tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
fork atom

drm/radeon: don't include RADEON_HPD_NONE in HPD IRQ enable bitsets

The values of all but the RADEON_HPD_NONE members of the radeon_hpd_id
enum transform 1:1 into bit positions within the 'enabled' bitset as
assembled by evergreen_hpd_init():

enabled |= 1 << radeon_connector->hpd.hpd;

However, if ->hpd.hpd happens to equal RADEON_HPD_NONE == 0xff, UBSAN
reports

UBSAN: Undefined behaviour in drivers/gpu/drm/radeon/evergreen.c:1867:16
shift exponent 255 is too large for 32-bit type 'int'
[...]
Call Trace:
[<ffffffff818c4d35>] dump_stack+0xbc/0x117
[<ffffffff818c4c79>] ? _atomic_dec_and_lock+0x169/0x169
[<ffffffff819411bb>] ubsan_epilogue+0xd/0x4e
[<ffffffff81941cbc>] __ubsan_handle_shift_out_of_bounds+0x1fb/0x254
[<ffffffffa0ba7f2e>] ? atom_execute_table+0x3e/0x50 [radeon]
[<ffffffff81941ac1>] ? __ubsan_handle_load_invalid_value+0x158/0x158
[<ffffffffa0b87700>] ? radeon_get_pll_use_mask+0x130/0x130 [radeon]
[<ffffffff81219930>] ? wake_up_klogd_work_func+0x60/0x60
[<ffffffff8121a35e>] ? vprintk_default+0x3e/0x60
[<ffffffffa0c603c4>] evergreen_hpd_init+0x274/0x2d0 [radeon]
[<ffffffffa0c603c4>] ? evergreen_hpd_init+0x274/0x2d0 [radeon]
[<ffffffffa0bd196e>] radeon_modeset_init+0x8ce/0x18d0 [radeon]
[<ffffffffa0b71d86>] radeon_driver_load_kms+0x186/0x350 [radeon]
[<ffffffffa03b6b16>] drm_dev_register+0xc6/0x100 [drm]
[<ffffffffa03bc8c4>] drm_get_pci_dev+0xe4/0x490 [drm]
[<ffffffff814b83f0>] ? kfree+0x220/0x370
[<ffffffffa0b687c2>] radeon_pci_probe+0x112/0x140 [radeon]
[...]
=====================================================================
radeon 0000:01:00.0: No connectors reported connected with modes

At least on x86, there should be no user-visible impact as there

1 << 0xff == 1 << (0xff & 31) == 1 << 31

holds and 31 > RADEON_MAX_HPD_PINS. Thus, this patch is a cosmetic one.

All of the above applies analogously to evergreen_hpd_fini(),
r100_hpd_init(), r100_hpd_fini(), r600_hpd_init(), r600_hpd_fini(),
rs600_hpd_init() and rs600_hpd_fini()

Silence UBSAN by checking ->hpd.hpd for RADEON_HPD_NONE before oring it
into the 'enabled' bitset in the *_init()- or the 'disabled' bitset in
the *_fini()-functions respectively.

Signed-off-by: Nicolai Stange <nicstange@gmail.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>

authored by

Nicolai Stange and committed by
Alex Deucher b2c0cbd6 70f0f5fb

+16 -8
+4 -2
drivers/gpu/drm/radeon/evergreen.c
··· 1864 1864 break; 1865 1865 } 1866 1866 radeon_hpd_set_polarity(rdev, radeon_connector->hpd.hpd); 1867 - enabled |= 1 << radeon_connector->hpd.hpd; 1867 + if (radeon_connector->hpd.hpd != RADEON_HPD_NONE) 1868 + enabled |= 1 << radeon_connector->hpd.hpd; 1868 1869 } 1869 1870 radeon_irq_kms_enable_hpd(rdev, enabled); 1870 1871 } ··· 1908 1907 default: 1909 1908 break; 1910 1909 } 1911 - disabled |= 1 << radeon_connector->hpd.hpd; 1910 + if (radeon_connector->hpd.hpd != RADEON_HPD_NONE) 1911 + disabled |= 1 << radeon_connector->hpd.hpd; 1912 1912 } 1913 1913 radeon_irq_kms_disable_hpd(rdev, disabled); 1914 1914 }
+4 -2
drivers/gpu/drm/radeon/r100.c
··· 592 592 593 593 list_for_each_entry(connector, &dev->mode_config.connector_list, head) { 594 594 struct radeon_connector *radeon_connector = to_radeon_connector(connector); 595 - enable |= 1 << radeon_connector->hpd.hpd; 595 + if (radeon_connector->hpd.hpd != RADEON_HPD_NONE) 596 + enable |= 1 << radeon_connector->hpd.hpd; 596 597 radeon_hpd_set_polarity(rdev, radeon_connector->hpd.hpd); 597 598 } 598 599 radeon_irq_kms_enable_hpd(rdev, enable); ··· 615 614 616 615 list_for_each_entry(connector, &dev->mode_config.connector_list, head) { 617 616 struct radeon_connector *radeon_connector = to_radeon_connector(connector); 618 - disable |= 1 << radeon_connector->hpd.hpd; 617 + if (radeon_connector->hpd.hpd != RADEON_HPD_NONE) 618 + disable |= 1 << radeon_connector->hpd.hpd; 619 619 } 620 620 radeon_irq_kms_disable_hpd(rdev, disable); 621 621 }
+4 -2
drivers/gpu/drm/radeon/r600.c
··· 1002 1002 break; 1003 1003 } 1004 1004 } 1005 - enable |= 1 << radeon_connector->hpd.hpd; 1005 + if (radeon_connector->hpd.hpd != RADEON_HPD_NONE) 1006 + enable |= 1 << radeon_connector->hpd.hpd; 1006 1007 radeon_hpd_set_polarity(rdev, radeon_connector->hpd.hpd); 1007 1008 } 1008 1009 radeon_irq_kms_enable_hpd(rdev, enable); ··· 1056 1055 break; 1057 1056 } 1058 1057 } 1059 - disable |= 1 << radeon_connector->hpd.hpd; 1058 + if (radeon_connector->hpd.hpd != RADEON_HPD_NONE) 1059 + disable |= 1 << radeon_connector->hpd.hpd; 1060 1060 } 1061 1061 radeon_irq_kms_disable_hpd(rdev, disable); 1062 1062 }
+4 -2
drivers/gpu/drm/radeon/rs600.c
··· 413 413 default: 414 414 break; 415 415 } 416 - enable |= 1 << radeon_connector->hpd.hpd; 416 + if (radeon_connector->hpd.hpd != RADEON_HPD_NONE) 417 + enable |= 1 << radeon_connector->hpd.hpd; 417 418 radeon_hpd_set_polarity(rdev, radeon_connector->hpd.hpd); 418 419 } 419 420 radeon_irq_kms_enable_hpd(rdev, enable); ··· 440 439 default: 441 440 break; 442 441 } 443 - disable |= 1 << radeon_connector->hpd.hpd; 442 + if (radeon_connector->hpd.hpd != RADEON_HPD_NONE) 443 + disable |= 1 << radeon_connector->hpd.hpd; 444 444 } 445 445 radeon_irq_kms_disable_hpd(rdev, disable); 446 446 }