From: Sohaib Nadeem sohaib.nadeem@amd.com
[ Upstream commit 0484e05d048b66d01d1f3c1d2306010bb57d8738 ]
[why]: issues fixed: - comparison with wider integer type in loop condition which can cause infinite loops - pointer dereference before null check
Cc: Mario Limonciello mario.limonciello@amd.com Cc: Alex Deucher alexander.deucher@amd.com Cc: stable@vger.kernel.org Reviewed-by: Josip Pavic josip.pavic@amd.com Acked-by: Aurabindo Pillai aurabindo.pillai@amd.com Signed-off-by: Sohaib Nadeem sohaib.nadeem@amd.com Tested-by: Daniel Wheeler daniel.wheeler@amd.com Signed-off-by: Alex Deucher alexander.deucher@amd.com [ To fix CVE-2024-26767, delete changes made in drivers/gpu/drm/amd/display/dc/link/link_validation.c for this file is deleted in linux-6.1 ] Signed-off-by: Jianqi Ren jianqi.ren.cn@windriver.com Signed-off-by: He Zhe zhe.he@windriver.com --- Verified the build test. --- .../gpu/drm/amd/display/dc/bios/bios_parser2.c | 16 ++++++++++------ 1 file changed, 10 insertions(+), 6 deletions(-)
diff --git a/drivers/gpu/drm/amd/display/dc/bios/bios_parser2.c b/drivers/gpu/drm/amd/display/dc/bios/bios_parser2.c index 4d2590964a20..75e44d8a7b40 100644 --- a/drivers/gpu/drm/amd/display/dc/bios/bios_parser2.c +++ b/drivers/gpu/drm/amd/display/dc/bios/bios_parser2.c @@ -1862,19 +1862,21 @@ static enum bp_result get_firmware_info_v3_2( /* Vega12 */ smu_info_v3_2 = GET_IMAGE(struct atom_smu_info_v3_2, DATA_TABLES(smu_info)); - DC_LOG_BIOS("gpuclk_ss_percentage (unit of 0.001 percent): %d\n", smu_info_v3_2->gpuclk_ss_percentage); if (!smu_info_v3_2) return BP_RESULT_BADBIOSTABLE;
+ DC_LOG_BIOS("gpuclk_ss_percentage (unit of 0.001 percent): %d\n", smu_info_v3_2->gpuclk_ss_percentage); + info->default_engine_clk = smu_info_v3_2->bootup_dcefclk_10khz * 10; } else if (revision.minor == 3) { /* Vega20 */ smu_info_v3_3 = GET_IMAGE(struct atom_smu_info_v3_3, DATA_TABLES(smu_info)); - DC_LOG_BIOS("gpuclk_ss_percentage (unit of 0.001 percent): %d\n", smu_info_v3_3->gpuclk_ss_percentage); if (!smu_info_v3_3) return BP_RESULT_BADBIOSTABLE;
+ DC_LOG_BIOS("gpuclk_ss_percentage (unit of 0.001 percent): %d\n", smu_info_v3_3->gpuclk_ss_percentage); + info->default_engine_clk = smu_info_v3_3->bootup_dcefclk_10khz * 10; }
@@ -2439,10 +2441,11 @@ static enum bp_result get_integrated_info_v11( info_v11 = GET_IMAGE(struct atom_integrated_system_info_v1_11, DATA_TABLES(integratedsysteminfo));
- DC_LOG_BIOS("gpuclk_ss_percentage (unit of 0.001 percent): %d\n", info_v11->gpuclk_ss_percentage); if (info_v11 == NULL) return BP_RESULT_BADBIOSTABLE;
+ DC_LOG_BIOS("gpuclk_ss_percentage (unit of 0.001 percent): %d\n", info_v11->gpuclk_ss_percentage); + info->gpu_cap_info = le32_to_cpu(info_v11->gpucapinfo); /* @@ -2654,11 +2657,12 @@ static enum bp_result get_integrated_info_v2_1(
info_v2_1 = GET_IMAGE(struct atom_integrated_system_info_v2_1, DATA_TABLES(integratedsysteminfo)); - DC_LOG_BIOS("gpuclk_ss_percentage (unit of 0.001 percent): %d\n", info_v2_1->gpuclk_ss_percentage);
if (info_v2_1 == NULL) return BP_RESULT_BADBIOSTABLE;
+ DC_LOG_BIOS("gpuclk_ss_percentage (unit of 0.001 percent): %d\n", info_v2_1->gpuclk_ss_percentage); + info->gpu_cap_info = le32_to_cpu(info_v2_1->gpucapinfo); /* @@ -2816,11 +2820,11 @@ static enum bp_result get_integrated_info_v2_2( info_v2_2 = GET_IMAGE(struct atom_integrated_system_info_v2_2, DATA_TABLES(integratedsysteminfo));
- DC_LOG_BIOS("gpuclk_ss_percentage (unit of 0.001 percent): %d\n", info_v2_2->gpuclk_ss_percentage); - if (info_v2_2 == NULL) return BP_RESULT_BADBIOSTABLE;
+ DC_LOG_BIOS("gpuclk_ss_percentage (unit of 0.001 percent): %d\n", info_v2_2->gpuclk_ss_percentage); + info->gpu_cap_info = le32_to_cpu(info_v2_2->gpucapinfo); /*
[ Sasha's backport helper bot ]
Hi,
✅ All tests passed successfully. No issues detected. No action required from the submitter.
The upstream commit SHA1 provided is correct: 0484e05d048b66d01d1f3c1d2306010bb57d8738
WARNING: Author mismatch between patch and upstream commit: Backport author: jianqi.ren.cn@windriver.com Commit author: Sohaib Nadeemsohaib.nadeem@amd.com
Status in newer kernel trees: 6.13.y | Present (exact SHA1) 6.12.y | Present (exact SHA1) 6.6.y | Present (different SHA1: 71783d1ff652)
Note: The patch differs from the upstream commit: --- 1: 0484e05d048b6 ! 1: 9365664c803ec drm/amd/display: fixed integer types and null check locations @@ Metadata ## Commit message ## drm/amd/display: fixed integer types and null check locations
+ [ Upstream commit 0484e05d048b66d01d1f3c1d2306010bb57d8738 ] + [why]: issues fixed: - comparison with wider integer type in loop condition which can cause @@ Commit message Signed-off-by: Sohaib Nadeem sohaib.nadeem@amd.com Tested-by: Daniel Wheeler daniel.wheeler@amd.com Signed-off-by: Alex Deucher alexander.deucher@amd.com + [ To fix CVE-2024-26767, delete changes made in drivers/gpu/drm/amd/display/dc/link/link_validation.c + for this file is deleted in linux-6.1 ] + Signed-off-by: Jianqi Ren jianqi.ren.cn@windriver.com + Signed-off-by: He Zhe zhe.he@windriver.com
## drivers/gpu/drm/amd/display/dc/bios/bios_parser2.c ## @@ drivers/gpu/drm/amd/display/dc/bios/bios_parser2.c: static enum bp_result get_firmware_info_v3_2( @@ drivers/gpu/drm/amd/display/dc/bios/bios_parser2.c: static enum bp_result get_in info->gpu_cap_info = le32_to_cpu(info_v2_2->gpucapinfo); /* - - ## drivers/gpu/drm/amd/display/dc/link/link_validation.c ## -@@ drivers/gpu/drm/amd/display/dc/link/link_validation.c: bool link_validate_dpia_bandwidth(const struct dc_stream_state *stream, const un - struct dc_link *dpia_link[MAX_DPIA_NUM] = {0}; - int num_dpias = 0; - -- for (uint8_t i = 0; i < num_streams; ++i) { -+ for (unsigned int i = 0; i < num_streams; ++i) { - if (stream[i].signal == SIGNAL_TYPE_DISPLAY_PORT) { - /* new dpia sst stream, check whether it exceeds max dpia */ - if (num_dpias >= MAX_DPIA_NUM) ---
Results of testing on various branches:
| Branch | Patch Apply | Build Test | |---------------------------|-------------|------------| | stable/linux-6.1.y | Success | Success |
On Thu, Feb 27, 2025 at 11:26:33AM +0800, jianqi.ren.cn@windriver.com wrote:
From: Sohaib Nadeem sohaib.nadeem@amd.com
[ Upstream commit 0484e05d048b66d01d1f3c1d2306010bb57d8738 ]
[why]: issues fixed:
- comparison with wider integer type in loop condition which can cause
infinite loops
- pointer dereference before null check
Cc: Mario Limonciello mario.limonciello@amd.com Cc: Alex Deucher alexander.deucher@amd.com Cc: stable@vger.kernel.org Reviewed-by: Josip Pavic josip.pavic@amd.com Acked-by: Aurabindo Pillai aurabindo.pillai@amd.com Signed-off-by: Sohaib Nadeem sohaib.nadeem@amd.com Tested-by: Daniel Wheeler daniel.wheeler@amd.com Signed-off-by: Alex Deucher alexander.deucher@amd.com [ To fix CVE-2024-26767, delete changes made in drivers/gpu/drm/amd/display/dc/link/link_validation.c for this file is deleted in linux-6.1 ]
It's not that the file is deleted, it is just not present yet, as it had not shown up in the tree.
I've manually edited this changelog, please be more careful next time. Also, no need to mention a CVE id, they don't mean anything here :)
thanks,
greg k-h
linux-stable-mirror@lists.linaro.org
-
Greg KH -
jianqi.ren.cn@windriver.com -
Sasha Levin