[v5,02/15] drm/edid: Break out reading block 0 of the EDID

A future change wants to be able to read just block 0 of the EDID, so
break it out of drm_do_get_edid() into a sub-function.

This is intended to be a no-op change--just code movement.

Signed-off-by: Douglas Anderson <dianders@chromium.org>
Acked-by: Sam Ravnborg <sam@ravnborg.org>
Reviewed-by: Jani Nikula <jani.nikula@intel.com>
---

(no changes since v4)

Changes in v4:
- "u8 *edid" => "void *edid" to avoid cast.
- Don't put kmalloc() in the "if" test even if the old code did.
- drm_do_get_edid_blk0() => drm_do_get_edid_base_block()

 drivers/gpu/drm/drm_edid.c | 63 +++++++++++++++++++++++++++-----------
 1 file changed, 45 insertions(+), 18 deletions(-)

Hi Douglas,

On Tue, Sep 14, 2021 at 10:23 PM Douglas Anderson <dianders@chromium.org> wrote:
> A future change wants to be able to read just block 0 of the EDID, so

> break it out of drm_do_get_edid() into a sub-function.

>

> This is intended to be a no-op change--just code movement.

>

> Signed-off-by: Douglas Anderson <dianders@chromium.org>


Thanks for your patch, which is now commit bac9c29482248b00 ("drm/edid:
Break out reading block 0 of the EDID") in drm-next.

> --- a/drivers/gpu/drm/drm_edid.c

> +++ b/drivers/gpu/drm/drm_edid.c

> @@ -1905,6 +1905,44 @@ int drm_add_override_edid_modes(struct drm_connector *connector)

>  }

>  EXPORT_SYMBOL(drm_add_override_edid_modes);

>

> +static struct edid *drm_do_get_edid_base_block(

> +       int (*get_edid_block)(void *data, u8 *buf, unsigned int block,

> +                             size_t len),

> +       void *data, bool *edid_corrupt, int *null_edid_counter)

> +{

> +       int i;

> +       void *edid;

> +

> +       edid = kmalloc(EDID_LENGTH, GFP_KERNEL);

> +       if (edid == NULL)

> +               return NULL;

> +

> +       /* base block fetch */

> +       for (i = 0; i < 4; i++) {

> +               if (get_edid_block(data, edid, 0, EDID_LENGTH))

> +                       goto out;

> +               if (drm_edid_block_valid(edid, 0, false, edid_corrupt))

> +                       break;

> +               if (i == 0 && drm_edid_is_zero(edid, EDID_LENGTH)) {

> +                       if (null_edid_counter)

> +                               (*null_edid_counter)++;

> +                       goto carp;

> +               }

> +       }

> +       if (i == 4)

> +               goto carp;

> +

> +       return edid;

> +

> +carp:

> +       kfree(edid);

> +       return ERR_PTR(-EINVAL);

> +

> +out:

> +       kfree(edid);

> +       return NULL;

> +}

> +

>  /**

>   * drm_do_get_edid - get EDID data using a custom EDID block read function

>   * @connector: connector we're probing

> @@ -1938,25 +1976,16 @@ struct edid *drm_do_get_edid(struct drm_connector *connector,

>         if (override)

>                 return override;

>

> -       if ((edid = kmalloc(EDID_LENGTH, GFP_KERNEL)) == NULL)

> +       edid = (u8 *)drm_do_get_edid_base_block(get_edid_block, data,

> +                                               &connector->edid_corrupt,

> +                                               &connector->null_edid_counter);

> +       if (IS_ERR_OR_NULL(edid)) {

> +               if (IS_ERR(edid))


So edid is an error code, not a valid pointer...

> +                       connector_bad_edid(connector, edid, 1);


... while connector_bad_edid() expects edid to be a valid pointer,
causing a crash:

Unable to handle kernel NULL pointer dereference at virtual address
0000000000000068
Mem abort info:
  ESR = 0x96000004
  EC = 0x25: DABT (current EL), IL = 32 bits
  SET = 0, FnV = 0
  EA = 0, S1PTW = 0
  FSC = 0x04: level 0 translation fault
Data abort info:
  ISV = 0, ISS = 0x00000004
  CM = 0, WnR = 0
[0000000000000068] user address but active_mm is swapper
Internal error: Oops: 96000004 [#1] PREEMPT SMP
CPU: 0 PID: 7 Comm: kworker/u4:0 Not tainted
5.15.0-rc3-arm64-renesas-00629-geb2d42841024-dirty #1313
Hardware name: Renesas Ebisu-4D board based on r8a77990 (DT)
Workqueue: events_unbound deferred_probe_work_func
pstate: 20000005 (nzCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : connector_bad_edid+0x28/0x1a8
lr : drm_do_get_edid+0x260/0x268
sp : ffff8000121336a0
x29: ffff8000121336a0 x28: ffff00000a373200 x27: 0000000000001ffe
PM: ==== always-on/ee160000.mmc: stop
x26: 0000000000000005 x25: 0000000000000041 x24: 0000000000000000
x23: ffff000008a25080 x22: ffff8000106bd990 x21: ffff0000081496c0
x20: 0000000000000001 x19: ffffffffffffffea x18: 0000000000000010
x17: 0000000000000000 x16: 0000000000000000 x15: 0000000000000000
x14: 0000000000000000 x13: 0000000000000000 x12: 0000000000000000
x11: 0000000000000000 x10: 0000000000000000 x9 : 0000000000000000
x8 : 0000000000000000 x7 : 0000000000000080 x6 : ffff000009c71000
x5 : 0000000000000000 x4 : 0000000000000069 x3 : ffff00000a3c2900
x2 : 0000000000000001 x1 : ffffffffffffffea x0 : ffff000009c71000
Call trace:
 connector_bad_edid+0x28/0x1a8
 drm_do_get_edid+0x260/0x268
 adv7511_get_edid+0xb4/0xd0
 adv7511_bridge_get_edid+0x10/0x18

>                 return NULL;

> -

> -       /* base block fetch */

> -       for (i = 0; i < 4; i++) {

> -               if (get_edid_block(data, edid, 0, EDID_LENGTH))

> -                       goto out;

> -               if (drm_edid_block_valid(edid, 0, false,

> -                                        &connector->edid_corrupt))

> -                       break;

> -               if (i == 0 && drm_edid_is_zero(edid, EDID_LENGTH)) {

> -                       connector->null_edid_counter++;

> -                       goto carp;

> -               }

>         }

> -       if (i == 4)

> -               goto carp;

>

> -       /* if there's no extensions, we're done */

> +       /* if there's no extensions or no connector, we're done */

>         valid_extensions = edid[0x7e];

>         if (valid_extensions == 0)

>                 return (struct edid *)edid;

> @@ -2010,8 +2039,6 @@ struct edid *drm_do_get_edid(struct drm_connector *connector,

>

>         return (struct edid *)edid;

>

> -carp:

> -       connector_bad_edid(connector, edid, 1);

>  out:

>         kfree(edid);

>         return NULL;


Gr{oetje,eeting}s,

                        Geert

-- 
Geert Uytterhoeven -- There's lots of Linux beyond ia32 -- geert@linux-m68k.org

In personal conversations with technical people, I call myself a hacker. But
when I'm talking to journalists I just say "programmer" or something like that.
                                -- Linus Torvalds

Hi Doug,

On Mon, Oct 4, 2021 at 6:26 PM Doug Anderson <dianders@chromium.org> wrote:
> On Mon, Oct 4, 2021 at 8:42 AM Geert Uytterhoeven <geert@linux-m68k.org> wrote:

> > > -       if ((edid = kmalloc(EDID_LENGTH, GFP_KERNEL)) == NULL)

> > > +       edid = (u8 *)drm_do_get_edid_base_block(get_edid_block, data,

> > > +                                               &connector->edid_corrupt,

> > > +                                               &connector->null_edid_counter);

> > > +       if (IS_ERR_OR_NULL(edid)) {

> > > +               if (IS_ERR(edid))

> >

> > So edid is an error code, not a valid pointer...

> >

> > > +                       connector_bad_edid(connector, edid, 1);

> >

> > ... while connector_bad_edid() expects edid to be a valid pointer,

> > causing a crash:

> >

> > Unable to handle kernel NULL pointer dereference at virtual address

>

> Sigh. Thanks for the report and analysis. I guess I don't have any

> displays reporting invalid EDIDs to test with. Hopefully this will

> help:


It doesn't happen all the time.  Looks like my EDID is only invalid after
a reset needed to resolve an s2ram crash in the adv7511 driver...

> https://lore.kernel.org/r/20211004092100.1.Ic90a5ebd44c75db963112be167a03cc96f9fb249@changeid/


Thanks for the quick fix!

Gr{oetje,eeting}s,

                        Geert

-- 
Geert Uytterhoeven -- There's lots of Linux beyond ia32 -- geert@linux-m68k.org

In personal conversations with technical people, I call myself a hacker. But
when I'm talking to journalists I just say "programmer" or something like that.
                                -- Linus Torvalds