Linaro-mm-sig

linaro-mm-sig@lists.linaro.org

128 participants
7046 discussions

[PATCH v2] dma-buf: dma-fence: Fix potential NULL pointer dereference

by Philipp Stanner

The commit mentioned in the fixes tag below introduced a mechanism through which fence producers can fully decouple from fence consumers. This, desirable, mechanism is based on the fence's signaled-bit as the "decoupling point". A sophisticated interaction between RCU and atomic instructions attempts to ensure that fence consumers can still interact with fence producers through the dma_fence_ops (callback pointers into the producer). This is the desired behavior: to check for decoupling, the signaled-bit is first checked. If it's not yet signaled, RCU ensures that the ops pointer cannot yet be NULL. Hereby, dma_fence_signal_timestamp_locked() first sets the signaled-bit, and then sets the ops pointer to NULL. Readers first load the ops pointer, and then check through the signaled-bit whether the pointer can legally be accessed. These set and load operations could occur out of order on weakly ordered platforms. This problem can be solved very elegantly by using the ops pointer itself as the synchronization point. The pointer is either NULL, or cannot become NULL while it is being used thanks to RCU. Replace the signaled-bit check in dma_fence_timeline_name() and dma_fence_driver_name(). Cc: stable(a)vger.kernel.org Fixes: f4cc3ab824d6 ("dma-buf: protected fence ops by RCU v8") Signed-off-by: Philipp Stanner <phasta(a)kernel.org> --- Changes since v1: - Use ops pointer instead of memory barriers. (Christian) - Rephrase commit message. --- drivers/dma-buf/dma-fence.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/drivers/dma-buf/dma-fence.c b/drivers/dma-buf/dma-fence.c index c7ea1e75d38a..0a025dfdf131 100644 --- a/drivers/dma-buf/dma-fence.c +++ b/drivers/dma-buf/dma-fence.c @@ -1170,7 +1170,7 @@ const char __rcu *dma_fence_driver_name(struct dma_fence *fence) /* RCU protection is required for safe access to returned string */ ops = rcu_dereference(fence->ops); - if (!dma_fence_test_signaled_flag(fence)) + if (ops) return (const char __rcu *)ops->get_driver_name(fence); else return (const char __rcu *)"detached-driver"; @@ -1203,7 +1203,7 @@ const char __rcu *dma_fence_timeline_name(struct dma_fence *fence) /* RCU protection is required for safe access to returned string */ ops = rcu_dereference(fence->ops); - if (!dma_fence_test_signaled_flag(fence)) + if (ops) return (const char __rcu *)ops->get_driver_name(fence); else return (const char __rcu *)"signaled-timeline"; base-commit: cdeb2ccd993ed8647adbbda2c3b103aa717fd6f7 -- 2.54.0

14 minutes

[PATCH] dma-fence: Make dma_fence_dedup_array() robust against 0-count input

by Baineng Shou

dma_fence_dedup_array() returns 1 when called with num_fences == 0: the for-loop body never executes, j stays at 0, and the final `return ++j` yields 1. This contradicts both the kernel-doc ("Return: Number of unique fences remaining in the array") and the natural expectation that 0 input gives 0 output. All in-tree callers currently filter num_fences == 0 before invoking this helper (__dma_fence_unwrap_merge() bails out via the `if (count == 0 || count == 1)` fast path; amdgpu_userq_wait_*() cannot reach the dedup call with a zero local count because the amdgpu_userq_wait_add_fence() helper guarantees num_fences stays in [0, wait_info->num_fences], and wait_info->num_fences > 0 is enforced at the ioctl entry). However, dma_fence_dedup_array() is EXPORT_SYMBOL_GPL, so any future caller that forgets to pre-filter the zero case will get a misleading return value of 1. Depending on how that caller uses the result, it could dereference an uninitialized fence slot in the array, since the caller's array may have been allocated but not yet populated. Make the contract match the documentation by returning 0 early. This also skips an unnecessary sort() call on an empty array. Signed-off-by: Baineng Shou <shoubaineng(a)gmail.com> --- drivers/dma-buf/dma-fence-unwrap.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/drivers/dma-buf/dma-fence-unwrap.c b/drivers/dma-buf/dma-fence-unwrap.c index 53bb40e70b27..364cbf79ad73 100644 --- a/drivers/dma-buf/dma-fence-unwrap.c +++ b/drivers/dma-buf/dma-fence-unwrap.c @@ -97,6 +97,9 @@ int dma_fence_dedup_array(struct dma_fence **fences, int num_fences) { int i, j; + if (!num_fences) + return 0; + sort(fences, num_fences, sizeof(*fences), fence_cmp, NULL); /* -- 2.34.1

42 minutes

dma_fence cleanup/rework

by Christian König

In a recent discussion with Philip and Danilo the question came up what was already tried and never finished to cleanup the dma_fence framework. So here are the different ideas I came with but never fully finished, with the patches itself modernized and rebased on top of drm-misc-next. The main goal of those changes is to make it easier to implement dma_fence backends and don't enforce unnecessary constrains on implementations. As first step the locking around the dma_fence_ops.signaled callback is made consistent by removing the dma_fence_is_signaled_locked() function. This was mostly used by backends itself, but if polling the HW is desired the backends can call their own functions for this directly without going through the dma-fence layer. XE actually seems to be the only driver which make use of that for a bit more handling. For all other cases testing the signaled flag should be enough. Then forcefully calling dma_fence_signaled() is removed from the dma-fence layer and moved into the backend implementations. This allows the backend implementations to cleanup after they have signaled the fence. Such cleanup can include removing now signaled fences from lists, dropping references, starting work etc.... Especially nouveau seems to have some really messy workaround because of that involving the DMA_FENCE_FLAG_USER_BITS and installing callbacks because the reference to the context couldn't be dropped directly after signaling. This can now be cleaned up as far as I can see. In the long term this should also allow reworking the error handling, e.g. removing dma_fence_set_error() and instead giving the error as mandatory parameter to dma_fence_signal(). Then the last piece is dropping calling enable_signaling callback with the dma_fence lock held. This makes it possible for backends to acquire locks which are semantically ordered outside of the dma_fence lock. This is necessary to allows using the dma_fence inline lock in more cases, previously backends used some common external lock for their dma_fences to for example make it possible remove fences from linked lists. Please comment and review, Christian.

1 hour, 34 minutes

kelloliver638@gmail.com

by oliver kell

Assignment help provides students with guidance, resources, and support to complete academic tasks effectively. It improves understanding of subjects, enhances research and writing skills, and helps meet deadlines. Professional assistance can reduce stress, improve grades, and encourage learning by offering clear explanations, structured solutions, and valuable academic insights. https://allassignmenthelper.com/management-assignment-help/

8 hours, 7 minutes

Shred Some Slopes: Getting the Hang of Snow Rider 3D

by careful.earthworm.usil＠hidingmail.com

Feeling the need for speed and a bit of winter fun, even when the weather outside is frightful? Then maybe it’s time to check out Snow Rider 3D. This simple but surprisingly addictive game offers a thrill of downhill skiing and snowboarding right from your browser, no downloads required. Let’s break down how to jump in and start enjoying this surprisingly engaging title. https://snowriderfree.com/ Gameplay: Simple Controls, Endless Possibilities The core gameplay of Snow Rider 3D is deceptively straightforward. You control your character's direction using the left and right arrow keys (or A and D). Your objective? Navigate through a series of procedurally generated slopes littered with obstacles. These obstacles range from simple ramps and rails to more challenging hazards like trees, snowdrifts, and even abandoned shacks. The beauty of Snow Rider 3D lies in its physics. While simple, they feel surprisingly realistic. You'll need to anticipate turns, adjust your speed, and time your jumps to successfully navigate the terrain. A crash will reset you to the beginning of the course, so precision and patience are key. The game offers different levels, each presenting a unique challenge. Some focus on speed and long jumps, while others demand skillful maneuvering through tight spaces. As you progress, you unlock new skins and sleds, adding a touch of customization to your experience. Think of it as a casual time-killer that can quickly turn into an hour-long obsession! Tips for Mastering the Mountain: Alright, so you're ready to hit the slopes. Here are a few tips to help you improve your runs and avoid those frustrating wipeouts: Practice Makes Perfect: Don't get discouraged by early crashes. The more you play, the better you'll understand the physics and learn to anticipate the terrain. Master the Turns: Smooth, controlled turns are essential for maintaining speed and avoiding obstacles. Practice feathering the arrow keys to make subtle adjustments. Timing is Everything: When approaching jumps and ramps, pay close attention to your speed and angle. A well-timed jump can make all the difference. Don't Be Afraid to Slow Down: Sometimes, the fastest route isn't the safest. Don't be afraid to ease off the gas and navigate tricky sections with caution. Consider looking up guides for specific levels of Snow Rider 3D at websites like Snow Rider 3D if you’re really struggling. Experiment with Sleds and Skins: Different sleds may offer slight variations in handling. Try out different options to find one that suits your playstyle. Conclusion: A Fun and Accessible Winter Escape Snow Rider 3D is a surprisingly addictive and accessible game that’s perfect for a quick dose of winter fun. It's simple controls and challenging gameplay make it easy to pick up and play, while its procedural generation ensures that each run is a unique experience. So, whether you're looking for a casual time-killer or a challenging skill-based game, Snow Rider 3D is definitely worth checking out.

8 hours, 10 minutes

Bake Your Way to Billions: A Look at the Addictive World of Store Management Games

by hot.meerkat.lloh＠hidingmail.net

Ever dreamed of running your own bustling enterprise, watching your profits soar, and building an empire from humble beginnings? If so, you've likely stumbled upon the fascinating and surprisingly addictive world of store management games. These titles offer a unique blend of strategy, incremental growth, and the satisfying feeling of seeing your hard work pay off. And when it comes to the purest, most delightful form of this genre, one game stands out: https://cookieclickers.io/ The Sweet Simplicity of Cookie Clicker: A Gateway to Management At its heart, Cookie Clicker is incredibly simple. You start with a single, humble cookie, and your goal is to click it to generate more cookies. These initial clicks are crucial, as they fund your first upgrades. Soon, you’ll be able to purchase "grandmas," who automatically bake cookies for you, freeing up your clicking finger. From there, the sky's the limit! You'll acquire farms, factories, mines, and even portals to other dimensions, all dedicated to the singular purpose of baking more and more cookies. What makes Cookie Clicker so captivating is its elegant progression system. Each new upgrade and building provides a tangible boost to your cookie production, creating a satisfying feedback loop. The numbers on your screen grow exponentially, transforming from humble dozens to mind-boggling septillions and beyond. It’s a masterclass in incremental design, making every new purchase feel impactful and exciting. Beyond the Click: Strategic Thinking and Exponential Growth While the initial appeal of Cookie Clicker might be the simple act of clicking, true mastery lies in strategic decision-making. As your cookie empire expands, you'll be faced with choices: Upgrade Prioritization: Should you invest in another Grandma, a new farm, or a powerful upgrade that boosts all your existing structures? Understanding the cost-benefit analysis of each option is key. Synergies: Many upgrades have synergistic effects, meaning they become more powerful when paired with specific buildings. Discovering these combinations is a delightful puzzle. Ascension and Prestige: Eventually, you’ll unlock the ability to “ascend,” resetting your game but granting you powerful "heavenly chips" that provide permanent bonuses. This meta-progression adds a whole new layer of long-term strategy, encouraging you to rethink your approach with each new playthrough. These elements elevate Cookie Clicker from a simple clicking game to a genuinely engaging management simulation. It teaches you about exponential growth, compound interest (in a fun, cookie-filled way!), and the satisfaction of building something from nothing. Tips for Aspiring Cookie Tycoons If you’re ready to dive into the sweet, sweet world of Cookie Clicker, here are a few friendly tips to get you started: Don't Be Afraid to Click! In the early game, your clicks are your most valuable resource. Keep that finger moving! Invest in Grandmas Early: They're your first step towards automation and a steady cookie income. Always Buy Upgrades: The small boosts they provide add up quickly and are often more cost-effective than new buildings in the short term. Look for Golden Cookies: These appear randomly and offer temporary, powerful buffs. Clicking them can drastically boost your production! Consider Ascending: While it seems daunting to reset your progress, the permanent bonuses you gain make future runs much faster and more efficient. The Endless Appeal of Automation Cookie Clicker, and store management games in general, tap into a fundamental human desire: the joy of creation and the satisfaction of watching systems work efficiently. There's a particular kind of quiet pleasure in setting up a well-oiled machine and observing its output multiply. So, if you're looking for a game that's easy to pick up, surprisingly deep, and immensely satisfying, give Cookie Clicker a try. You might just find yourself baking billions before you know it!

20 hours, 59 minutes

WIZARD GEO COORDINATES RECOVERY HACKER

by lf2225258＠gmail.com

RECOVER YOUR STOLEN CRYPTO / BTC / USDT / ETH WITH THE HELP OF "WIZARD GEO COORDINATES RECOVERY HACKER" I am writing to sincerely express my appreciation for your support and assistance during a very difficult time in my life. Your professionalism and dedication in helping me recover my lost bitcoin. Throughout the entire process, they remained professional and respectful. They were also able to explain difficult technical topics in a simple way, which helped me understand what was happening. Thank you once again for your commitment. I am grateful for your help and wish you continued success in all that you do. Highly recommend his services to anyone who needs his services. CONTACT THEM VIA Email: geovcoordinateshacker(a)gmail.com WhatsApp ( +1 ( 318 ) 203-3657 ) Telegram @Geocoordinateshacker Website: https://geovcoordinateshac.wixsite.c...ordinates-hack I never would have imagined that I could recover my stolen bitcoin to my wallet after losing everything to a fake investment platform.

1 day, 8 hours

by keepmealive78＠gmail.com

Buy real and fake passport online, Buy ID cards online, (WhatsApp : +49 1575 3756974) Buy driving license, Buy drivers license online, Buy green card, residence permit, IELT, work permit, citizenship, buy Canadian resident permits, apply for Canadian citizenship certificates, buy Canadian ID cards, buy novelty ID cards, buy authentic identity documents. https://buyrealcurrency.com/ https://buyrealcurrency.com/ https://buyrealcurrency.com/product/加拿大居留许可/ https://rushmynewpassport.com/product/buy-canadian-resident-permits/ (WhatsApp : +49 1575 3756974) WeChat ID : Scottbowers44 (Email: authenticnotes5(a)gmail.com) https://counterfeitdocsforsale.com/ Buy fake US dollars (USD), buy fake Chinese yuan (CNY), buy fake RMB/RMB, buy fake Canadian dollars (CAD), buy fake Australian dollars (AUD) Buy fake British pounds (GBP), buy fake Euros (EUR), buy fake Hong Kong dollars ($HK). buy fake US dollars/Australian dollars/Canadian dollars/CNY/Euros/CNY, buy fake Euro banknotes, buy fake Australian dollars, buy fake Canadian dollars, buy fake US dollars, buy fake RMB online, buy fake RMB https://globaltraveldocs.com/ https://rushmynewpassport.com/ We offer all types of visas, travel documents, and passports at the best prices and with exceptional quality. We handle passports for small countries, multinational passports, entry and exit assistance for Southeast Asia, passport activation, expedited naturalization, and second identity planning, giving you an alternative. (WhatsApp : +49 1575 3756974) Email: authenticnotes5(a)gmail.com https://rushmynewpassport.com/ Buy passports online (Email: authenticnotes5(a)gmail.com) buy USA passports, buy Chinese passports, buy Hong Kong passports, buy Taiwan passports, buy diplomatic passports, Buy China travel documents People's Republic of China (PRC) https://rushmynewpassport.com/ https://buyrealcurrency.com/product/buy-real-and-fake-passport/ https://rushmynewpassport.com/buy-real-usa-passport-online/ (WhatsApp : +49 1575 3756974 )

1 day, 22 hours

Prepare to Rage Quit (and Maybe Love It): Diving into Level Devil

by graceful.earthworm.hsos＠hidingmail.com

So, you're looking for a new game to sink your teeth into? Something challenging, maybe a little bit infuriating, and definitely memorable? Look no further than Level Devil. This deceptively simple platformer is a masterclass in trickery, constantly changing the rules and keeping you on your toes. But don't be intimidated! With a little patience (and maybe a stress ball), you can conquer its devilish design. https://leveldevilfull.com Gameplay: Expect the Unexpected At its core, Level Devil is a 2D platformer. You control a little pixelated character tasked with reaching the exit door in each level. Sounds easy, right? Wrong. The beauty (and the frustration) lies in the unpredictable nature of the environment. Platforms crumble beneath your feet, spikes appear out of nowhere, and the ground itself can vanish unexpectedly. Each level introduces new challenges, forcing you to adapt your strategy on the fly. You'll encounter moving platforms, disappearing blocks, and even gravity-defying puzzles. The real kicker? The layout of the levels often changes on each attempt, meaning memorization alone won't cut it. You need to be quick-witted and reactive. The charm of Level Devil is its lack of hand-holding. There are no tutorials, no hints, and no mercy. You're thrown straight into the deep end, forced to learn from your mistakes (and trust me, there will be plenty). That feeling of finally overcoming a particularly difficult section is incredibly rewarding. It's a game that demands your full attention and rewards persistence. Tips for Taming the Devil While Level Devil thrives on its unpredictability, here are a few tips to help you navigate its treacherous landscape: • Patience is Key: This game is designed to test your limits. Don't get discouraged by frequent deaths. Treat each attempt as a learning experience. • Observe Carefully: Before making a move, take a moment to scan the environment. Look for subtle cues that might indicate impending danger. • Embrace Failure: You will die. A lot. Embrace it as part of the learning process. Each death provides valuable insight into the level's design. • Don't Overthink It: Sometimes, the solution is simpler than you think. Avoid overcomplicating your approach. • Take Breaks: If you find yourself getting too frustrated, step away from the game for a while. Come back with a fresh perspective. • Listen to the Sound: The game’s audio cues often hint at upcoming dangers. Pay close attention! Level Devil utilizes sound design to enhance the experience (and sometimes, to cleverly mislead you!). Conclusion: A Test of Skill and Sanity Level Devil isn't for the faint of heart. It's a challenging and often frustrating experience. However, it's also incredibly rewarding. The constant surprises, the need for quick thinking, and the sheer satisfaction of overcoming its devilish design make it a truly unique and memorable game. If you're looking for a platformer that will push you to your limits and leave you feeling accomplished, then Level Devil is definitely worth a try. Just be prepared to rage quit... and then come back for more.

2 days, 2 hours

Re: [PATCH] fix: dma-buf: unwrap_merge_complex: dma_fence_get_stub reference leaked on all paths

by Christian König

On 6/26/26 14:28, WenTao Liang wrote: > dma_fence_get_stub() acquires an extra reference on the global stub > fence, but this reference is never released on any execution path. The > stub fence is filtered out inside dma_fence_unwrap_merge (already > signaled), so the extra reference is never consumed. Both success and > error paths fail to call dma_fence_put on the stub. > > Cc: stable(a)vger.kernel.org > Fixes: 245a4a7b531c ("dma-buf: generalize dma_fence unwrap & merging v3") Just drop that, the stub fence is a global dummy and leaking reference to it is harmless. But just in case somebody uses this code as blueprint for this own implementation we should probably clean it up. > Signed-off-by: WenTao Liang <vulab(a)iscas.ac.cn> Reviewed-by: Christian König <christian.koenig(a)amd.com> > --- > drivers/dma-buf/st-dma-fence-unwrap.c | 11 +++++++---- > 1 file changed, 7 insertions(+), 4 deletions(-) > > diff --git a/drivers/dma-buf/st-dma-fence-unwrap.c b/drivers/dma-buf/st-dma-fence-unwrap.c > index 72ca632e3981..b9ed85570211 100644 > --- a/drivers/dma-buf/st-dma-fence-unwrap.c > +++ b/drivers/dma-buf/st-dma-fence-unwrap.c > @@ -483,7 +483,7 @@ static int unwrap_merge_order(void *arg) > > static int unwrap_merge_complex(void *arg) > { > - struct dma_fence *fence, *f1, *f2, *f3, *f4, *f5; > + struct dma_fence *fence, *f1, *f2, *f3, *f4, *f5, *stub; > struct dma_fence_unwrap iter; > int err = -ENOMEM; > > @@ -508,10 +508,11 @@ static int unwrap_merge_complex(void *arg) > if (!f4) > goto error_put_f3; > > + stub = dma_fence_get_stub(); > /* Signaled fences should be filtered, the two arrays merged. */ > - f5 = dma_fence_unwrap_merge(f3, f4, dma_fence_get_stub()); > + f5 = dma_fence_unwrap_merge(f3, f4, stub); > if (!f5) > - goto error_put_f4; > + goto error_put_stub; > > err = 0; > dma_fence_unwrap_for_each(fence, &iter, f5) { > @@ -532,8 +533,10 @@ static int unwrap_merge_complex(void *arg) > err = -EINVAL; > } > > + dma_fence_put(stub); > dma_fence_put(f5); > -error_put_f4: > +error_put_stub: > + dma_fence_put(stub); > dma_fence_put(f4); > error_put_f3: > dma_fence_put(f3);

2 days, 22 hours

Jump to page:

2026

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

Linaro-mm-sig