drm/msm/dsi: Prevent signed BPG offsets from bleeding into adjacent bits

author Marijn Suijten <marijn.suijten@somainline.org>

Wed, 26 Oct 2022 18:28:24 +0000 (20:28 +0200)

committer Greg Kroah-Hartman <gregkh@linuxfoundation.org>

Sat, 31 Dec 2022 12:32:08 +0000 (13:32 +0100)
author Marijn Suijten <marijn.suijten@somainline.org>
Wed, 26 Oct 2022 18:28:24 +0000 (20:28 +0200)
committer Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Sat, 31 Dec 2022 12:32:08 +0000 (13:32 +0100)
diff --git a/drivers/gpu/drm/msm/dsi/dsi_host.c b/drivers/gpu/drm/msm/dsi/dsi_host.c

index c229cf6..89aadd3 100644 (file)
--- a/drivers/gpu/drm/msm/dsi/dsi_host.c
+++ b/drivers/gpu/drm/msm/dsi/dsi_host.c
@@ -1782,7 +1782,11 @@ static int dsi_populate_dsc_params(struct msm_dsi_host *msm_host, struct drm_dsc
         for (i = 0; i < DSC_NUM_BUF_RANGES; i++) {
                 dsc->rc_range_params[i].range_min_qp = min_qp[i];
                 dsc->rc_range_params[i].range_max_qp = max_qp[i];
-               dsc->rc_range_params[i].range_bpg_offset = bpg_offset[i];
+               /*
+                * Range BPG Offset contains two's-complement signed values that fill
+                * 8 bits, yet the registers and DCS PPS field are only 6 bits wide.
+                */
+               dsc->rc_range_params[i].range_bpg_offset = bpg_offset[i] & DSC_RANGE_BPG_OFFSET_MASK;
         }
  
         dsc->initial_offset = 6144;             /* Not bpp 12 */
author	Marijn Suijten <marijn.suijten@somainline.org>
	Wed, 26 Oct 2022 18:28:24 +0000 (20:28 +0200)
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	Sat, 31 Dec 2022 12:32:08 +0000 (13:32 +0100)