Linaro-mm-sig

linaro-mm-sig@lists.linaro.org

131 participants
7050 discussions

[PATCH] dma-buf: explicitely forbid exposing pages from get_user_pages()

by Christian König

We recently had another incident where two drivers put pages they got from get_user_pages() into a DMA-buf and cause quite a number of problems. Explicitely document that this is not something exporters can do. Signed-off-by: Christian König <christian.koenig(a)amd.com> --- drivers/dma-buf/dma-buf.c | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/drivers/dma-buf/dma-buf.c b/drivers/dma-buf/dma-buf.c index 71f37544a5c6..aa5af4f439c2 100644 --- a/drivers/dma-buf/dma-buf.c +++ b/drivers/dma-buf/dma-buf.c @@ -685,6 +685,14 @@ static struct file *dma_buf_getfile(size_t size, int flags) * * For the detailed semantics exporters are expected to implement see * &dma_buf_ops. + * + * It is explicitely forbidden for exporters to expose buffers they don't "own" + * as DMA-buf. This includes pages acquired by get_user_pages() or other import + * mechanism. Not following this rule can create numerous security problems. + * + * It is also strongly discouraged to expose the same backing store through + * multiple DMA-bufs at the same time. This eventually creates aliasing and + * cache coherency problems which are extremely hard to debug and fix. */ /** -- 2.43.0

18 minutes

Bouncing Your Way Through Geometry: What Makes Jump Games So Addictive

by clinical.condor.xuhe＠hidingmail.net

https://geometrydash-pc.com/ Geometry-based jump games have become a phenomenon in casual gaming, and for good reason. There's something deeply satisfying about timing a perfect jump, watching your character soar through geometric obstacles, and finally reaching that "just one more level" feeling at 11 PM on a Tuesday. If you've never experienced this particular brand of digital frustration and joy, let me walk you through what makes these games tick—and why your reflexes might thank you (or curse you) for giving them a try. The Beautiful Simplicity of Jumping Through Shapes At their core, geometry jump games strip gaming down to its essence: move, jump, survive, repeat. Take Geometry Dash as our primary example. The concept sounds almost comically simple—you control a geometric shape (typically a square) and must navigate it through an obstacle course of spikes, platforms, and other hazards, all synchronized to music. That's it. No complex storylines, no resource management, no unnecessary mechanics getting in the way. The genius lies in how this simplicity becomes a foundation for incredible complexity. Early levels ease you in with gentle slopes and straightforward obstacles. But as you progress, the game introduces new mechanics: your shape might transform into a ship that flies and falls with different physics, or a cube that can jump at precise intervals, or a ball that rolls with its own momentum. Each transformation changes how you perceive and interact with the space around you, keeping the experience fresh despite the unchanging core mechanic. What really hooks players is the relationship between gameplay and sound design. In these games, your jumps, movements, and even collisions sync with the background music. This isn't just eye candy—it creates a rhythm that your brain naturally wants to follow. Successfully nailing a sequence of jumps that align with the beat feels almost musical, like you're dancing through geometry rather than simply fighting your way through it. How the Experience Actually Works When you first launch a geometry jump game, you'll notice the visual style leans toward minimalism. Bright colors contrast against dark backgrounds. Obstacles are clearly defined geometric shapes. There's no confusion about what you can and can't touch—a spike is a spike, a platform is a platform. This clarity is crucial because the game demands precision, and it delivers that demand through an uncluttered visual language. The difficulty curve in these games teaches an important lesson about game design. Early levels act as a tutorial without ever pausing to explain things. You learn through doing. You discover that holding the jump button longer makes you jump higher (in certain modes). You realize that some obstacles require split-second timing while others reward patience. The game respects your intelligence enough not to spell everything out, yet supports you enough that progress feels achievable. Progression in these games works differently than traditional level-based structures. Levels often exceed three or four minutes of continuous gameplay. A single mistake near the end sends you back to the beginning. This sounds punishing, and initially it is, but it creates something interesting: players develop the ability to stay focused under pressure. You learn to accept failure as part of the process. That 47th attempt doesn't feel like torture—it feels like you're getting closer. Practical Tips for New Players If you're thinking about diving into a geometry jump experience, here are some things that will make your journey more enjoyable. First, play with sound on (with headphones if possible). The audio design isn't decorative—it's genuinely part of the game. Your brain will start anticipating jumps based on musical cues. Second, accept that you'll fail repeatedly. A lot. This isn't a flaw in game design; it's the entire point. Each failure teaches you something about timing, positioning, or physics. Instead of thinking "I'm bad at this," think "I'm learning." The shift in mindset makes an enormous difference in how frustrating or fun the experience becomes. Third, take breaks when you're stuck. Walk away for 20 minutes, come back fresh, and you'll often breeze through what seemed impossible before. Your muscle memory and spatial reasoning improve even when you're not actively playing—your brain keeps processing those patterns. Finally, don't compare your progress to others immediately. These games feature leaderboards and difficulty ratings that can feel intimidating. Focus on completing the built-in levels first and getting comfortable with the mechanics. Once you're ready, the community has created custom levels at every difficulty level imaginable. The Lasting Appeal What keeps people returning to geometry jump games isn't just the challenge—it's the feeling of growth. You watch your own improvement in real-time. That level that seemed impossible yesterday becomes a warm-up today. Your fingers develop instinctive knowledge of the physics without your brain consciously calculating them. These games also offer something increasingly rare in modern entertainment: they don't demand your attention span be fragmented. They ask for focus, dedication, and patience in exchange for genuine achievement. In a world of endless notifications and distractions, there's something refreshing about a game that simply wants you to jump through some shapes to the beat of good music. Whether you're a casual gamer looking for something satisfying or someone seeking a new challenge, geometry jump games offer an experience that's easy to understand but genuinely difficult to master. And honestly, that's exactly what makes them worth your time.

42 minutes

[PATCH] dma-buf/test: add KUnit case for dma_fence_dedup_array() empty input

by Baineng Shou

Add a KUnit case verifying that dma_fence_dedup_array() returns 0, not 1, when called with num_fences == 0. This locks down the contract documented in the kernel-doc and prevents a regression of commit 77a9298741f8 ("dma-fence: Make dma_fence_dedup_array() robust against 0-count input"). Suggested-by: Christian König <christian.koenig(a)amd.com> Signed-off-by: Baineng Shou <shoubaineng(a)gmail.com> --- drivers/dma-buf/st-dma-fence-unwrap.c | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/drivers/dma-buf/st-dma-fence-unwrap.c b/drivers/dma-buf/st-dma-fence-unwrap.c index 4e7ee25372ba..72dea6091d58 100644 --- a/drivers/dma-buf/st-dma-fence-unwrap.c +++ b/drivers/dma-buf/st-dma-fence-unwrap.c @@ -370,6 +370,15 @@ static void test_unwrap_merge_seqno(struct kunit *test) dma_fence_put(f1); } +static void test_dedup_empty(struct kunit *test) +{ + struct dma_fence *fence[1] = { NULL }; + int ret; + + ret = dma_fence_dedup_array(fence, 0); + KUNIT_EXPECT_EQ(test, ret, 0); +} + static void test_unwrap_merge_order(struct kunit *test) { struct dma_fence *fence, *f1, *f2, *a1, *a2, *c1, *c2; @@ -595,6 +604,7 @@ static struct kunit_case dma_fence_unwrap_cases[] = { KUNIT_CASE(test_unwrap_merge_order), KUNIT_CASE(test_unwrap_merge_complex), KUNIT_CASE(test_unwrap_merge_complex_seqno), + KUNIT_CASE(test_dedup_empty), {} }; -- 2.34.1

2 hours, 15 minutes

Geometry Dash Lite: A Rhythm-Based Odyssey in the Palm of Your Hand

by 77nannette＠web-library.net

Ever found yourself yearning for a game that’s easy to pick up but incredibly challenging to master? A game that tests your reflexes, your rhythm, and your patience, all while delivering a surprisingly addictive experience? Look no further than geometry dash lite. This free-to-play mobile sensation, a trimmed-down version of the full Geometry Dash game, offers a fantastic entry point into a world of pulsing electronic music, geometric obstacles, and an almost zen-like focus on timing. Whether you're a seasoned gamer or just looking for a fun way to pass the time, Geometry Dash Lite provides an exhilarating ride. https://geometrylitepc.com/ The Rhythmic Heartbeat: What is Geometry Dash Lite? At its core, Geometry Dash Lite is a rhythm-based platformer. You control a small, customizable icon (usually a square, but you can unlock others) that automatically moves forward through a series of levels. Your sole objective is to navigate these levels, avoiding an onslaught of spikes, sawblades, and other cleverly designed traps, all perfectly synced to an energetic soundtrack. The game's beauty lies in its simplicity: tap to jump. That's it. But within this simple mechanic lies a world of nuanced timing, precise execution, and a surprising amount of strategic thinking. The "Lite" version of the game offers a selection of levels from the full Geometry Dash experience, allowing players to get a taste of what the full game has to offer without any initial commitment. It's a perfect sampler, showcasing the core mechanics, the diverse level design, and the infectious music that defines the series. For those curious to explore further or even play on their PC, you can find more information about Geometry Dash Lite at Geometry Dash Lite Gameplay: A Symphony of Taps and Jumps The gameplay loop of Geometry Dash Lite is incredibly straightforward, yet it offers a satisfying and often frustrating challenge. Your Icon: Your main character is a small geometric shape that continuously moves forward. Its movement speed is constant within a given segment of a level. The Obstacles: Levels are littered with various obstacles, primarily spikes and sawblades, designed to instantly destroy your icon upon contact. The Tap to Jump: Your only control is to tap the screen. A single tap initiates a small jump. Holding down your finger allows for a longer jump. This simple interaction is the key to navigating the complex layouts. Portals and Gravity: As you progress, you'll encounter various portals that change your icon's behavior. These can include: Gravity Portals: These flip your icon's gravity, making it move on the ceiling instead of the floor, or vice versa. Ship Portals: Your icon transforms into a ship, allowing you to fly freely by holding down your finger to ascend and releasing to descend. This introduces a whole new dimension of control. Ball Portals: Your icon becomes a ball, which rolls and can stick to surfaces when you tap, creating unique platforming opportunities. UFO Portals: These transform your icon into a UFO, allowing for a "flappy bird" like tapping mechanic to ascend. Wave Portals: Your icon becomes a wave, moving diagonally up and down with taps, requiring very precise timing. Music Synchronization: Every jump, every obstacle, and every portal change is meticulously synchronized with the background music. This is not just an aesthetic choice; it’s a crucial gameplay element. Learning the rhythm of each level is as important as memorizing its layout. Practice Mode: One of the most player-friendly features is the practice mode. In this mode, you can place checkpoints anywhere in the level, allowing you to repeatedly attempt difficult sections without having to restart from the beginning. This is invaluable for learning and improving. Attempts Counter: A relentless counter at the top of the screen tracks how many attempts it takes you to complete a level. This often fuels a competitive spirit and a desire to achieve fewer attempts. Tips for Conquering the Geometric Gauntlet While Geometry Dash Lite can feel overwhelming at first, a few key strategies can significantly improve your experience and help you conquer even the most daunting levels. 1. Start Slow and Steady: Don't jump into the hardest level immediately. Begin with the introductory levels to get a feel for the controls, the different portal mechanics, and the rhythm. "Stereo Madness" is a classic starting point. 2. Embrace Practice Mode: This cannot be stressed enough. When you hit a wall, switch to practice mode. Break down the level into smaller, manageable segments. Practice each difficult section until you can consistently clear it. 3. Listen to the Music: The music isn't just background noise; it's your guide. Pay close attention to the beats, the drops, and the changes in tempo. Often, the timing of your jumps will align perfectly with the musical cues. 4. Memorization is Key: While reflexes are important, Geometry Dash Lite is also a memory game. As you repeatedly play a level, you'll start to internalize the layout and the sequence of obstacles. 5. Identify Patterns: Many levels feature recurring patterns of obstacles. Once you recognize these patterns, you can apply the same strategy to clear them each time they appear. 6. Don't Get Frustrated (Easily): This game will test your patience. You will die countless times on the same obstacle. Take a break if you feel yourself getting angry. Come back with a fresh perspective. Sometimes, a short break is all it takes to clear a section you were stuck on. 7. Watch Others Play: If you're truly stuck, watching videos of experienced players completing the level can provide valuable insights into optimal timing and strategies. 8. Customize Your Icon: While purely aesthetic, customizing your icon can make the experience feel more personal and enjoyable. Unlock new colors and shapes as you progress. 9. Focus on Small Victories: Don't aim to complete the entire level in one go initially. Celebrate clearing a new section, reaching a further point, or successfully navigating a tricky portal sequence. Conclusion: A Rewarding Test of Skill and Rhythm Geometry Dash Lite is more than just a simple mobile game; it's a testament to the power of straightforward mechanics combined with clever design. It offers a rewarding challenge that, while demanding, never feels truly unfair. The satisfaction of finally completing a difficult level, feeling your fingers dance across the screen in perfect sync with the music, is an experience few other games can replicate. So, if you're looking for a game that will push your reflexes and your rhythm to their limits, all while delivering a surprisingly addictive and fun experience, dive into the world of Geometry Dash Lite. You might just find your next obsession.

4 hours, 39 minutes

kelloliver638@gmail.com

by oliver kell

Assignment help provides students with guidance, resources, and support to complete academic tasks effectively. It improves understanding of subjects, enhances research and writing skills, and helps meet deadlines. Professional assistance can reduce stress, improve grades, and encourage learning by offering clear explanations, structured solutions, and valuable academic insights. https://allassignmenthelper.com/management-assignment-help/

11 hours, 38 minutes

[PATCH v3 0/9] vfio/pci: Add mmap() for DMABUFs

by Matt Evans

Hi all, This series is based on previous RFCs/discussions: Tech topic: https://lore.kernel.org/linux-iommu/20250918214425.2677057-1-amastro@fb.com/ RFCv1: https://lore.kernel.org/all/20260226202211.929005-1-mattev@meta.com/ RFCv2: https://lore.kernel.org/kvm/20260312184613.3710705-1-mattev@meta.com/ The background/rationale is covered in more detail in the RFC cover letters. The TL;DR is: The goal is to enable userspace driver designs that use VFIO to export DMABUFs representing subsets of PCI device BARs, and "vend" those buffers from a primary process to other subordinate processes by fd. These processes then mmap() the buffers and their access to the device is isolated to the exported ranges. This is an improvement on sharing the VFIO device fd to subordinate processes, which would allow unfettered access. This is achieved by enabling mmap() of vfio-pci DMABUFs, passed by fd to subordinate processes. Second, a new revocation mechanism is added to allow the primary process to forcibly revoke access to previously-shared BAR spans, even if the subordinate processes haven't cleanly exited. (The related topic of safe delegation of iommufd control to the subordinate processes is not addressed here, and is follow-up work.) As well as isolation and revocation, another advantage to accessing a BAR through a VMA backed by a DMABUF is that it's straightforward to mmap() the buffer with access attributes, such as write-combining. Feedback from the RFCs requested that, instead of creating DMABUF-specific vm_ops and .fault paths, to go the whole way and migrate the existing VFIO PCI BAR mmap() to be backed by a DMABUF too, resulting in a common vm_ops and fault handler for mmap()s of both the VFIO device and explicitly-exported DMABUFs. This will help future iommufd emulation of VFIO Type1 peer-to-peer, making it easier to get a DMABUF for a VFIO BAR as a DMA target. mmap() conversion to use DMABUF underneath has been done for vfio-pci, but not sub-drivers: nvgrace-gpu's mmap() override path is unchanged; I kept this out of scope for now not least because I don't have a thorough test setup for this system. I would prefer to help the nvgrace-gpu maintainers enable BAR mmap() DMABUFs themselves. Notes on patches ================ PCI/P2PDMA: Add CONFIG_PCI_P2PDMA_CORE Later in the series, vfio-pci's mmap() is going to depend on pcim_p2pdma_provider() which depended on CONFIG_PCI_P2PDMA, which in turn depended on ZONE_DEVICE (which isn't available on 32-bit and some archs, because they lack MEMORY_HOTPLUG and friends). VFIO does _not_ require actual P2P to be present for basic mmap() functionality, only for the optional CONFIG_DMA_SHARED_BUFFER feature. This splits out p2pdma_core.c under CONFIG_PCI_P2PDMA_CORE (which currently contains pcim_p2pdma_provider()), and an optional CONFIG_PCI_P2PDMA which depends on ZONE_DEVICE etc. providing P2P functionality in the existing p2pdma.c. vfio/pci: Add a helper to look up PFNs for DMABUFs vfio/pci: Add a helper to create a DMABUF for a BAR-map VMA The first is for a DMABUF VMA fault handler to determine arbitrary-sized PFNs from ranges in DMABUF. Secondly, refactor DMABUF export for use by the existing export feature and add a helper that creates a DMABUF corresponding to a VFIO BAR mmap() request. vfio/pci: Convert BAR mmap() to use a DMABUF The vfio-pci core mmap() creates a DMABUF with the helper, and the vm_ops fault handler uses the other helper to resolve the fault. Because this depends on DMABUF structs/code, CONFIG_VFIO_PCI_CORE needs to depend on CONFIG_DMA_SHARED_BUFFER. The CONFIG_VFIO_PCI_DMABUF still conditionally enables the export support code. NOTE: The user mmap()s a device fd, but the resulting VMA's vm_file becomes that of the DMABUF. The DMABUF takes ownership of the device and put()s it on release, which maintains the existing behaviour of a VMA keeping the VFIO device open. BAR zapping then happens via the existing vfio_pci_dma_buf_move() path, which now needs to unmap PTEs in the DMABUF's address_space. vfio/pci: Provide a user-facing name for BAR mappings There was a request for decent debug naming in /proc/<pid>/maps etc. comparable to the existing VFIO names: since the VMAs are DMABUFs, they have a "dmabuf:" prefix and can't be 100% identical to before. This is a user-visible change, but this patch at least now gives us extra info on the BDF & BAR being mapped. vfio/pci: Clean up BAR zap and revocation In general (see NOTE!) the vfio_pci_zap_bars() is now obsolete, since it unmaps PTEs in the VFIO device address_space which is now unused. This consolidates all calls (e.g. around reset) with the neighbouring vfio_pci_dma_buf_move()s into new functions, to revoke-zap/unrevoke. This makes the "revoke/un-revoke" steps clearer. NOTE: Because drivers can use their own vm_ops and override .mmap, the core must conservatively assume an overridden .mmap might still add PTEs to the VFIO device address_space and therefore still does the zap. A new flag, zap_bars_on_revoke, enables the zap when .mmap is overridden. A driver that does not need the zap can clear this to opt-out, e.g. if the driver calls down to the common mmap (and so uses DMABUFs). vfio/pci: Support mmap() of a VFIO DMABUF Adds mmap() for a DMABUF fd exported from vfio-pci. It was a goal to keep the VFIO device fd lifetime behaviour unchanged with respect to the DMABUFs. An application can close all device fds, and this will revoke/clean up all DMABUFs; no mappings or other access can be performed now. When enabling mmap() of the DMABUFs, this means access through the VMA is also revoked. This complicates the fault handler because whilst the DMABUF exists, it has no guarantee that the corresponding VFIO device is still alive. Adds synchronisation ensuring the vdev is available before vdev->memory_lock is touched; this holds the device registration so that even if the buffer has been cleaned up, vdev hasn't been freed and so the lock can be safely taken. This commit makes VFIO_PCI_CORE depend on PCI_P2PDMA_CORE (commit 1) to bring in (only) the P2PDMA provider code. vfio/pci: Permanently revoke a DMABUF on request By weight, this is mostly a rename of revoked to an enum, status. There are now 3 states for a buffer, usable and revoked temporary/permanent. A new VFIO feature is added, VFIO_DEVICE_FEATURE_DMA_BUF_REVOKE, which takes a DMABUF (exported from the same device) and permanently revokes it. Thus a userspace driver can guarantee any downstream consumers of a shared fd are prevented from accessing a BAR range, and that range can be reused. NOTE: This might block userspace, waiting on importers to detach. The code doing revocation in vfio_pci_dma_buf_move() is moved, unchanged, to a common function for use by ..._move() and this new feature. vfio/pci: Add mmap() attributes to DMABUF feature Adds a new VFIO feature, VFIO_DEVICE_FEATURE_DMA_BUF_MEMATTR. After a DMABUF is exported, this feature is used to set a memory attribute that will be used by future mmap()s of the DMABUF fd. It doesn't affect existing maps. The default is UC, and via the feature one can specify CPU access as WC. The attribute is an enum/scalar rather than bitmap/cumulative. The attributes follow a "try-fail" model where a client can request an attribute and either succeed or fail with ENOENT if it's unknown; if future attributes are platform-specific then their support can be probed. (Since it's just UC/WC for now, there is no reservation or numeric structure to the namespace yet, but we could support system/arch-specific values in future by carving out base + arch-specific + IMPDEF ranges.) Testing ======= (The [RFC ONLY] userspace test program, for QEMU edu-plus, can be found in the GitHub branch below. It at least illustrates how the export, map, revoke, attribute, and close semantics interoperate.) This code has been tested in mapping DMABUFs of single/multiple ranges from multiple BARs, aliasing mmap()s, aliasing ranges across DMABUFs, vm_pgoff > 0, revocation, shutdown/cleanup scenarios, and hugepage mappings. I've lightly tested WC mappings also (by observing resulting PTEs as having the correct attributes...). No regressions observed on the VFIO selftests, or on our internal vfio-pci applications. VFIO on i386 has been build-tested. End === This is based on VFIO next (e.g. at b9285405c5f6). These commits are on GitHub for easier browsing, along with "[RFC ONLY] selftests: vfio: Add standalone vfio_dmabuf_mmap_test": https://github.com/metamev/linux/compare/b9285405c5f6...metamev:linux:dev/m… Thanks for reading, Matt ================================================================================ Change log: v3: - Refactor p2pdma.c: split out pcim_p2pdma_provider() into a new p2pdma_core.c under CONFIG_PCI_P2PDMA_CORE. - vfio_pci_dma_buf_find_pfn() cleanups: Rename parameter to priv, remove bad WARN, move unnecessary addition out of inner loop. - vfio_pci_core_mmap_prep_dmabuf() cleanups: Remove uint32_t, remove unnecessary const variable. - Conversion of BAR mmap() to DMABUF: VFIO_PCI_DMABUF depends on VFIO_PCI_CORE. vfio_pci_mmap_huge_fault(): move dev_dbg() outside of lock (argh), remove READ_ONCE(vdev)/move priv->vdev read and improve comment explanation. - On revoke, BAR zap defaults to on if .mmap is overridden by a driver (and implements an opt-out for the hisi_acc_vfio_pci driver, which overrides mmap() with a simple wrapper that ends up using the common DMABUF mmap() rather than custom mappings). - Reworded commit "vfio/pci: Support mmap() of a VFIO DMABUF" message for clarity. Reworded vfio_pci_mmap_huge_fault() comment for accuracy (vdev validity depends on not being revoked). Added comment in mmap() explaining belt-and-braces approach for early detecting a map of a revoked buffer. - Revoke now uses VFIO_DEVICE_FEATURE_DMA_BUF rather than a new ioctl(); instead of the revoke helper taking 'revoked/permanently' bools, it's become vfio_pci_dma_buf_set_status() taking a single status enum. Added a READ_ONCE() for the lockless test of priv->vdev (flags it as intentional, even if it's in practice going to be a single-copy atomic read). - Removed GET on vfio_pci_core_feature_dma_buf_memattr(), removed unnecessary taking of memory_lock, fixed error return values. In particular, removes ENOTSUPP, and uses ENOENT to indicate an unknown attribute enum value was passed to SET. In the discussion here, https://lore.kernel.org/all/20260602131417.41366391@shazbot.org/ we'd agreed on EOPNOTSUPP before I realised that's already used elsewhere. ENOENT uniquely indicates an unknown attribute. v2: https://lore.kernel.org/all/20260527102319.100128-1-mattev@meta.com/ - Rebase on VFIO next, picking up Alex's vfio_pci_dma_buf_move()/vfio_pci_dma_buf_cleanup() fixes, and dropping "vfio/pci: Fix vfio_pci_dma_buf_cleanup() double-put" - Added "PCI/P2PDMA: Add CONFIG_PCI_P2PDMA_CORE" so that the newly-added vfio-pci hard dependency on the P2PDMA provider instead pulls in the _CORE variant and not the full-fat CONFIG_PCI_P2PDMA. This means that the core of vfio-pci does not need ZONE_DEVICE, but if it's available then enabling P2PDMA in turn enables DMABUF export. Fixes basic VFIO operation on 32b or other platforms without ZONE_DEVICE. - Fixed comment inaccuracy in vfio_pci_dma_buf_revoke() and cleaned up vdev validity test. - vfio_pci_dma_buf_find_pfn(): use PAGE_ALIGN(), better span variable naming, OVF check - Made vm_pgoffs use consistent (keeping the resource index at the top and masking where offset is used). For BAR mmap, use new vma_pgoff_adjust to create the DMABUF with the exact mmap()ed span instead of from the start of the BAR with an invisible portion before the mapping. - Added VFIO_DEVICE_FEATURE_DMA_BUF_MEMATTR to set memory attributes, instead of using the export `flags` field. - vfio_pci_ioctl_reset: Moved vfio_pci_zap_revoke_bars() (effectively, vfio_pci_dma_buf_move()) back after D0 transition. Note, if a BAR zap is needed, it's done in this function so now happens after this D0 transition with the _move; it was done before it at the time of the memory_lock taking. - Minimised vfio_pci_dma_buf_mmap() (removed redundant span check), added READ_ONCE for memattr - Misc fixes: comment in DMABUF name generation, removed superfluous READ_ONCE from faulthandler v1: https://lore.kernel.org/kvm/20260416131815.2729131-1-mattev@meta.com/ - Cleanup of the common DMABUF-aware VMA vm_ops fault handler and export code. - Fixed a lot of races, particularly faults racing with DMABUF cleanup (if the VFIO device fds close, for example). - Added nicer human-readable names for VFIO mmap() VMAs RFCv2: Respin based on the feedback/suggestions: https://lore.kernel.org/kvm/20260312184613.3710705-1-mattev@meta.com/ - Transform the existing VFIO BAR mmap path to also use DMABUFs behind the scenes, and then simply share that code for explicitly-mapped DMABUFs. Jason wanted to go that direction to enable iommufd VFIO type 1 emulation to pick up a DMABUF for an IO mapping. - Revoke buffers using a VFIO device fd ioctl RFCv1: https://lore.kernel.org/all/20260226202211.929005-1-mattev@meta.com/ Matt Evans (9): PCI/P2PDMA: Add CONFIG_PCI_P2PDMA_CORE vfio/pci: Add a helper to look up PFNs for DMABUFs vfio/pci: Add a helper to create a DMABUF for a BAR-map VMA vfio/pci: Convert BAR mmap() to use a DMABUF vfio/pci: Provide a user-facing name for BAR mappings vfio/pci: Clean up BAR zap and revocation vfio/pci: Support mmap() of a VFIO DMABUF vfio/pci: Permanently revoke a DMABUF on request vfio/pci: Add mmap() attributes to DMABUF feature MAINTAINERS | 2 +- drivers/pci/Kconfig | 10 +- drivers/pci/Makefile | 1 + drivers/pci/p2pdma.c | 109 +--- drivers/pci/p2pdma.h | 29 + drivers/pci/p2pdma_core.c | 118 ++++ drivers/vfio/pci/Kconfig | 5 +- drivers/vfio/pci/Makefile | 3 +- .../vfio/pci/hisilicon/hisi_acc_vfio_pci.c | 8 + drivers/vfio/pci/vfio_pci_config.c | 30 +- drivers/vfio/pci/vfio_pci_core.c | 213 +++++-- drivers/vfio/pci/vfio_pci_dmabuf.c | 564 +++++++++++++++--- drivers/vfio/pci/vfio_pci_priv.h | 64 +- include/linux/pci-p2pdma.h | 24 +- include/linux/pci.h | 2 +- include/linux/vfio_pci_core.h | 1 + include/uapi/linux/vfio.h | 47 ++ 17 files changed, 958 insertions(+), 272 deletions(-) create mode 100644 drivers/pci/p2pdma.h create mode 100644 drivers/pci/p2pdma_core.c -- 2.50.1 (Apple Git-155)

14 hours, 52 minutes

[PATCH] dma-fence: Make dma_fence_dedup_array() robust against 0-count input

by Baineng Shou

dma_fence_dedup_array() returns 1 when called with num_fences == 0: the for-loop body never executes, j stays at 0, and the final `return ++j` yields 1. This contradicts both the kernel-doc ("Return: Number of unique fences remaining in the array") and the natural expectation that 0 input gives 0 output. All in-tree callers currently filter num_fences == 0 before invoking this helper (__dma_fence_unwrap_merge() bails out via the `if (count == 0 || count == 1)` fast path; amdgpu_userq_wait_*() cannot reach the dedup call with a zero local count because the amdgpu_userq_wait_add_fence() helper guarantees num_fences stays in [0, wait_info->num_fences], and wait_info->num_fences > 0 is enforced at the ioctl entry). However, dma_fence_dedup_array() is EXPORT_SYMBOL_GPL, so any future caller that forgets to pre-filter the zero case will get a misleading return value of 1. Depending on how that caller uses the result, it could dereference an uninitialized fence slot in the array, since the caller's array may have been allocated but not yet populated. Make the contract match the documentation by returning 0 early. This also skips an unnecessary sort() call on an empty array. Signed-off-by: Baineng Shou <shoubaineng(a)gmail.com> --- drivers/dma-buf/dma-fence-unwrap.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/drivers/dma-buf/dma-fence-unwrap.c b/drivers/dma-buf/dma-fence-unwrap.c index 53bb40e70b27..364cbf79ad73 100644 --- a/drivers/dma-buf/dma-fence-unwrap.c +++ b/drivers/dma-buf/dma-fence-unwrap.c @@ -97,6 +97,9 @@ int dma_fence_dedup_array(struct dma_fence **fences, int num_fences) { int i, j; + if (!num_fences) + return 0; + sort(fences, num_fences, sizeof(*fences), fence_cmp, NULL); /* -- 2.34.1

20 hours, 28 minutes

[PATCH v2] dma-buf: dma-fence: Fix potential NULL pointer dereference

by Philipp Stanner

The commit mentioned in the fixes tag below introduced a mechanism through which fence producers can fully decouple from fence consumers. This, desirable, mechanism is based on the fence's signaled-bit as the "decoupling point". A sophisticated interaction between RCU and atomic instructions attempts to ensure that fence consumers can still interact with fence producers through the dma_fence_ops (callback pointers into the producer). This is the desired behavior: to check for decoupling, the signaled-bit is first checked. If it's not yet signaled, RCU ensures that the ops pointer cannot yet be NULL. Hereby, dma_fence_signal_timestamp_locked() first sets the signaled-bit, and then sets the ops pointer to NULL. Readers first load the ops pointer, and then check through the signaled-bit whether the pointer can legally be accessed. These set and load operations could occur out of order on weakly ordered platforms. This problem can be solved very elegantly by using the ops pointer itself as the synchronization point. The pointer is either NULL, or cannot become NULL while it is being used thanks to RCU. Replace the signaled-bit check in dma_fence_timeline_name() and dma_fence_driver_name(). Cc: stable(a)vger.kernel.org Fixes: f4cc3ab824d6 ("dma-buf: protected fence ops by RCU v8") Signed-off-by: Philipp Stanner <phasta(a)kernel.org> --- Changes since v1: - Use ops pointer instead of memory barriers. (Christian) - Rephrase commit message. --- drivers/dma-buf/dma-fence.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/drivers/dma-buf/dma-fence.c b/drivers/dma-buf/dma-fence.c index c7ea1e75d38a..0a025dfdf131 100644 --- a/drivers/dma-buf/dma-fence.c +++ b/drivers/dma-buf/dma-fence.c @@ -1170,7 +1170,7 @@ const char __rcu *dma_fence_driver_name(struct dma_fence *fence) /* RCU protection is required for safe access to returned string */ ops = rcu_dereference(fence->ops); - if (!dma_fence_test_signaled_flag(fence)) + if (ops) return (const char __rcu *)ops->get_driver_name(fence); else return (const char __rcu *)"detached-driver"; @@ -1203,7 +1203,7 @@ const char __rcu *dma_fence_timeline_name(struct dma_fence *fence) /* RCU protection is required for safe access to returned string */ ops = rcu_dereference(fence->ops); - if (!dma_fence_test_signaled_flag(fence)) + if (ops) return (const char __rcu *)ops->get_driver_name(fence); else return (const char __rcu *)"signaled-timeline"; base-commit: cdeb2ccd993ed8647adbbda2c3b103aa717fd6f7 -- 2.54.0

20 hours, 54 minutes

dma_fence cleanup/rework

by Christian König

In a recent discussion with Philip and Danilo the question came up what was already tried and never finished to cleanup the dma_fence framework. So here are the different ideas I came with but never fully finished, with the patches itself modernized and rebased on top of drm-misc-next. The main goal of those changes is to make it easier to implement dma_fence backends and don't enforce unnecessary constrains on implementations. As first step the locking around the dma_fence_ops.signaled callback is made consistent by removing the dma_fence_is_signaled_locked() function. This was mostly used by backends itself, but if polling the HW is desired the backends can call their own functions for this directly without going through the dma-fence layer. XE actually seems to be the only driver which make use of that for a bit more handling. For all other cases testing the signaled flag should be enough. Then forcefully calling dma_fence_signaled() is removed from the dma-fence layer and moved into the backend implementations. This allows the backend implementations to cleanup after they have signaled the fence. Such cleanup can include removing now signaled fences from lists, dropping references, starting work etc.... Especially nouveau seems to have some really messy workaround because of that involving the DMA_FENCE_FLAG_USER_BITS and installing callbacks because the reference to the context couldn't be dropped directly after signaling. This can now be cleaned up as far as I can see. In the long term this should also allow reworking the error handling, e.g. removing dma_fence_set_error() and instead giving the error as mandatory parameter to dma_fence_signal(). Then the last piece is dropping calling enable_signaling callback with the dma_fence lock held. This makes it possible for backends to acquire locks which are semantically ordered outside of the dma_fence lock. This is necessary to allows using the dma_fence inline lock in more cases, previously backends used some common external lock for their dma_fences to for example make it possible remove fences from linked lists. Please comment and review, Christian.

22 hours, 56 minutes

Shred Some Slopes: Getting the Hang of Snow Rider 3D

by careful.earthworm.usil＠hidingmail.com

Feeling the need for speed and a bit of winter fun, even when the weather outside is frightful? Then maybe it’s time to check out Snow Rider 3D. This simple but surprisingly addictive game offers a thrill of downhill skiing and snowboarding right from your browser, no downloads required. Let’s break down how to jump in and start enjoying this surprisingly engaging title. https://snowriderfree.com/ Gameplay: Simple Controls, Endless Possibilities The core gameplay of Snow Rider 3D is deceptively straightforward. You control your character's direction using the left and right arrow keys (or A and D). Your objective? Navigate through a series of procedurally generated slopes littered with obstacles. These obstacles range from simple ramps and rails to more challenging hazards like trees, snowdrifts, and even abandoned shacks. The beauty of Snow Rider 3D lies in its physics. While simple, they feel surprisingly realistic. You'll need to anticipate turns, adjust your speed, and time your jumps to successfully navigate the terrain. A crash will reset you to the beginning of the course, so precision and patience are key. The game offers different levels, each presenting a unique challenge. Some focus on speed and long jumps, while others demand skillful maneuvering through tight spaces. As you progress, you unlock new skins and sleds, adding a touch of customization to your experience. Think of it as a casual time-killer that can quickly turn into an hour-long obsession! Tips for Mastering the Mountain: Alright, so you're ready to hit the slopes. Here are a few tips to help you improve your runs and avoid those frustrating wipeouts: Practice Makes Perfect: Don't get discouraged by early crashes. The more you play, the better you'll understand the physics and learn to anticipate the terrain. Master the Turns: Smooth, controlled turns are essential for maintaining speed and avoiding obstacles. Practice feathering the arrow keys to make subtle adjustments. Timing is Everything: When approaching jumps and ramps, pay close attention to your speed and angle. A well-timed jump can make all the difference. Don't Be Afraid to Slow Down: Sometimes, the fastest route isn't the safest. Don't be afraid to ease off the gas and navigate tricky sections with caution. Consider looking up guides for specific levels of Snow Rider 3D at websites like Snow Rider 3D if you’re really struggling. Experiment with Sleds and Skins: Different sleds may offer slight variations in handling. Try out different options to find one that suits your playstyle. Conclusion: A Fun and Accessible Winter Escape Snow Rider 3D is a surprisingly addictive and accessible game that’s perfect for a quick dose of winter fun. It's simple controls and challenging gameplay make it easy to pick up and play, while its procedural generation ensures that each run is a unique experience. So, whether you're looking for a casual time-killer or a challenging skill-based game, Snow Rider 3D is definitely worth checking out.

1 day, 5 hours

Jump to page:

2026

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

Linaro-mm-sig