[PATCH 5.4 082/122] drm/amd/display: Reject non-zero src_y and src_x for video planes

Greg Kroah-Hartman gregkh at linuxfoundation.org
Thu Jul 15 18:38:49 UTC 2021 

From: Harry Wentland <harry.wentland at amd.com>

commit c6c6a712199ab355ce333fa5764a59506bb107c1 upstream.

[Why]
This hasn't been well tested and leads to complete system hangs on DCN1
based systems, possibly others.

The system hang can be reproduced by gesturing the video on the YouTube
Android app on ChromeOS into full screen.

[How]
Reject atomic commits with non-zero drm_plane_state.src_x or src_y values.

v2:
 - Add code comment describing the reason we're rejecting non-zero
   src_x and src_y
 - Drop gerrit Change-Id
 - Add stable CC
 - Based on amd-staging-drm-next

v3: removed trailing whitespace

Signed-off-by: Harry Wentland <harry.wentland at amd.com>
Cc: stable at vger.kernel.org
Cc: nicholas.kazlauskas at amd.com
Cc: amd-gfx at lists.freedesktop.org
Cc: alexander.deucher at amd.com
Cc: Roman.Li at amd.com
Cc: hersenxs.wu at amd.com
Cc: danny.wang at amd.com
Reviewed-by: Nicholas Kazlauskas <nicholas.kazlauskas at amd.com>
Acked-by: Christian König <christian.koenig at amd.com>
Reviewed-by: Hersen Wu <hersenxs.wu at amd.com>
Signed-off-by: Alex Deucher <alexander.deucher at amd.com>
Signed-off-by: Greg Kroah-Hartman <gregkh at linuxfoundation.org>

---
 drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c |   17 +++++++++++++++++
 1 file changed, 17 insertions(+)

--- a/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c
+++ b/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c
@@ -2649,6 +2649,23 @@ static int fill_dc_scaling_info(const st
 	     scaling_info->src_rect.y != 0))
 		return -EINVAL;
 
+	/*
+	 * For reasons we don't (yet) fully understand a non-zero
+	 * src_y coordinate into an NV12 buffer can cause a
+	 * system hang. To avoid hangs (and maybe be overly cautious)
+	 * let's reject both non-zero src_x and src_y.
+	 *
+	 * We currently know of only one use-case to reproduce a
+	 * scenario with non-zero src_x and src_y for NV12, which
+	 * is to gesture the YouTube Android app into full screen
+	 * on ChromeOS.
+	 */
+	if (state->fb &&
+	    state->fb->format->format == DRM_FORMAT_NV12 &&
+	    (scaling_info->src_rect.x != 0 ||
+	     scaling_info->src_rect.y != 0))
+		return -EINVAL;
+
 	scaling_info->src_rect.width = state->src_w >> 16;
 	if (scaling_info->src_rect.width == 0)
 		return -EINVAL;

More information about the amd-gfx mailing list