mirrors/linux-stable
1
0
Fork 0
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git synced 2024-10-13 12:06:49 +00:00
Code Issues Releases Wiki Activity
linux-stable/drivers/gpu/drm/msm
History
Daniel Vetter 8b6b7d84bf drm/msm: Don't call dma_buf_vunmap without _vmap 
I honestly don't exactly understand what's going on here, but the
current code is wrong for sure: It calls dma_buf_vunmap without ever
calling dma_buf_vmap.

What I'm not sure about is whether the WARN_ON is correct:
- msm imports dma-buf using drm_prime_sg_to_page_addr_arrays. Which is
  a pretty neat layering violation of how you shouldn't peek behind
  the curtain of the dma-buf exporter, but par for course. Note that
  all the nice new helpers don't (and we should probably have a bit a
  warning about this in the kerneldoc).

- but then in the get_vaddr() in msm_gem.c, we seems to happily wrap a
  vmap() around any object with ->pages set (so including imported
  dma-buf).

- I'm not seeing any guarantees that userspace can't use an imported
  dma-buf for e.g. MSM_SUBMIT_CMD_BUF in a5xx_submit_in_rb, so no
  guarantees that an imported dma-buf won't end up with a ->vaddr set.

But even if that WARN_ON is wrong, cleaning up a vmap() done by msm by
calling dma_buf_vunmap is the wrong thing to do.

v2: Rob said in review that we do indeed have a gap in get_vaddr() that
needs to be plugged. But the users I've found aren't legit users on
imported dma-buf, so we can just reject that.

Reviewed-by: Rob Clark <robdclark@gmail.com>
Signed-off-by: Daniel Vetter <daniel.vetter@intel.com>
Cc: Rob Clark <robdclark@gmail.com>
Cc: Sean Paul <sean@poorly.run>
Cc: linux-arm-msm@vger.kernel.org
Cc: freedreno@lists.freedesktop.org
Link: https://patchwork.freedesktop.org/patch/msgid/20200514201117.465146-1-daniel.vetter@ffwll.ch
2020-06-03 14:48:26 +02:00
..
adreno drm/msm: remove _unlocked suffix in drm_gem_object_put_unlocked 2020-05-19 22:31:33 +01:00
disp drm/msm/dpu: Stop copying around mode->private_flags 2020-05-27 14:31:42 +03:00
dsi drm/msm: remove _unlocked suffix in drm_gem_object_put_unlocked 2020-05-19 22:31:33 +01:00
edp Merge tag 'drm-msm-next-2020-03-22' of https://gitlab.freedesktop.org/drm/msm into drm-next 2020-03-31 16:34:55 +10:00
hdmi Merge tag 'drm-msm-next-2020-03-22' of https://gitlab.freedesktop.org/drm/msm into drm-next 2020-03-31 16:34:55 +10:00
Kconfig
Makefile
msm_atomic.c
msm_atomic_trace.h
msm_atomic_tracepoints.c
msm_debugfs.c drm: convert .debugfs_init() hook to return void. 2020-03-18 17:53:28 +01:00
msm_debugfs.h drm: convert .debugfs_init() hook to return void. 2020-03-18 17:53:28 +01:00
msm_drv.c drm/msm: remove _unlocked suffix in drm_gem_object_put_unlocked 2020-05-19 22:31:33 +01:00
msm_drv.h Linux 5.6-rc2 2020-02-17 10:34:34 +01:00
msm_fb.c drm/msm: remove _unlocked suffix in drm_gem_object_put_unlocked 2020-05-19 22:31:33 +01:00
msm_fbdev.c drm: Remove drm_fb_helper add, add all and remove connector calls 2020-03-06 14:19:58 +01:00
msm_fence.c
msm_fence.h
msm_gem.c drm/msm: Don't call dma_buf_vunmap without _vmap 2020-06-03 14:48:26 +02:00
msm_gem.h drm/msm: devcoredump should dump MSM_SUBMIT_BO_DUMP buffers 2020-03-19 12:18:44 -07:00
msm_gem_prime.c
msm_gem_shrinker.c
msm_gem_submit.c drm/gem: add _locked suffix to drm_gem_object_put 2020-05-19 22:31:30 +01:00
msm_gem_vma.c
msm_gpu.c drm/gem: add _locked suffix to drm_gem_object_put 2020-05-19 22:31:30 +01:00
msm_gpu.h drm: convert .debugfs_init() hook to return void. 2020-03-18 17:53:28 +01:00
msm_gpu_trace.h
msm_gpu_tracepoints.c
msm_gpummu.c
msm_iommu.c
msm_kms.h
msm_mmu.h
msm_perf.c
msm_rd.c drm/msm: devcoredump should dump MSM_SUBMIT_BO_DUMP buffers 2020-03-19 12:18:44 -07:00
msm_ringbuffer.c
msm_ringbuffer.h
msm_submitqueue.c
NOTES