| From bippy-5f407fcff5a0 Mon Sep 17 00:00:00 2001 |
| From: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
| To: <linux-cve-announce@vger.kernel.org> |
| Reply-to: <cve@kernel.org>, <linux-kernel@vger.kernel.org> |
| Subject: CVE-2023-52625: drm/amd/display: Refactor DMCUB enter/exit idle interface |
| |
| Description |
| =========== |
| |
| In the Linux kernel, the following vulnerability has been resolved: |
| |
| drm/amd/display: Refactor DMCUB enter/exit idle interface |
| |
| [Why] |
| We can hang in place trying to send commands when the DMCUB isn't |
| powered on. |
| |
| [How] |
| We need to exit out of the idle state prior to sending a command, |
| but the process that performs the exit also invokes a command itself. |
| |
| Fixing this issue involves the following: |
| |
| 1. Using a software state to track whether or not we need to start |
| the process to exit idle or notify idle. |
| |
| It's possible for the hardware to have exited an idle state without |
| driver knowledge, but entering one is always restricted to a driver |
| allow - which makes the SW state vs HW state mismatch issue purely one |
| of optimization, which should seldomly be hit, if at all. |
| |
| 2. Refactor any instances of exit/notify idle to use a single wrapper |
| that maintains this SW state. |
| |
| This works simialr to dc_allow_idle_optimizations, but works at the |
| DMCUB level and makes sure the state is marked prior to any notify/exit |
| idle so we don't enter an infinite loop. |
| |
| 3. Make sure we exit out of idle prior to sending any commands or |
| waiting for DMCUB idle. |
| |
| This patch takes care of 1/2. A future patch will take care of wrapping |
| DMCUB command submission with calls to this new interface. |
| |
| The Linux kernel CVE team has assigned CVE-2023-52625 to this issue. |
| |
| |
| Affected and fixed versions |
| =========================== |
| |
| Fixed in 6.7.3 with commit 820c3870c491946a78950cdf961bf40e28c1025f |
| Fixed in 6.8 with commit 8e57c06bf4b0f51a4d6958e15e1a99c9520d00fa |
| |
| Please see https://www.kernel.org for a full list of currently supported |
| kernel versions by the kernel community. |
| |
| Unaffected versions might change over time as fixes are backported to |
| older supported kernel versions. The official CVE entry at |
| https://cve.org/CVERecord/?id=CVE-2023-52625 |
| will be updated if fixes are backported, please check that for the most |
| up to date information about this issue. |
| |
| |
| Affected files |
| ============== |
| |
| The file(s) affected by this issue are: |
| drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c |
| drivers/gpu/drm/amd/display/dc/dc_dmub_srv.c |
| drivers/gpu/drm/amd/display/dc/dc_dmub_srv.h |
| drivers/gpu/drm/amd/display/dc/hwss/dcn35/dcn35_hwseq.c |
| |
| |
| Mitigation |
| ========== |
| |
| The Linux kernel CVE team recommends that you update to the latest |
| stable kernel version for this, and many other bugfixes. Individual |
| changes are never tested alone, but rather are part of a larger kernel |
| release. Cherry-picking individual commits is not recommended or |
| supported by the Linux kernel community at all. If however, updating to |
| the latest release is impossible, the individual changes to resolve this |
| issue can be found at these commits: |
| https://git.kernel.org/stable/c/820c3870c491946a78950cdf961bf40e28c1025f |
| https://git.kernel.org/stable/c/8e57c06bf4b0f51a4d6958e15e1a99c9520d00fa |
