From 088ca02108fcb75ae60a82f031a2f6aea731c818 Mon Sep 17 00:00:00 2001 From: =?utf8?q?Ville=20Syrj=C3=A4l=C3=A4?= Date: Tue, 6 Jun 2023 22:14:51 +0300 Subject: [PATCH] drm/i915/dsb: Avoid corrupting the first register write MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit i915_gem_object_create_internal() does not hand out zeroed memory. Thus we may confuse whatever stale garbage is in there as a previous register write and mistakenly handle the first actual register write as an indexed write. This can end up corrupting the instruction sufficiently well to lose the entire register write. Make sure we've actually emitted a previous instruction before attemting indexed register write merging. Signed-off-by: Ville Syrjälä Link: https://patchwork.freedesktop.org/patch/msgid/20230606191504.18099-7-ville.syrjala@linux.intel.com Reviewed-by: Animesh Manna --- drivers/gpu/drm/i915/display/intel_dsb.c | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/drivers/gpu/drm/i915/display/intel_dsb.c b/drivers/gpu/drm/i915/display/intel_dsb.c index cdb80352b8448..3de0d572c511a 100644 --- a/drivers/gpu/drm/i915/display/intel_dsb.c +++ b/drivers/gpu/drm/i915/display/intel_dsb.c @@ -137,6 +137,14 @@ static bool intel_dsb_prev_ins_is_write(struct intel_dsb *dsb, const u32 *buf = dsb->cmd_buf; u32 prev_opcode, prev_reg; + /* + * Nothing emitted yet? Must check before looking + * at the actual data since i915_gem_object_create_internal() + * does *not* give you zeroed memory! + */ + if (dsb->free_pos == 0) + return false; + prev_opcode = buf[dsb->ins_start_offset + 1] >> DSB_OPCODE_SHIFT; prev_reg = buf[dsb->ins_start_offset + 1] & DSB_REG_VALUE_MASK; -- 2.30.2