CVE-2023-52625 drm/amd/display: Refactor DMCUB enter/exit idle interface

2024-03-2617:49:58

Linux

www.cve.org

linux kernel

vulnerability

resolved

drm/amd/display

dmcub

enter/exit idle

interface

command

patch

hardware

driver

state

optimization

infinite loop

6.9 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

9.1%

JSON

In the Linux kernel, the following vulnerability has been resolved:

drm/amd/display: Refactor DMCUB enter/exit idle interface

[Why]
We can hang in place trying to send commands when the DMCUB isn’t
powered on.

[How]
We need to exit out of the idle state prior to sending a command,
but the process that performs the exit also invokes a command itself.

Fixing this issue involves the following:

Using a software state to track whether or not we need to start
the process to exit idle or notify idle.

It’s possible for the hardware to have exited an idle state without
driver knowledge, but entering one is always restricted to a driver
allow - which makes the SW state vs HW state mismatch issue purely one
of optimization, which should seldomly be hit, if at all.

Refactor any instances of exit/notify idle to use a single wrapper
that maintains this SW state.

This works simialr to dc_allow_idle_optimizations, but works at the
DMCUB level and makes sure the state is marked prior to any notify/exit
idle so we don’t enter an infinite loop.

Make sure we exit out of idle prior to sending any commands or
waiting for DMCUB idle.

This patch takes care of 1/2. A future patch will take care of wrapping
DMCUB command submission with calls to this new interface.

CNA Affected

[
  {
    "product": "Linux",
    "vendor": "Linux",
    "defaultStatus": "unaffected",
    "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
    "programFiles": [
      "drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c",
      "drivers/gpu/drm/amd/display/dc/dc_dmub_srv.c",
      "drivers/gpu/drm/amd/display/dc/dc_dmub_srv.h",
      "drivers/gpu/drm/amd/display/dc/hwss/dcn35/dcn35_hwseq.c"
    ],
    "versions": [
      {
        "version": "1da177e4c3f4",
        "lessThan": "820c3870c491",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "1da177e4c3f4",
        "lessThan": "8e57c06bf4b0",
        "status": "affected",
        "versionType": "git"
      }
    ]
  },
  {
    "product": "Linux",
    "vendor": "Linux",
    "defaultStatus": "affected",
    "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
    "programFiles": [
      "drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c",
      "drivers/gpu/drm/amd/display/dc/dc_dmub_srv.c",
      "drivers/gpu/drm/amd/display/dc/dc_dmub_srv.h",
      "drivers/gpu/drm/amd/display/dc/hwss/dcn35/dcn35_hwseq.c"
    ],
    "versions": [
      {
        "version": "6.7.3",
        "lessThanOrEqual": "6.7.*",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "6.8",
        "lessThanOrEqual": "*",
        "status": "unaffected",
        "versionType": "original_commit_for_fix"
      }
    ]
  }
]