Linaro-mm-sig June 2023

linaro-mm-sig@lists.linaro.org

34 participants
20 discussions

[RFC PATCH] dma-buf/dma-fence: Use a successful read_trylock() annotation for dma_fence_begin_signalling()

by Thomas Hellström

Condsider the following call sequence: /* Upper layer */ dma_fence_begin_signalling(); lock(tainted_shared_lock); /* Driver callback */ dma_fence_begin_signalling(); ... The driver might here use a utility that is annotated as intended for the dma-fence signalling critical path. Now if the upper layer isn't correctly annotated yet for whatever reason, resulting in /* Upper layer */ lock(tainted_shared_lock); /* Driver callback */ dma_fence_begin_signalling(); We will receive a false lockdep locking order violation notification from dma_fence_begin_signalling(). However entering a dma-fence signalling critical section itself doesn't block and could not cause a deadlock. So use a successful read_trylock() annotation instead for dma_fence_begin_signalling(). That will make sure that the locking order is correctly registered in the first case, and doesn't register any locking order in the second case. The alternative is of course to make sure that the "Upper layer" is always correctly annotated. But experience shows that's not easily achievable in all cases. Signed-off-by: Thomas Hellström <thomas.hellstrom(a)linux.intel.com> --- drivers/dma-buf/dma-fence.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/drivers/dma-buf/dma-fence.c b/drivers/dma-buf/dma-fence.c index f177c56269bb..17f632768ef9 100644 --- a/drivers/dma-buf/dma-fence.c +++ b/drivers/dma-buf/dma-fence.c @@ -308,8 +308,8 @@ bool dma_fence_begin_signalling(void) if (in_atomic()) return true; - /* ... and non-recursive readlock */ - lock_acquire(&dma_fence_lockdep_map, 0, 0, 1, 1, NULL, _RET_IP_); + /* ... and non-recursive successful read_trylock */ + lock_acquire(&dma_fence_lockdep_map, 0, 1, 1, 1, NULL, _RET_IP_); return false; } @@ -340,7 +340,7 @@ void __dma_fence_might_wait(void) lock_map_acquire(&dma_fence_lockdep_map); lock_map_release(&dma_fence_lockdep_map); if (tmp) - lock_acquire(&dma_fence_lockdep_map, 0, 0, 1, 1, NULL, _THIS_IP_); + lock_acquire(&dma_fence_lockdep_map, 0, 1, 1, 1, NULL, _THIS_IP_); } #endif -- 2.39.2

3 months

[PATCH] drm/shmem-helper: Remove duplicate include

by Jiapeng Chong

./drivers/gpu/drm/drm_gem_shmem_helper.c: linux/module.h is included more than once. Reported-by: Abaci Robot <abaci(a)linux.alibaba.com> Link: https://bugzilla.openanolis.cn/show_bug.cgi?id=4567 Signed-off-by: Jiapeng Chong <jiapeng.chong(a)linux.alibaba.com> --- drivers/gpu/drm/drm_gem_shmem_helper.c | 1 - 1 file changed, 1 deletion(-) diff --git a/drivers/gpu/drm/drm_gem_shmem_helper.c b/drivers/gpu/drm/drm_gem_shmem_helper.c index 4ea6507a77e5..f401df26facf 100644 --- a/drivers/gpu/drm/drm_gem_shmem_helper.c +++ b/drivers/gpu/drm/drm_gem_shmem_helper.c @@ -10,7 +10,6 @@ #include <linux/shmem_fs.h> #include <linux/slab.h> #include <linux/vmalloc.h> -#include <linux/module.h> #ifdef CONFIG_X86 #include <asm/set_memory.h> -- 2.20.1.7.g153144c

9 months, 1 week

[syzbot] [dri?] KMSAN: uninit-value in drm_mode_setcrtc

by syzbot

Hello, syzbot found the following issue on: HEAD commit: 2741f1b02117 string: use __builtin_memcpy() in strlcpy/str.. git tree: https://github.com/google/kmsan.git master console+strace: https://syzkaller.appspot.com/x/log.txt?x=17bb33d1280000 kernel config: https://syzkaller.appspot.com/x/.config?x=753079601b2300f9 dashboard link: https://syzkaller.appspot.com/bug?extid=4fad2e57beb6397ab2fc compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2 syz repro: https://syzkaller.appspot.com/x/repro.syz?x=16d669a5280000 C reproducer: https://syzkaller.appspot.com/x/repro.c?x=14d8f095280000 Downloadable assets: disk image: https://storage.googleapis.com/syzbot-assets/ebd05512d8d7/disk-2741f1b0.raw… vmlinux: https://storage.googleapis.com/syzbot-assets/aa555b09582c/vmlinux-2741f1b0.… kernel image: https://storage.googleapis.com/syzbot-assets/5ea0934e02cc/bzImage-2741f1b0.… IMPORTANT: if you fix the issue, please add the following tag to the commit: Reported-by: syzbot+4fad2e57beb6397ab2fc(a)syzkaller.appspotmail.com ===================================================== BUG: KMSAN: uninit-value in drm_mode_setcrtc+0x1ad3/0x24a0 drivers/gpu/drm/drm_crtc.c:896 drm_mode_setcrtc+0x1ad3/0x24a0 drivers/gpu/drm/drm_crtc.c:896 drm_ioctl_kernel+0x5ae/0x730 drivers/gpu/drm/drm_ioctl.c:788 drm_ioctl+0xd12/0x1590 drivers/gpu/drm/drm_ioctl.c:891 vfs_ioctl fs/ioctl.c:51 [inline] __do_sys_ioctl fs/ioctl.c:870 [inline] __se_sys_ioctl+0x222/0x400 fs/ioctl.c:856 __x64_sys_ioctl+0x96/0xe0 fs/ioctl.c:856 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x41/0xc0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x63/0xcd Uninit was created at: slab_post_alloc_hook+0x12d/0xb60 mm/slab.h:716 slab_alloc_node mm/slub.c:3451 [inline] __kmem_cache_alloc_node+0x4ff/0x8b0 mm/slub.c:3490 __do_kmalloc_node mm/slab_common.c:965 [inline] __kmalloc+0x121/0x3c0 mm/slab_common.c:979 kmalloc_array include/linux/slab.h:596 [inline] drm_mode_setcrtc+0x1dba/0x24a0 drivers/gpu/drm/drm_crtc.c:846 drm_ioctl_kernel+0x5ae/0x730 drivers/gpu/drm/drm_ioctl.c:788 drm_ioctl+0xd12/0x1590 drivers/gpu/drm/drm_ioctl.c:891 vfs_ioctl fs/ioctl.c:51 [inline] __do_sys_ioctl fs/ioctl.c:870 [inline] __se_sys_ioctl+0x222/0x400 fs/ioctl.c:856 __x64_sys_ioctl+0x96/0xe0 fs/ioctl.c:856 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x41/0xc0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x63/0xcd CPU: 1 PID: 4955 Comm: syz-executor275 Not tainted 6.4.0-rc4-syzkaller-g2741f1b02117 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/25/2023 ===================================================== --- This report is generated by a bot. It may contain errors. See https://goo.gl/tpsmEJ for more information about syzbot. syzbot engineers can be reached at syzkaller(a)googlegroups.com. syzbot will keep track of this issue. See: https://goo.gl/tpsmEJ#status for how to communicate with syzbot. If the bug is already fixed, let syzbot know by replying with: #syz fix: exact-commit-title If you want syzbot to run the reproducer, reply with: #syz test: git://repo/address.git branch-or-commit-hash If you attach or paste a git patch, syzbot will apply it before testing. If you want to change bug's subsystems, reply with: #syz set subsystems: new-subsystem (See the list of subsystem names on the web dashboard) If the bug is a duplicate of another bug, reply with: #syz dup: exact-subject-of-another-report If you want to undo deduplication, reply with: #syz undup

1 year

[RFC] drm/scheduler: Unwrap job dependencies

by Rob Clark

From: Rob Clark <robdclark(a)chromium.org> Container fences have burner contexts, which makes the trick to store at most one fence per context somewhat useless if we don't unwrap array or chain fences. Signed-off-by: Rob Clark <robdclark(a)chromium.org> --- tbh, I'm not sure why we weren't doing this already, unless there is something I'm overlooking drivers/gpu/drm/scheduler/sched_main.c | 43 +++++++++++++++++--------- 1 file changed, 28 insertions(+), 15 deletions(-) diff --git a/drivers/gpu/drm/scheduler/sched_main.c b/drivers/gpu/drm/scheduler/sched_main.c index c2ee44d6224b..f59e5335afbb 100644 --- a/drivers/gpu/drm/scheduler/sched_main.c +++ b/drivers/gpu/drm/scheduler/sched_main.c @@ -41,20 +41,21 @@ * 4. Entities themselves maintain a queue of jobs that will be scheduled on * the hardware. * * The jobs in a entity are always scheduled in the order that they were pushed. */ #include <linux/kthread.h> #include <linux/wait.h> #include <linux/sched.h> #include <linux/completion.h> +#include <linux/dma-fence-unwrap.h> #include <linux/dma-resv.h> #include <uapi/linux/sched/types.h> #include <drm/drm_print.h> #include <drm/drm_gem.h> #include <drm/gpu_scheduler.h> #include <drm/spsc_queue.h> #define CREATE_TRACE_POINTS #include "gpu_scheduler_trace.h" @@ -665,41 +666,27 @@ void drm_sched_job_arm(struct drm_sched_job *job) sched = entity->rq->sched; job->sched = sched; job->s_priority = entity->rq - sched->sched_rq; job->id = atomic64_inc_return(&sched->job_id_count); drm_sched_fence_init(job->s_fence, job->entity); } EXPORT_SYMBOL(drm_sched_job_arm); -/** - * drm_sched_job_add_dependency - adds the fence as a job dependency - * @job: scheduler job to add the dependencies to - * @fence: the dma_fence to add to the list of dependencies. - * - * Note that @fence is consumed in both the success and error cases. - * - * Returns: - * 0 on success, or an error on failing to expand the array. - */ -int drm_sched_job_add_dependency(struct drm_sched_job *job, - struct dma_fence *fence) +static int _add_dependency(struct drm_sched_job *job, struct dma_fence *fence) { struct dma_fence *entry; unsigned long index; u32 id = 0; int ret; - if (!fence) - return 0; - /* Deduplicate if we already depend on a fence from the same context. * This lets the size of the array of deps scale with the number of * engines involved, rather than the number of BOs. */ xa_for_each(&job->dependencies, index, entry) { if (entry->context != fence->context) continue; if (dma_fence_is_later(fence, entry)) { dma_fence_put(entry); @@ -709,20 +696,46 @@ int drm_sched_job_add_dependency(struct drm_sched_job *job, } return 0; } ret = xa_alloc(&job->dependencies, &id, fence, xa_limit_32b, GFP_KERNEL); if (ret != 0) dma_fence_put(fence); return ret; } + +/** + * drm_sched_job_add_dependency - adds the fence as a job dependency + * @job: scheduler job to add the dependencies to + * @fence: the dma_fence to add to the list of dependencies. + * + * Note that @fence is consumed in both the success and error cases. + * + * Returns: + * 0 on success, or an error on failing to expand the array. + */ +int drm_sched_job_add_dependency(struct drm_sched_job *job, + struct dma_fence *fence) +{ + struct dma_fence_unwrap iter; + struct dma_fence *f; + int ret = 0; + + dma_fence_unwrap_for_each (f, &iter, fence) { + ret = _add_dependency(job, f); + if (ret) + break; + } + + return ret; +} EXPORT_SYMBOL(drm_sched_job_add_dependency); /** * drm_sched_job_add_resv_dependencies - add all fences from the resv to the job * @job: scheduler job to add the dependencies to * @resv: the dma_resv object to get the fences from * @usage: the dma_resv_usage to use to filter the fences * * This adds all fences matching the given usage from @resv to @job. * Must be called with the @resv lock held. -- 2.39.2

1 year

[PATCH 0/9] Add DRM driver for StarFive SoC JH7110

by Keith Zhao

Hi, This series is a DRM driver for StarFive SoC JH7110, which includes a display controller driver for Verisilicon DC8200 and an HMDI driver. We use GEM framework for buffer management and allocate memory by using DMA APIs. The JH7110 display subsystem includes a display controller Verisilicon DC8200 and an HDMI transmitter. The HDMI TX IP is designed for transmitting video and audio data from DC8200 to a display device. The HDMI TX IP consists of the digital controller and the physical layer. This series does not support HDMI audio driver. Keith Zhao (9): dt-bindings: display: Add yamls for JH7110 display subsystem riscv: dts: starfive: jh7110: add dc&hdmi controller node drm/verisilicon: Add basic drm driver drm/verisilicon: Add gem driver for JH7110 SoC drm/verisilicon: Add mode config funcs drm/verisilicon: Add drm crtc funcs drm/verisilicon: Add drm plane funcs drm/verisilicon: Add verisilicon dc controller driver drm/verisilicon: Add starfive hdmi driver .../display/verisilicon/starfive-hdmi.yaml | 93 + .../display/verisilicon/verisilicon-dc.yaml | 110 + .../display/verisilicon/verisilicon-drm.yaml | 42 + .../devicetree/bindings/vendor-prefixes.yaml | 2 + MAINTAINERS | 9 + .../jh7110-starfive-visionfive-2.dtsi | 87 + arch/riscv/boot/dts/starfive/jh7110.dtsi | 46 + drivers/gpu/drm/Kconfig | 2 + drivers/gpu/drm/Makefile | 1 + drivers/gpu/drm/verisilicon/Kconfig | 24 + drivers/gpu/drm/verisilicon/Makefile | 13 + drivers/gpu/drm/verisilicon/starfive_hdmi.c | 928 ++++++++ drivers/gpu/drm/verisilicon/starfive_hdmi.h | 296 +++ drivers/gpu/drm/verisilicon/vs_crtc.c | 388 ++++ drivers/gpu/drm/verisilicon/vs_crtc.h | 74 + drivers/gpu/drm/verisilicon/vs_dc.c | 1040 +++++++++ drivers/gpu/drm/verisilicon/vs_dc.h | 62 + drivers/gpu/drm/verisilicon/vs_dc_hw.c | 2008 +++++++++++++++++ drivers/gpu/drm/verisilicon/vs_dc_hw.h | 496 ++++ drivers/gpu/drm/verisilicon/vs_drv.c | 301 +++ drivers/gpu/drm/verisilicon/vs_drv.h | 52 + drivers/gpu/drm/verisilicon/vs_fb.c | 181 ++ drivers/gpu/drm/verisilicon/vs_fb.h | 15 + drivers/gpu/drm/verisilicon/vs_gem.c | 372 +++ drivers/gpu/drm/verisilicon/vs_gem.h | 72 + drivers/gpu/drm/verisilicon/vs_plane.c | 440 ++++ drivers/gpu/drm/verisilicon/vs_plane.h | 74 + drivers/gpu/drm/verisilicon/vs_type.h | 72 + include/uapi/drm/drm_fourcc.h | 83 + include/uapi/drm/vs_drm.h | 50 + 30 files changed, 7433 insertions(+) create mode 100644 Documentation/devicetree/bindings/display/verisilicon/starfive-hdmi.yaml create mode 100644 Documentation/devicetree/bindings/display/verisilicon/verisilicon-dc.yaml create mode 100644 Documentation/devicetree/bindings/display/verisilicon/verisilicon-drm.yaml create mode 100644 drivers/gpu/drm/verisilicon/Kconfig create mode 100644 drivers/gpu/drm/verisilicon/Makefile create mode 100644 drivers/gpu/drm/verisilicon/starfive_hdmi.c create mode 100644 drivers/gpu/drm/verisilicon/starfive_hdmi.h create mode 100644 drivers/gpu/drm/verisilicon/vs_crtc.c create mode 100644 drivers/gpu/drm/verisilicon/vs_crtc.h create mode 100644 drivers/gpu/drm/verisilicon/vs_dc.c create mode 100644 drivers/gpu/drm/verisilicon/vs_dc.h create mode 100644 drivers/gpu/drm/verisilicon/vs_dc_hw.c create mode 100644 drivers/gpu/drm/verisilicon/vs_dc_hw.h create mode 100644 drivers/gpu/drm/verisilicon/vs_drv.c create mode 100644 drivers/gpu/drm/verisilicon/vs_drv.h create mode 100644 drivers/gpu/drm/verisilicon/vs_fb.c create mode 100644 drivers/gpu/drm/verisilicon/vs_fb.h create mode 100644 drivers/gpu/drm/verisilicon/vs_gem.c create mode 100644 drivers/gpu/drm/verisilicon/vs_gem.h create mode 100644 drivers/gpu/drm/verisilicon/vs_plane.c create mode 100644 drivers/gpu/drm/verisilicon/vs_plane.h create mode 100644 drivers/gpu/drm/verisilicon/vs_type.h create mode 100644 include/uapi/drm/vs_drm.h -- 2.34.1

1 year, 5 months

[PATCH v2 00/24] use vmalloc_array and vcalloc

by Julia Lawall

The functions vmalloc_array and vcalloc were introduced in commit a8749a35c399 ("mm: vmalloc: introduce array allocation functions") but are not used much yet. This series introduces uses of these functions, to protect against multiplication overflows. The changes were done using the following Coccinelle semantic patch. @initialize:ocaml@ @@ let rename alloc = match alloc with "vmalloc" -> "vmalloc_array" | "vzalloc" -> "vcalloc" | _ -> failwith "unknown" @@ size_t e1,e2; constant C1, C2; expression E1, E2, COUNT, x1, x2, x3; typedef u8; typedef __u8; type t = {u8,__u8,char,unsigned char}; identifier alloc = {vmalloc,vzalloc}; fresh identifier realloc = script:ocaml(alloc) { rename alloc }; @@ ( alloc(x1*x2*x3) | alloc(C1 * C2) | alloc((sizeof(t)) * (COUNT), ...) | - alloc((e1) * (e2)) + realloc(e1, e2) | - alloc((e1) * (COUNT)) + realloc(COUNT, e1) | - alloc((E1) * (E2)) + realloc(E1, E2) ) v2: This series uses vmalloc_array and vcalloc instead of array_size. It also leaves a multiplication of a constant by a sizeof as is. Two patches are thus dropped from the series. --- arch/x86/kernel/cpu/sgx/main.c | 2 +- drivers/accel/habanalabs/common/device.c | 3 ++- drivers/accel/habanalabs/common/state_dump.c | 7 ++++--- drivers/bus/mhi/host/init.c | 2 +- drivers/comedi/comedi_buf.c | 4 ++-- drivers/dma-buf/heaps/system_heap.c | 2 +- drivers/gpu/drm/gud/gud_pipe.c | 2 +- drivers/gpu/drm/i915/gvt/gtt.c | 6 ++++-- drivers/infiniband/hw/bnxt_re/qplib_res.c | 4 ++-- drivers/infiniband/hw/erdma/erdma_verbs.c | 4 ++-- drivers/infiniband/sw/siw/siw_qp.c | 4 ++-- drivers/infiniband/sw/siw/siw_verbs.c | 6 +++--- drivers/iommu/tegra-gart.c | 4 ++-- drivers/net/ethernet/amd/pds_core/core.c | 4 ++-- drivers/net/ethernet/freescale/enetc/enetc.c | 4 ++-- drivers/net/ethernet/google/gve/gve_tx.c | 2 +- drivers/net/ethernet/marvell/octeon_ep/octep_rx.c | 2 +- drivers/net/ethernet/microsoft/mana/hw_channel.c | 2 +- drivers/net/ethernet/pensando/ionic/ionic_lif.c | 4 ++-- drivers/scsi/fnic/fnic_trace.c | 2 +- drivers/scsi/qla2xxx/qla_init.c | 4 ++-- drivers/vdpa/vdpa_user/iova_domain.c | 4 ++-- drivers/virtio/virtio_mem.c | 6 +++--- fs/btrfs/zoned.c | 4 ++-- kernel/kcov.c | 2 +- lib/test_vmalloc.c | 9 +++++---- 26 files changed, 52 insertions(+), 47 deletions(-)

1 year, 5 months

[PATCH] MAINTAINERS: Remove Laura Abbott from DMA-BUF HEAPS FRAMEWORK

by John Stultz

Laura's email address has not been valid for quite awhile now, so wanted to clean up the reviewer list here. I reached out to Laura who said it made sense to drop her from the list, so this patch does that. I do want to recognize Laura's long time contribution to this area and her previous ION maintainership, as this couldn't have gone upstream without her prior efforts. Many thanks! Cc: Laura Abbott <labbott(a)kernel.org> Cc: T.J. Mercier <tjmercier(a)google.com> Cc: Sumit Semwal <sumit.semwal(a)linaro.org> Cc: Benjamin Gaignard <benjamin.gaignard(a)collabora.com> Cc: Brian Starkey <Brian.Starkey(a)arm.com> Cc: John Stultz <jstultz(a)google.com> Cc: linux-media(a)vger.kernel.org Cc: dri-devel(a)lists.freedesktop.org Cc: linaro-mm-sig(a)lists.linaro.org Cc: kernel-team(a)android.com Acked-by: Laura Abbott <labbott(a)kernel.org> Signed-off-by: John Stultz <jstultz(a)google.com> --- MAINTAINERS | 1 - 1 file changed, 1 deletion(-) diff --git a/MAINTAINERS b/MAINTAINERS index f4e92b968ed7..6b28b59cbdb9 100644 --- a/MAINTAINERS +++ b/MAINTAINERS @@ -6181,7 +6181,6 @@ F: kernel/dma/ DMA-BUF HEAPS FRAMEWORK M: Sumit Semwal <sumit.semwal(a)linaro.org> R: Benjamin Gaignard <benjamin.gaignard(a)collabora.com> -R: Laura Abbott <labbott(a)redhat.com> R: Brian Starkey <Brian.Starkey(a)arm.com> R: John Stultz <jstultz(a)google.com> R: T.J. Mercier <tjmercier(a)google.com> -- 2.41.0.255.g8b1d071c50-goog

1 year, 5 months

[PATCH] MAINTAINERS: Remove Liam Mark from DMA-BUF HEAPS FRAMEWORK

by Jeffrey Hugo

@codeaurora.org email addresses are no longer valid and will bounce. I reached out to Liam about updating his entry under DMA-BUF HEAPS FRAMEWORK with an @codeaurora.org address. His response: "I am not a maintainer anymore, that should be removed." Liam currently does not have an email address that can be used to remove this entry, so I offered to submit a cleanup on his behalf with Liam's consent. Signed-off-by: Jeffrey Hugo <quic_jhugo(a)quicinc.com> --- MAINTAINERS | 1 - 1 file changed, 1 deletion(-) diff --git a/MAINTAINERS b/MAINTAINERS index 76b53bafc03c..1781eb0a8dda 100644 --- a/MAINTAINERS +++ b/MAINTAINERS @@ -6168,7 +6168,6 @@ F: kernel/dma/ DMA-BUF HEAPS FRAMEWORK M: Sumit Semwal <sumit.semwal(a)linaro.org> R: Benjamin Gaignard <benjamin.gaignard(a)collabora.com> -R: Liam Mark <lmark(a)codeaurora.org> R: Laura Abbott <labbott(a)redhat.com> R: Brian Starkey <Brian.Starkey(a)arm.com> R: John Stultz <jstultz(a)google.com> -- 2.40.1

1 year, 5 months

[PATCH 00/26] use array_size

by Julia Lawall

Use array_size to protect against multiplication overflows. This follows up on the following patches by Kees Cook from 2018. 42bc47b35320 ("treewide: Use array_size() in vmalloc()") fad953ce0b22 ("treewide: Use array_size() in vzalloc()") The changes were done using the following Coccinelle semantic patch, adapted from the one posted by Kees. // Drop single-byte sizes and redundant parens. @@ expression COUNT; typedef u8; typedef __u8; type t = {u8,__u8,char,unsigned char}; identifier alloc = {vmalloc,vzalloc}; @@ alloc( - (sizeof(t)) * (COUNT) + COUNT , ...) // 3-factor product with 2 sizeof(variable), with redundant parens removed. @@ expression COUNT; size_t e1, e2, e3; identifier alloc = {vmalloc,vzalloc}; @@ ( alloc( - (e1) * (e2) * (e3) + array3_size(e1, e2, e3) ,...) | alloc( - (e1) * (e2) * (COUNT) + array3_size(COUNT, e1, e2) ,...) ) // 3-factor product with 1 sizeof(type) or sizeof(expression), with // redundant parens removed. @@ expression STRIDE, COUNT; size_t e; identifier alloc = {vmalloc,vzalloc}; @@ alloc( - (e) * (COUNT) * (STRIDE) + array3_size(COUNT, STRIDE, e) ,...) // Any remaining multi-factor products, first at least 3-factor products // when they're not all constants... @@ expression E1, E2, E3; constant C1, C2, C3; identifier alloc = {vmalloc,vzalloc}; @@ ( alloc(C1 * C2 * C3,...) | alloc( - (E1) * (E2) * (E3) + array3_size(E1, E2, E3) ,...) ) // 2-factor product with sizeof(type/expression) and identifier or constant. @@ size_t e1,e2; expression COUNT; identifier alloc = {vmalloc,vzalloc}; @@ ( alloc( - (e1) * (e2) + array_size(e1, e2) ,...) | alloc( - (e1) * (COUNT) + array_size(COUNT, e1) ,...) ) // And then all remaining 2 factors products when they're not all constants. @@ expression E1, E2; constant C1, C2; identifier alloc = {vmalloc,vzalloc}; @@ ( alloc(C1 * C2,...) | alloc( - (E1) * (E2) + array_size(E1, E2) ,...) ) --- arch/x86/kernel/cpu/sgx/main.c | 3 ++- drivers/accel/habanalabs/common/device.c | 3 ++- drivers/accel/habanalabs/common/state_dump.c | 6 +++--- drivers/bus/mhi/host/init.c | 4 ++-- drivers/comedi/comedi_buf.c | 4 ++-- drivers/dma-buf/heaps/system_heap.c | 2 +- drivers/gpu/drm/gud/gud_pipe.c | 2 +- drivers/gpu/drm/i915/gvt/gtt.c | 6 ++++-- drivers/gpu/drm/vmwgfx/vmwgfx_devcaps.c | 2 +- drivers/infiniband/hw/bnxt_re/qplib_res.c | 4 ++-- drivers/infiniband/hw/erdma/erdma_verbs.c | 4 ++-- drivers/infiniband/sw/siw/siw_qp.c | 4 ++-- drivers/infiniband/sw/siw/siw_verbs.c | 6 +++--- drivers/iommu/tegra-gart.c | 4 ++-- drivers/net/ethernet/amd/pds_core/core.c | 4 ++-- drivers/net/ethernet/freescale/enetc/enetc.c | 4 ++-- drivers/net/ethernet/google/gve/gve_tx.c | 2 +- drivers/net/ethernet/marvell/octeon_ep/octep_rx.c | 2 +- drivers/net/ethernet/microsoft/mana/hw_channel.c | 2 +- drivers/net/ethernet/pensando/ionic/ionic_lif.c | 4 ++-- drivers/scsi/fnic/fnic_trace.c | 2 +- drivers/scsi/qla2xxx/qla_init.c | 4 ++-- drivers/staging/media/ipu3/ipu3-mmu.c | 2 +- drivers/vdpa/vdpa_user/iova_domain.c | 3 +-- drivers/virtio/virtio_mem.c | 6 +++--- fs/btrfs/zoned.c | 5 +++-- kernel/kcov.c | 2 +- lib/test_vmalloc.c | 12 ++++++------ 28 files changed, 56 insertions(+), 52 deletions(-)

1 year, 6 months

[PATCH] accel/qaic: Call DRM helper function to destroy prime GEM

by Jeffrey Hugo

From: Pranjal Ramajor Asha Kanojiya <quic_pkanojiy(a)quicinc.com> smatch warning: drivers/accel/qaic/qaic_data.c:620 qaic_free_object() error: dereferencing freed memory 'obj->import_attach' obj->import_attach is detached and freed using dma_buf_detach(). But used after free to decrease the dmabuf ref count using dma_buf_put(). drm_prime_gem_destroy() handles this issue and performs the proper clean up instead of open coding it in the driver. Fixes: ff13be830333 ("accel/qaic: Add datapath") Reported-by: Sukrut Bellary <sukrut.bellary(a)linux.com> Closes: https://lore.kernel.org/all/20230610021200.377452-1-sukrut.bellary@linux.co… Suggested-by: Christian König <christian.koenig(a)amd.com> Signed-off-by: Pranjal Ramajor Asha Kanojiya <quic_pkanojiy(a)quicinc.com> Reviewed-by: Carl Vanderlip <quic_carlv(a)quicinc.com> Reviewed-by: Jeffrey Hugo <quic_jhugo(a)quicinc.com> Signed-off-by: Jeffrey Hugo <quic_jhugo(a)quicinc.com> --- drivers/accel/qaic/qaic_data.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/drivers/accel/qaic/qaic_data.c b/drivers/accel/qaic/qaic_data.c index e42c1f9ffff8..e9a1cb779b30 100644 --- a/drivers/accel/qaic/qaic_data.c +++ b/drivers/accel/qaic/qaic_data.c @@ -23,6 +23,7 @@ #include <linux/wait.h> #include <drm/drm_file.h> #include <drm/drm_gem.h> +#include <drm/drm_prime.h> #include <drm/drm_print.h> #include <uapi/drm/qaic_accel.h> @@ -616,8 +617,7 @@ static void qaic_free_object(struct drm_gem_object *obj) if (obj->import_attach) { /* DMABUF/PRIME Path */ - dma_buf_detach(obj->import_attach->dmabuf, obj->import_attach); - dma_buf_put(obj->import_attach->dmabuf); + drm_prime_gem_destroy(obj, NULL); } else { /* Private buffer allocation path */ qaic_free_sgt(bo->sgt); -- 2.40.1

1 year, 6 months

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

Linaro-mm-sig June 2023