From: Subash Patel subash.rp@samsung.com
This patch series is split and re-send of my original patch, after request from Inki Dae.
Below two patches add the required error checks in drm dmabuf when the system fails to allocate pages for the scatter-gather. This is very rare situation, and occurs when the system is under memory pressure.
Scatter-gather asks for memory using sg_kmalloc() and this can return no memory. Without below return value checks, the code will crash the system due to invalid pointer access.
Subash Patel (2): DRM: Exynos: return NULL if exynos_pages_to_sg fails DRM: Exynos: check for null in return value of dma_buf_map_attachment()
drivers/gpu/drm/exynos/exynos_drm_dmabuf.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-)
From: Subash Patel subash.rp@samsung.com
exynos_pages_to_sg() internally calls sg_kmalloc() which can return no pages when the system is under high memory crunch. One such instance is chromeos-install in the chromeos. This patch adds check for the return value of the function in subject to return NULL on failure.
Change-Id: I541ed30491a926ebe72738225041c9f2d88007bc Signed-off-by: Subash Patel subash.ramaswamy@linaro.org CC: dri-devel@lists.freedesktop.org CC: linux-samsung-soc@vger.kernel.org CC: linaro-mm-sig@lists.linaro.org CC: inki.dae@samsung.com CC: airlied@redhat.com CC: olofj@chromium.org --- drivers/gpu/drm/exynos/exynos_drm_dmabuf.c | 4 ++++ 1 file changed, 4 insertions(+)
diff --git a/drivers/gpu/drm/exynos/exynos_drm_dmabuf.c b/drivers/gpu/drm/exynos/exynos_drm_dmabuf.c index 97325c1..52cf761 100644 --- a/drivers/gpu/drm/exynos/exynos_drm_dmabuf.c +++ b/drivers/gpu/drm/exynos/exynos_drm_dmabuf.c @@ -87,6 +87,10 @@ static struct sg_table * npages = buf->size / buf->page_size;
sgt = exynos_pages_to_sg(buf->pages, npages, buf->page_size); + if (!sgt) { + DRM_DEBUG_PRIME("exynos_pages_to_sg returned NULL!\n"); + goto err_unlock; + } nents = dma_map_sg(attach->dev, sgt->sgl, sgt->nents, dir);
DRM_DEBUG_PRIME("npages = %d buffer size = 0x%lx page_size = 0x%lx\n",
-----Original Message----- From: Subash Patel [mailto:subashrp@gmail.com] Sent: Tuesday, June 26, 2012 3:23 AM To: dri-devel@lists.freedesktop.org; linux-samsung-soc@vger.kernel.org; linaro-mm-sig@lists.linaro.org Cc: olofj@chromium.org; inki.dae@samsung.com; airlied@redhat.com; Subash Patel; Subash Patel Subject: [PATCH 1/2] DRM: Exynos: return NULL if exynos_pages_to_sg fails
From: Subash Patel subash.rp@samsung.com
exynos_pages_to_sg() internally calls sg_kmalloc() which can return no pages when the system is under high memory crunch. One such instance is chromeos-install in the chromeos. This patch adds check for the return value of the function in subject to return NULL on failure.
Change-Id: I541ed30491a926ebe72738225041c9f2d88007bc Signed-off-by: Subash Patel subash.ramaswamy@linaro.org CC: dri-devel@lists.freedesktop.org CC: linux-samsung-soc@vger.kernel.org CC: linaro-mm-sig@lists.linaro.org CC: inki.dae@samsung.com CC: airlied@redhat.com CC: olofj@chromium.org
drivers/gpu/drm/exynos/exynos_drm_dmabuf.c | 4 ++++ 1 file changed, 4 insertions(+)
diff --git a/drivers/gpu/drm/exynos/exynos_drm_dmabuf.c b/drivers/gpu/drm/exynos/exynos_drm_dmabuf.c index 97325c1..52cf761 100644 --- a/drivers/gpu/drm/exynos/exynos_drm_dmabuf.c +++ b/drivers/gpu/drm/exynos/exynos_drm_dmabuf.c @@ -87,6 +87,10 @@ static struct sg_table * npages = buf->size / buf->page_size;
sgt = exynos_pages_to_sg(buf->pages, npages, buf->page_size);
if (!sgt) {
DRM_DEBUG_PRIME("exynos_pages_to_sg returned NULL!\n");goto err_unlock;} nents = dma_map_sg(attach->dev, sgt->sgl, sgt->nents, dir);
DRM_DEBUG_PRIME("npages = %d buffer size = 0x%lx page_size =
0x%lx\n",
1.7.9.5
Applied.
Thanks, Inki Dae
From: Subash Patel subash.rp@samsung.com
dma_buf_map_attachment() can return NULL and valid sg as return value. Hence the check for the returned scatter-gather must be using the inline function IS_ERR_OR_NULL() in place of IS_ERR()
Change-Id: I33218480e220f6a26a1e726b336bf533a95363de Signed-off-by: Subash Patel subash.ramaswamy@linaro.org CC: dri-devel@lists.freedesktop.org CC: linux-samsung-soc@vger.kernel.org CC: linaro-mm-sig@lists.linaro.org CC: inki.dae@samsung.com CC: airlied@redhat.com CC: olofj@chromium.org --- drivers/gpu/drm/exynos/exynos_drm_dmabuf.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/gpu/drm/exynos/exynos_drm_dmabuf.c b/drivers/gpu/drm/exynos/exynos_drm_dmabuf.c index 52cf761..c908a29 100644 --- a/drivers/gpu/drm/exynos/exynos_drm_dmabuf.c +++ b/drivers/gpu/drm/exynos/exynos_drm_dmabuf.c @@ -245,7 +245,7 @@ struct drm_gem_object *exynos_dmabuf_prime_import(struct drm_device *drm_dev,
sgt = dma_buf_map_attachment(attach, DMA_BIDIRECTIONAL); - if (IS_ERR(sgt)) { + if (IS_ERR_OR_NULL(sgt)) { ret = PTR_ERR(sgt); goto err_buf_detach; }
-----Original Message----- From: Subash Patel [mailto:subashrp@gmail.com] Sent: Tuesday, June 26, 2012 3:23 AM To: dri-devel@lists.freedesktop.org; linux-samsung-soc@vger.kernel.org; linaro-mm-sig@lists.linaro.org Cc: olofj@chromium.org; inki.dae@samsung.com; airlied@redhat.com; Subash Patel; Subash Patel Subject: [PATCH 2/2] DRM: Exynos: check for null in return value of dma_buf_map_attachment()
From: Subash Patel subash.rp@samsung.com
dma_buf_map_attachment() can return NULL and valid sg as return value. Hence the check for the returned scatter-gather must be using the inline function IS_ERR_OR_NULL() in place of IS_ERR()
Change-Id: I33218480e220f6a26a1e726b336bf533a95363de Signed-off-by: Subash Patel subash.ramaswamy@linaro.org CC: dri-devel@lists.freedesktop.org CC: linux-samsung-soc@vger.kernel.org CC: linaro-mm-sig@lists.linaro.org CC: inki.dae@samsung.com CC: airlied@redhat.com CC: olofj@chromium.org
drivers/gpu/drm/exynos/exynos_drm_dmabuf.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/gpu/drm/exynos/exynos_drm_dmabuf.c b/drivers/gpu/drm/exynos/exynos_drm_dmabuf.c index 52cf761..c908a29 100644 --- a/drivers/gpu/drm/exynos/exynos_drm_dmabuf.c +++ b/drivers/gpu/drm/exynos/exynos_drm_dmabuf.c @@ -245,7 +245,7 @@ struct drm_gem_object *exynos_dmabuf_prime_import(struct drm_device *drm_dev,
sgt = dma_buf_map_attachment(attach, DMA_BIDIRECTIONAL);
- if (IS_ERR(sgt)) {
- if (IS_ERR_OR_NULL(sgt)) { ret = PTR_ERR(sgt); goto err_buf_detach; }
-- 1.7.9.5
Applied.
Thanks, Inki Dae
linaro-mm-sig@lists.linaro.org
-
Inki Dae -
Subash Patel