[PATCH AUTOSEL 6.1 46/85] drm/amd/display: fix array index out of bound error in bios parser

From: Sasha Levin
Date: Sun Dec 18 2022 - 11:10:54 EST

Next message: Sasha Levin: "[PATCH AUTOSEL 6.1 47/85] nvme-auth: don't override ctrl keys before validation"
Previous message: Sasha Levin: "[PATCH AUTOSEL 6.1 45/85] drm/amd/display: Workaround to increase phantom pipe vactive in pipesplit"
In reply to: Sasha Levin: "[PATCH AUTOSEL 6.1 45/85] drm/amd/display: Workaround to increase phantom pipe vactive in pipesplit"
Next in thread: Sasha Levin: "[PATCH AUTOSEL 6.1 47/85] nvme-auth: don't override ctrl keys before validation"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Aurabindo Pillai <aurabindo.pillai@xxxxxxx>

[ Upstream commit 4fc1ba4aa589ca267468ad23fedef37562227d32 ]

[Why&How]
Firmware headers dictate that gpio_pin array only has a size of 8. The
count returned from vbios however is greater than 8.

Fix this by not using array indexing but incrementing the pointer since
gpio_pin definition in atomfirmware.h is hardcoded to size 8

Reviewed-by: Martin Leung <Martin.Leung@xxxxxxx>
Acked-by: Tom Chung <chiahsuan.chung@xxxxxxx>
Signed-off-by: Aurabindo Pillai <aurabindo.pillai@xxxxxxx>
Tested-by: Daniel Wheeler <daniel.wheeler@xxxxxxx>
Signed-off-by: Alex Deucher <alexander.deucher@xxxxxxx>
Signed-off-by: Sasha Levin <sashal@xxxxxxxxxx>
---
.../gpu/drm/amd/display/dc/bios/bios_parser2.c | 16 +++++++---------
1 file changed, 7 insertions(+), 9 deletions(-)

diff --git a/drivers/gpu/drm/amd/display/dc/bios/bios_parser2.c b/drivers/gpu/drm/amd/display/dc/bios/bios_parser2.c
index e0c8d6f09bb4..074e70a5c458 100644
--- a/drivers/gpu/drm/amd/display/dc/bios/bios_parser2.c
+++ b/drivers/gpu/drm/amd/display/dc/bios/bios_parser2.c
@@ -462,6 +462,7 @@ static enum bp_result get_gpio_i2c_info(
uint32_t count = 0;
unsigned int table_index = 0;
bool find_valid = false;
+ struct atom_gpio_pin_assignment *pin;

if (!info)
return BP_RESULT_BADINPUT;
@@ -489,20 +490,17 @@ static enum bp_result get_gpio_i2c_info(
- sizeof(struct atom_common_table_header))
/ sizeof(struct atom_gpio_pin_assignment);

+ pin = (struct atom_gpio_pin_assignment *) header->gpio_pin;
+
for (table_index = 0; table_index < count; table_index++) {
- if (((record->i2c_id & I2C_HW_CAP) == (
- header->gpio_pin[table_index].gpio_id &
- I2C_HW_CAP)) &&
- ((record->i2c_id & I2C_HW_ENGINE_ID_MASK) ==
- (header->gpio_pin[table_index].gpio_id &
- I2C_HW_ENGINE_ID_MASK)) &&
- ((record->i2c_id & I2C_HW_LANE_MUX) ==
- (header->gpio_pin[table_index].gpio_id &
- I2C_HW_LANE_MUX))) {
+ if (((record->i2c_id & I2C_HW_CAP) == (pin->gpio_id & I2C_HW_CAP)) &&
+ ((record->i2c_id & I2C_HW_ENGINE_ID_MASK) == (pin->gpio_id & I2C_HW_ENGINE_ID_MASK)) &&
+ ((record->i2c_id & I2C_HW_LANE_MUX) == (pin->gpio_id & I2C_HW_LANE_MUX))) {
/* still valid */
find_valid = true;
break;
}
+ pin = (struct atom_gpio_pin_assignment *)((uint8_t *)pin + sizeof(struct atom_gpio_pin_assignment));
}

/* If we don't find the entry that we are looking for then
--
2.35.1

Next message: Sasha Levin: "[PATCH AUTOSEL 6.1 47/85] nvme-auth: don't override ctrl keys before validation"
Previous message: Sasha Levin: "[PATCH AUTOSEL 6.1 45/85] drm/amd/display: Workaround to increase phantom pipe vactive in pipesplit"
In reply to: Sasha Levin: "[PATCH AUTOSEL 6.1 45/85] drm/amd/display: Workaround to increase phantom pipe vactive in pipesplit"
Next in thread: Sasha Levin: "[PATCH AUTOSEL 6.1 47/85] nvme-auth: don't override ctrl keys before validation"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]