drm/amd/display: Reject non-zero src_y and src_x for video planes
authorHarry Wentland <harry.wentland@amd.com>
Thu, 22 Apr 2021 23:10:52 +0000 (19:10 -0400)
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Mon, 19 Jul 2021 07:44:58 +0000 (09:44 +0200)
commit c6c6a712199ab355ce333fa5764a59506bb107c1 upstream.

[Why]
This hasn't been well tested and leads to complete system hangs on DCN1
based systems, possibly others.

The system hang can be reproduced by gesturing the video on the YouTube
Android app on ChromeOS into full screen.

[How]
Reject atomic commits with non-zero drm_plane_state.src_x or src_y values.

v2:
 - Add code comment describing the reason we're rejecting non-zero
   src_x and src_y
 - Drop gerrit Change-Id
 - Add stable CC
 - Based on amd-staging-drm-next

v3: removed trailing whitespace

Signed-off-by: Harry Wentland <harry.wentland@amd.com>
Cc: stable@vger.kernel.org
Cc: nicholas.kazlauskas@amd.com
Cc: amd-gfx@lists.freedesktop.org
Cc: alexander.deucher@amd.com
Cc: Roman.Li@amd.com
Cc: hersenxs.wu@amd.com
Cc: danny.wang@amd.com
Reviewed-by: Nicholas Kazlauskas <nicholas.kazlauskas@amd.com>
Acked-by: Christian König <christian.koenig@amd.com>
Reviewed-by: Hersen Wu <hersenxs.wu@amd.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c

index bdcec5b3f5e5b598e69da2a014e839fc252c72db..6eb308670f48772990b5564896f343872cf20ec9 100644 (file)
@@ -3685,6 +3685,23 @@ static int fill_dc_scaling_info(const struct drm_plane_state *state,
        scaling_info->src_rect.x = state->src_x >> 16;
        scaling_info->src_rect.y = state->src_y >> 16;
 
+       /*
+        * For reasons we don't (yet) fully understand a non-zero
+        * src_y coordinate into an NV12 buffer can cause a
+        * system hang. To avoid hangs (and maybe be overly cautious)
+        * let's reject both non-zero src_x and src_y.
+        *
+        * We currently know of only one use-case to reproduce a
+        * scenario with non-zero src_x and src_y for NV12, which
+        * is to gesture the YouTube Android app into full screen
+        * on ChromeOS.
+        */
+       if (state->fb &&
+           state->fb->format->format == DRM_FORMAT_NV12 &&
+           (scaling_info->src_rect.x != 0 ||
+            scaling_info->src_rect.y != 0))
+               return -EINVAL;
+
        /*
         * For reasons we don't (yet) fully understand a non-zero
         * src_y coordinate into an NV12 buffer can cause a