drm/i915/dmc: Add MMIO range restrictions

From Anusha Srivatsa
aaf0f01d074d6fd39ec1b01477f69cd688bf6c9d in linux 5.15.y/5.15.42
54395a33718af1c04b5098203335b25382291a16 in mainline linux

diff --git a/sys/dev/pci/drm/i915/display/intel_dmc.c b/sys/dev/pci/drm/i915/display/intel_dmc.c
index b2fc888..da3c7e5 100644 (file)
--- a/sys/dev/pci/drm/i915/display/intel_dmc.c
+++ b/sys/dev/pci/drm/i915/display/intel_dmc.c
@@ -375,6 +375,44 @@ static void dmc_set_fw_offset(struct intel_dmc *dmc,
        }
 }
 
+static bool dmc_mmio_addr_sanity_check(struct intel_dmc *dmc,
+                                      const u32 *mmioaddr, u32 mmio_count,
+                                      int header_ver, u8 dmc_id)
+{
+       struct drm_i915_private *i915 = container_of(dmc, typeof(*i915), dmc);
+       u32 start_range, end_range;
+       int i;
+
+       if (dmc_id >= DMC_FW_MAX) {
+               drm_warn(&i915->drm, "Unsupported firmware id %u\n", dmc_id);
+               return false;
+       }
+
+       if (header_ver == 1) {
+               start_range = DMC_MMIO_START_RANGE;
+               end_range = DMC_MMIO_END_RANGE;
+       } else if (dmc_id == DMC_FW_MAIN) {
+               start_range = TGL_MAIN_MMIO_START;
+               end_range = TGL_MAIN_MMIO_END;
+       } else if (DISPLAY_VER(i915) >= 13) {
+               start_range = ADLP_PIPE_MMIO_START;
+               end_range = ADLP_PIPE_MMIO_END;
+       } else if (DISPLAY_VER(i915) >= 12) {
+               start_range = TGL_PIPE_MMIO_START(dmc_id);
+               end_range = TGL_PIPE_MMIO_END(dmc_id);
+       } else {
+               drm_warn(&i915->drm, "Unknown mmio range for sanity check");
+               return false;
+       }
+
+       for (i = 0; i < mmio_count; i++) {
+               if (mmioaddr[i] < start_range || mmioaddr[i] > end_range)
+                       return false;
+       }
+
+       return true;
+}
+
 static u32 parse_dmc_fw_header(struct intel_dmc *dmc,
                               const struct intel_dmc_header_base *dmc_header,
                               size_t rem_size, u8 dmc_id)
@@ -444,6 +482,12 @@ static u32 parse_dmc_fw_header(struct intel_dmc *dmc,
                return 0;
        }
 
+       if (!dmc_mmio_addr_sanity_check(dmc, mmioaddr, mmio_count,
+                                       dmc_header->header_ver, dmc_id)) {
+               drm_err(&i915->drm, "DMC firmware has Wrong MMIO Addresses\n");
+               return 0;
+       }
+
        for (i = 0; i < mmio_count; i++) {
                dmc_info->mmioaddr[i] = _MMIO(mmioaddr[i]);
                dmc_info->mmiodata[i] = mmiodata[i];

diff --git a/sys/dev/pci/drm/i915/i915_reg.h b/sys/dev/pci/drm/i915/i915_reg.h
index bb64e7b..3c70aa5 100644 (file)
--- a/sys/dev/pci/drm/i915/i915_reg.h
+++ b/sys/dev/pci/drm/i915/i915_reg.h
@@ -7818,6 +7818,22 @@ enum {
 /* MMIO address range for DMC program (0x80000 - 0x82FFF) */
 #define DMC_MMIO_START_RANGE   0x80000
 #define DMC_MMIO_END_RANGE     0x8FFFF
+#define DMC_V1_MMIO_START_RANGE        0x80000
+#define TGL_MAIN_MMIO_START    0x8F000
+#define TGL_MAIN_MMIO_END      0x8FFFF
+#define _TGL_PIPEA_MMIO_START  0x92000
+#define _TGL_PIPEA_MMIO_END    0x93FFF
+#define _TGL_PIPEB_MMIO_START  0x96000
+#define _TGL_PIPEB_MMIO_END    0x97FFF
+#define ADLP_PIPE_MMIO_START   0x5F000
+#define ADLP_PIPE_MMIO_END     0x5FFFF
+
+#define TGL_PIPE_MMIO_START(dmc_id)    _PICK_EVEN(((dmc_id) - 1), _TGL_PIPEA_MMIO_START,\
+                                               _TGL_PIPEB_MMIO_START)
+
+#define TGL_PIPE_MMIO_END(dmc_id)      _PICK_EVEN(((dmc_id) - 1), _TGL_PIPEA_MMIO_END,\
+                                               _TGL_PIPEB_MMIO_END)
+
 #define SKL_DMC_DC3_DC5_COUNT  _MMIO(0x80030)
 #define SKL_DMC_DC5_DC6_COUNT  _MMIO(0x8002C)
 #define BXT_DMC_DC3_DC5_COUNT  _MMIO(0x80038)