From 3bb6425d757ddc08421137da0e5777fb5506981d Mon Sep 17 00:00:00 2001 From: jsg Date: Mon, 19 Jul 2021 10:49:37 +0000 Subject: [PATCH] drm/amd/display: Reject non-zero src_y and src_x for video planes From Harry Wentland c6016936171a7b179b2c478ceb7fbd092ee4f9f8 in linux 5.10.y/5.10.51 c6c6a712199ab355ce333fa5764a59506bb107c1 in mainline linux --- .../pci/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/sys/dev/pci/drm/amd/display/amdgpu_dm/amdgpu_dm.c b/sys/dev/pci/drm/amd/display/amdgpu_dm/amdgpu_dm.c index 75ef5b379af..726f39de245 100644 --- a/sys/dev/pci/drm/amd/display/amdgpu_dm/amdgpu_dm.c +++ b/sys/dev/pci/drm/amd/display/amdgpu_dm/amdgpu_dm.c @@ -3687,6 +3687,23 @@ static int fill_dc_scaling_info(const struct drm_plane_state *state, scaling_info->src_rect.x = state->src_x >> 16; scaling_info->src_rect.y = state->src_y >> 16; + /* + * For reasons we don't (yet) fully understand a non-zero + * src_y coordinate into an NV12 buffer can cause a + * system hang. To avoid hangs (and maybe be overly cautious) + * let's reject both non-zero src_x and src_y. + * + * We currently know of only one use-case to reproduce a + * scenario with non-zero src_x and src_y for NV12, which + * is to gesture the YouTube Android app into full screen + * on ChromeOS. + */ + if (state->fb && + state->fb->format->format == DRM_FORMAT_NV12 && + (scaling_info->src_rect.x != 0 || + scaling_info->src_rect.y != 0)) + return -EINVAL; + /* * For reasons we don't (yet) fully understand a non-zero * src_y coordinate into an NV12 buffer can cause a -- 2.20.1