[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-Id: <20210512144821.996286372@linuxfoundation.org>
Date: Wed, 12 May 2021 16:42:58 +0200
From: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
To: linux-kernel@...r.kernel.org
Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
stable@...r.kernel.org, Harry Wentland <harry.wentland@....com>,
nicholas.kazlauskas@....com, amd-gfx@...ts.freedesktop.org,
alexander.deucher@....com, Roman.Li@....com, hersenxs.wu@....com,
danny.wang@....com,
Christian König <christian.koenig@....com>
Subject: [PATCH 5.10 068/530] drm/amd/display: Reject non-zero src_y and src_x for video planes
From: Harry Wentland <harry.wentland@....com>
commit d89f6048bdcb6a56abb396c584747d5eeae650db upstream.
[Why]
This hasn't been well tested and leads to complete system hangs on DCN1
based systems, possibly others.
The system hang can be reproduced by gesturing the video on the YouTube
Android app on ChromeOS into full screen.
[How]
Reject atomic commits with non-zero drm_plane_state.src_x or src_y values.
v2:
- Add code comment describing the reason we're rejecting non-zero
src_x and src_y
- Drop gerrit Change-Id
- Add stable CC
- Based on amd-staging-drm-next
v3: removed trailing whitespace
Signed-off-by: Harry Wentland <harry.wentland@....com>
Cc: stable@...r.kernel.org
Cc: nicholas.kazlauskas@....com
Cc: amd-gfx@...ts.freedesktop.org
Cc: alexander.deucher@....com
Cc: Roman.Li@....com
Cc: hersenxs.wu@....com
Cc: danny.wang@....com
Reviewed-by: Nicholas Kazlauskas <nicholas.kazlauskas@....com>
Acked-by: Christian König <christian.koenig@....com>
Reviewed-by: Hersen Wu <hersenxs.wu@....com>
Signed-off-by: Alex Deucher <alexander.deucher@....com>
Cc: stable@...r.kernel.org
Signed-off-by: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
---
drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 17 +++++++++++++++++
1 file changed, 17 insertions(+)
--- a/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c
+++ b/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c
@@ -3685,6 +3685,23 @@ static int fill_dc_scaling_info(const st
scaling_info->src_rect.x = state->src_x >> 16;
scaling_info->src_rect.y = state->src_y >> 16;
+ /*
+ * For reasons we don't (yet) fully understand a non-zero
+ * src_y coordinate into an NV12 buffer can cause a
+ * system hang. To avoid hangs (and maybe be overly cautious)
+ * let's reject both non-zero src_x and src_y.
+ *
+ * We currently know of only one use-case to reproduce a
+ * scenario with non-zero src_x and src_y for NV12, which
+ * is to gesture the YouTube Android app into full screen
+ * on ChromeOS.
+ */
+ if (state->fb &&
+ state->fb->format->format == DRM_FORMAT_NV12 &&
+ (scaling_info->src_rect.x != 0 ||
+ scaling_info->src_rect.y != 0))
+ return -EINVAL;
+
scaling_info->src_rect.width = state->src_w >> 16;
if (scaling_info->src_rect.width == 0)
return -EINVAL;
Powered by blists - more mailing lists