On Mon, 2020-12-14 at 08:55 +0000, Simon Ser wrote:
Userspace can set a damage clip with a negative coordinate, negative width or height or larger than the plane. This invalid values could cause issues in some HW or even worst enable security flaws.
v2:
- add debug messages to let userspace know why atomic commit failed
due invalid damage clips
Cc: Simon Ser contact@emersion.fr Cc: Gwan-gyeong Mun gwan-gyeong.mun@intel.com Cc: Sean Paul seanpaul@chromium.org Cc: Fabio Estevam festevam@gmail.com Cc: Deepak Rawat drawat@vmware.com Cc: dri-devel@lists.freedesktop.org Signed-off-by: José Roberto de Souza jose.souza@intel.com
After looking at the kernel code, it seems like the kernel already checks for all of that in drm_atomic_plane_check. Are you aware of this?
- w = drm_rect_width(&plane_state->src) >> 16;
- h = drm_rect_height(&plane_state->src) >> 16;
The docs say this should be in FB coordinates, not in SRC_* coordinates. So we shouldn't need to check any SRC_* prop here.
I agree the Simon's opinion. it does check between plane's frame buffer src geometry and damage clips. (Plane's damage clip might exist outside of fb src geometry.)