's still an undefined behaviour and in CONFIG_UBSAN
builds leads to a kernel BUG() (which revealed this problem for us),
hence CC:stable.

A related problem in case the encoder is enabled but the sink is not
connected or the DPCD readout fails is fixed by the next patch.

v2: Amend the commit message describing the root cause of the
CONFIG_UBSAN BUG().

Fixes: a532cde31de3 ("drm/i915/tc: Fix TypeC port init/resume time sanitization")
Reported-and-tested-by: Mat Jonczyk <mat.jonczyk@xxxxx>
Cc: Mat Jonczyk <mat.jonczyk@xxxxx>
Cc: José Roberto de Souza <jose.souza@xxxxxxxxx>
Cc: Jani Nikula <jani.nikula@xxxxxxxxx>
Cc: Ville Syrjälä <ville.syrjala@xxxxxxxxxxxxxxx>
Cc: <stable@xxxxxxxxxxxxxxx>
Signed-off-by: Imre Deak <imre.deak@xxxxxxxxx>
Reviewed-by: Ville Syrjälä <ville.syrjala@xxxxxxxxxxxxxxx>
Acked-by: Jani Nikula <jani.nikula@xxxxxxxxx>
Link: https://patchwork.freedesktop.org/patch/msgid/20211018094154.1407705-2-imre.deak@xxxxxxxxx
(cherry picked from commit 4ec5ffc341cecbea060739aea1d53398ac2ec3f8)
Signed-off-by: Jani Nikula <jani.nikula@xxxxxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
---
drivers/gpu/drm/i915/display/intel_dp.c | 3 +++
1 file changed, 3 insertions(+)

--- a/drivers/gpu/drm/i915/display/intel_dp.c
+++ b/drivers/gpu/drm/i915/display/intel_dp.c
@@ -1924,6 +1924,9 @@ void intel_dp_sync_state(struct intel_en
{
struct intel_dp *intel_dp = enc_to_intel_dp(encoder);

+ if (!crtc_state)
+ return;
+
/*
* Don't clobber DPCD if it's been already read out during output
* setup (eDP) or detect.

Next message: Greg Kroah-Hartman: "[PATCH 5.14 057/125] Revert "watchdog: iTCO_wdt: Account for rebooting on second timeout""
Previous message: Greg Kroah-Hartman: "[PATCH 5.14 044/125] drm/i915: Convert unconditional clflush to drm_clflush_virt_range()"
In reply to: Greg Kroah-Hartman: "[PATCH 5.14 044/125] drm/i915: Convert unconditional clflush to drm_clflush_virt_range()"
Next in thread: Greg Kroah-Hartman: "[PATCH 5.14 057/125] Revert "watchdog: iTCO_wdt: Account for rebooting on second timeout""
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]