- Linaro-mm-sig - lists.linaro.org

[PATCH] scsi: lpfc: Fix potential deadlock on &ndlp->lock

by Chengfeng Ye

As &ndlp->lock is acquired by timer lpfc_els_retry_delay() under softirq context, process context code acquiring the lock &phba->hbalock should disable irq or bh, otherwise deadlock could happen if the timer preempt the execution while the lock is held in process context on the same CPU. The two lock acquisition inside lpfc_cleanup_pending_mbox() does not disable irq or softirq. [Deadlock Scenario] lpfc_cmpl_els_fdisc() -> lpfc_cleanup_pending_mbox() -> spin_lock(&ndlp->lock); <irq> -> lpfc_els_retry_delay() -> lpfc_nlp_get() -> spin_lock_irqsave(&ndlp->lock, flags); (deadlock here) This flaw was found by an experimental static analysis tool I am developing for irq-related deadlock. The patch fix the potential deadlock by spin_lock_irq() to disable irq. Signed-off-by: Chengfeng Ye <dg573847474(a)gmail.com> --- drivers/scsi/lpfc/lpfc_sli.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/drivers/scsi/lpfc/lpfc_sli.c b/drivers/scsi/lpfc/lpfc_sli.c index 58d10f8f75a7..8555f6bb9742 100644 --- a/drivers/scsi/lpfc/lpfc_sli.c +++ b/drivers/scsi/lpfc/lpfc_sli.c @@ -21049,9 +21049,9 @@ lpfc_cleanup_pending_mbox(struct lpfc_vport *vport) mb->mbox_flag |= LPFC_MBX_IMED_UNREG; restart_loop = 1; spin_unlock_irq(&phba->hbalock); - spin_lock(&ndlp->lock); + spin_lock_irq(&ndlp->lock); ndlp->nlp_flag &= ~NLP_IGNR_REG_CMPL; - spin_unlock(&ndlp->lock); + spin_unlock_irq(&ndlp->lock); spin_lock_irq(&phba->hbalock); break; } @@ -21067,9 +21067,9 @@ lpfc_cleanup_pending_mbox(struct lpfc_vport *vport) ndlp = (struct lpfc_nodelist *)mb->ctx_ndlp; mb->ctx_ndlp = NULL; if (ndlp) { - spin_lock(&ndlp->lock); + spin_lock_irq(&ndlp->lock); ndlp->nlp_flag &= ~NLP_IGNR_REG_CMPL; - spin_unlock(&ndlp->lock); + spin_unlock_irq(&ndlp->lock); lpfc_nlp_put(ndlp); } } -- 2.17.1

2 years, 4 months

1
0
0 0

[PATCH 0/9] Add DRM driver for StarFive SoC JH7110

by Keith Zhao

Hi, This series is a DRM driver for StarFive SoC JH7110, which includes a display controller driver for Verisilicon DC8200 and an HMDI driver. We use GEM framework for buffer management and allocate memory by using DMA APIs. The JH7110 display subsystem includes a display controller Verisilicon DC8200 and an HDMI transmitter. The HDMI TX IP is designed for transmitting video and audio data from DC8200 to a display device. The HDMI TX IP consists of the digital controller and the physical layer. This series does not support HDMI audio driver. Keith Zhao (9): dt-bindings: display: Add yamls for JH7110 display subsystem riscv: dts: starfive: jh7110: add dc&hdmi controller node drm/verisilicon: Add basic drm driver drm/verisilicon: Add gem driver for JH7110 SoC drm/verisilicon: Add mode config funcs drm/verisilicon: Add drm crtc funcs drm/verisilicon: Add drm plane funcs drm/verisilicon: Add verisilicon dc controller driver drm/verisilicon: Add starfive hdmi driver .../display/verisilicon/starfive-hdmi.yaml | 93 + .../display/verisilicon/verisilicon-dc.yaml | 110 + .../display/verisilicon/verisilicon-drm.yaml | 42 + .../devicetree/bindings/vendor-prefixes.yaml | 2 + MAINTAINERS | 9 + .../jh7110-starfive-visionfive-2.dtsi | 87 + arch/riscv/boot/dts/starfive/jh7110.dtsi | 46 + drivers/gpu/drm/Kconfig | 2 + drivers/gpu/drm/Makefile | 1 + drivers/gpu/drm/verisilicon/Kconfig | 24 + drivers/gpu/drm/verisilicon/Makefile | 13 + drivers/gpu/drm/verisilicon/starfive_hdmi.c | 928 ++++++++ drivers/gpu/drm/verisilicon/starfive_hdmi.h | 296 +++ drivers/gpu/drm/verisilicon/vs_crtc.c | 388 ++++ drivers/gpu/drm/verisilicon/vs_crtc.h | 74 + drivers/gpu/drm/verisilicon/vs_dc.c | 1040 +++++++++ drivers/gpu/drm/verisilicon/vs_dc.h | 62 + drivers/gpu/drm/verisilicon/vs_dc_hw.c | 2008 +++++++++++++++++ drivers/gpu/drm/verisilicon/vs_dc_hw.h | 496 ++++ drivers/gpu/drm/verisilicon/vs_drv.c | 301 +++ drivers/gpu/drm/verisilicon/vs_drv.h | 52 + drivers/gpu/drm/verisilicon/vs_fb.c | 181 ++ drivers/gpu/drm/verisilicon/vs_fb.h | 15 + drivers/gpu/drm/verisilicon/vs_gem.c | 372 +++ drivers/gpu/drm/verisilicon/vs_gem.h | 72 + drivers/gpu/drm/verisilicon/vs_plane.c | 440 ++++ drivers/gpu/drm/verisilicon/vs_plane.h | 74 + drivers/gpu/drm/verisilicon/vs_type.h | 72 + include/uapi/drm/drm_fourcc.h | 83 + include/uapi/drm/vs_drm.h | 50 + 30 files changed, 7433 insertions(+) create mode 100644 Documentation/devicetree/bindings/display/verisilicon/starfive-hdmi.yaml create mode 100644 Documentation/devicetree/bindings/display/verisilicon/verisilicon-dc.yaml create mode 100644 Documentation/devicetree/bindings/display/verisilicon/verisilicon-drm.yaml create mode 100644 drivers/gpu/drm/verisilicon/Kconfig create mode 100644 drivers/gpu/drm/verisilicon/Makefile create mode 100644 drivers/gpu/drm/verisilicon/starfive_hdmi.c create mode 100644 drivers/gpu/drm/verisilicon/starfive_hdmi.h create mode 100644 drivers/gpu/drm/verisilicon/vs_crtc.c create mode 100644 drivers/gpu/drm/verisilicon/vs_crtc.h create mode 100644 drivers/gpu/drm/verisilicon/vs_dc.c create mode 100644 drivers/gpu/drm/verisilicon/vs_dc.h create mode 100644 drivers/gpu/drm/verisilicon/vs_dc_hw.c create mode 100644 drivers/gpu/drm/verisilicon/vs_dc_hw.h create mode 100644 drivers/gpu/drm/verisilicon/vs_drv.c create mode 100644 drivers/gpu/drm/verisilicon/vs_drv.h create mode 100644 drivers/gpu/drm/verisilicon/vs_fb.c create mode 100644 drivers/gpu/drm/verisilicon/vs_fb.h create mode 100644 drivers/gpu/drm/verisilicon/vs_gem.c create mode 100644 drivers/gpu/drm/verisilicon/vs_gem.h create mode 100644 drivers/gpu/drm/verisilicon/vs_plane.c create mode 100644 drivers/gpu/drm/verisilicon/vs_plane.h create mode 100644 drivers/gpu/drm/verisilicon/vs_type.h create mode 100644 include/uapi/drm/vs_drm.h -- 2.34.1

2 years, 4 months

13
45
0 0

[PATCH 6.1 026/183] dma-buf/dma-resv: Stop leaking on krealloc() failure

by Greg Kroah-Hartman

From: Ville Syrjälä <ville.syrjala(a)linux.intel.com> commit 05abb3be91d8788328231ee02973ab3d47f5e3d2 upstream. Currently dma_resv_get_fences() will leak the previously allocated array if the fence iteration got restarted and the krealloc_array() fails. Free the old array by hand, and make sure we still clear the returned *fences so the caller won't end up accessing freed memory. Some (but not all) of the callers of dma_resv_get_fences() seem to still trawl through the array even when dma_resv_get_fences() failed. And let's zero out *num_fences as well for good measure. Cc: Sumit Semwal <sumit.semwal(a)linaro.org> Cc: Christian König <christian.koenig(a)amd.com> Cc: linux-media(a)vger.kernel.org Cc: dri-devel(a)lists.freedesktop.org Cc: linaro-mm-sig(a)lists.linaro.org Fixes: d3c80698c9f5 ("dma-buf: use new iterator in dma_resv_get_fences v3") Signed-off-by: Ville Syrjälä <ville.syrjala(a)linux.intel.com> Reviewed-by: Christian König <christian.koenig(a)amd.com> Cc: stable(a)vger.kernel.org Link: https://patchwork.freedesktop.org/patch/msgid/20230713194745.1751-1-ville.s… Signed-off-by: Christian König <christian.koenig(a)amd.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/dma-buf/dma-resv.c | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) --- a/drivers/dma-buf/dma-resv.c +++ b/drivers/dma-buf/dma-resv.c @@ -566,6 +566,7 @@ int dma_resv_get_fences(struct dma_resv dma_resv_for_each_fence_unlocked(&cursor, fence) { if (dma_resv_iter_is_restarted(&cursor)) { + struct dma_fence **new_fences; unsigned int count; while (*num_fences) @@ -574,13 +575,17 @@ int dma_resv_get_fences(struct dma_resv count = cursor.num_fences + 1; /* Eventually re-allocate the array */ - *fences = krealloc_array(*fences, count, - sizeof(void *), - GFP_KERNEL); - if (count && !*fences) { + new_fences = krealloc_array(*fences, count, + sizeof(void *), + GFP_KERNEL); + if (count && !new_fences) { + kfree(*fences); + *fences = NULL; + *num_fences = 0; dma_resv_iter_end(&cursor); return -ENOMEM; } + *fences = new_fences; } (*fences)[(*num_fences)++] = dma_fence_get(fence);

2 years, 4 months

1
0
0 0

[PATCH 6.4 043/227] dma-buf/dma-resv: Stop leaking on krealloc() failure

by Greg Kroah-Hartman

From: Ville Syrjälä <ville.syrjala(a)linux.intel.com> commit 05abb3be91d8788328231ee02973ab3d47f5e3d2 upstream. Currently dma_resv_get_fences() will leak the previously allocated array if the fence iteration got restarted and the krealloc_array() fails. Free the old array by hand, and make sure we still clear the returned *fences so the caller won't end up accessing freed memory. Some (but not all) of the callers of dma_resv_get_fences() seem to still trawl through the array even when dma_resv_get_fences() failed. And let's zero out *num_fences as well for good measure. Cc: Sumit Semwal <sumit.semwal(a)linaro.org> Cc: Christian König <christian.koenig(a)amd.com> Cc: linux-media(a)vger.kernel.org Cc: dri-devel(a)lists.freedesktop.org Cc: linaro-mm-sig(a)lists.linaro.org Fixes: d3c80698c9f5 ("dma-buf: use new iterator in dma_resv_get_fences v3") Signed-off-by: Ville Syrjälä <ville.syrjala(a)linux.intel.com> Reviewed-by: Christian König <christian.koenig(a)amd.com> Cc: stable(a)vger.kernel.org Link: https://patchwork.freedesktop.org/patch/msgid/20230713194745.1751-1-ville.s… Signed-off-by: Christian König <christian.koenig(a)amd.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/dma-buf/dma-resv.c | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) --- a/drivers/dma-buf/dma-resv.c +++ b/drivers/dma-buf/dma-resv.c @@ -571,6 +571,7 @@ int dma_resv_get_fences(struct dma_resv dma_resv_for_each_fence_unlocked(&cursor, fence) { if (dma_resv_iter_is_restarted(&cursor)) { + struct dma_fence **new_fences; unsigned int count; while (*num_fences) @@ -579,13 +580,17 @@ int dma_resv_get_fences(struct dma_resv count = cursor.num_fences + 1; /* Eventually re-allocate the array */ - *fences = krealloc_array(*fences, count, - sizeof(void *), - GFP_KERNEL); - if (count && !*fences) { + new_fences = krealloc_array(*fences, count, + sizeof(void *), + GFP_KERNEL); + if (count && !new_fences) { + kfree(*fences); + *fences = NULL; + *num_fences = 0; dma_resv_iter_end(&cursor); return -ENOMEM; } + *fences = new_fences; } (*fences)[(*num_fences)++] = dma_fence_get(fence);

2 years, 4 months

1
0
0 0

Patch "dma-buf/dma-resv: Stop leaking on krealloc() failure" has been added to the 6.4-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled dma-buf/dma-resv: Stop leaking on krealloc() failure to the 6.4-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: dma-buf-dma-resv-stop-leaking-on-krealloc-failure.patch and it can be found in the queue-6.4 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. From 05abb3be91d8788328231ee02973ab3d47f5e3d2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ville=20Syrj=C3=A4l=C3=A4?= <ville.syrjala(a)linux.intel.com> Date: Thu, 13 Jul 2023 22:47:45 +0300 Subject: dma-buf/dma-resv: Stop leaking on krealloc() failure MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit From: Ville Syrjälä <ville.syrjala(a)linux.intel.com> commit 05abb3be91d8788328231ee02973ab3d47f5e3d2 upstream. Currently dma_resv_get_fences() will leak the previously allocated array if the fence iteration got restarted and the krealloc_array() fails. Free the old array by hand, and make sure we still clear the returned *fences so the caller won't end up accessing freed memory. Some (but not all) of the callers of dma_resv_get_fences() seem to still trawl through the array even when dma_resv_get_fences() failed. And let's zero out *num_fences as well for good measure. Cc: Sumit Semwal <sumit.semwal(a)linaro.org> Cc: Christian König <christian.koenig(a)amd.com> Cc: linux-media(a)vger.kernel.org Cc: dri-devel(a)lists.freedesktop.org Cc: linaro-mm-sig(a)lists.linaro.org Fixes: d3c80698c9f5 ("dma-buf: use new iterator in dma_resv_get_fences v3") Signed-off-by: Ville Syrjälä <ville.syrjala(a)linux.intel.com> Reviewed-by: Christian König <christian.koenig(a)amd.com> Cc: stable(a)vger.kernel.org Link: https://patchwork.freedesktop.org/patch/msgid/20230713194745.1751-1-ville.s… Signed-off-by: Christian König <christian.koenig(a)amd.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/dma-buf/dma-resv.c | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) --- a/drivers/dma-buf/dma-resv.c +++ b/drivers/dma-buf/dma-resv.c @@ -571,6 +571,7 @@ int dma_resv_get_fences(struct dma_resv dma_resv_for_each_fence_unlocked(&cursor, fence) { if (dma_resv_iter_is_restarted(&cursor)) { + struct dma_fence **new_fences; unsigned int count; while (*num_fences) @@ -579,13 +580,17 @@ int dma_resv_get_fences(struct dma_resv count = cursor.num_fences + 1; /* Eventually re-allocate the array */ - *fences = krealloc_array(*fences, count, - sizeof(void *), - GFP_KERNEL); - if (count && !*fences) { + new_fences = krealloc_array(*fences, count, + sizeof(void *), + GFP_KERNEL); + if (count && !new_fences) { + kfree(*fences); + *fences = NULL; + *num_fences = 0; dma_resv_iter_end(&cursor); return -ENOMEM; } + *fences = new_fences; } (*fences)[(*num_fences)++] = dma_fence_get(fence); Patches currently in stable-queue which might be from ville.syrjala(a)linux.intel.com are queue-6.4/dma-buf-dma-resv-stop-leaking-on-krealloc-failure.patch

2 years, 4 months

1
0
0 0

Patch "dma-buf/dma-resv: Stop leaking on krealloc() failure" has been added to the 6.1-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled dma-buf/dma-resv: Stop leaking on krealloc() failure to the 6.1-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: dma-buf-dma-resv-stop-leaking-on-krealloc-failure.patch and it can be found in the queue-6.1 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. From 05abb3be91d8788328231ee02973ab3d47f5e3d2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ville=20Syrj=C3=A4l=C3=A4?= <ville.syrjala(a)linux.intel.com> Date: Thu, 13 Jul 2023 22:47:45 +0300 Subject: dma-buf/dma-resv: Stop leaking on krealloc() failure MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit From: Ville Syrjälä <ville.syrjala(a)linux.intel.com> commit 05abb3be91d8788328231ee02973ab3d47f5e3d2 upstream. Currently dma_resv_get_fences() will leak the previously allocated array if the fence iteration got restarted and the krealloc_array() fails. Free the old array by hand, and make sure we still clear the returned *fences so the caller won't end up accessing freed memory. Some (but not all) of the callers of dma_resv_get_fences() seem to still trawl through the array even when dma_resv_get_fences() failed. And let's zero out *num_fences as well for good measure. Cc: Sumit Semwal <sumit.semwal(a)linaro.org> Cc: Christian König <christian.koenig(a)amd.com> Cc: linux-media(a)vger.kernel.org Cc: dri-devel(a)lists.freedesktop.org Cc: linaro-mm-sig(a)lists.linaro.org Fixes: d3c80698c9f5 ("dma-buf: use new iterator in dma_resv_get_fences v3") Signed-off-by: Ville Syrjälä <ville.syrjala(a)linux.intel.com> Reviewed-by: Christian König <christian.koenig(a)amd.com> Cc: stable(a)vger.kernel.org Link: https://patchwork.freedesktop.org/patch/msgid/20230713194745.1751-1-ville.s… Signed-off-by: Christian König <christian.koenig(a)amd.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/dma-buf/dma-resv.c | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) --- a/drivers/dma-buf/dma-resv.c +++ b/drivers/dma-buf/dma-resv.c @@ -566,6 +566,7 @@ int dma_resv_get_fences(struct dma_resv dma_resv_for_each_fence_unlocked(&cursor, fence) { if (dma_resv_iter_is_restarted(&cursor)) { + struct dma_fence **new_fences; unsigned int count; while (*num_fences) @@ -574,13 +575,17 @@ int dma_resv_get_fences(struct dma_resv count = cursor.num_fences + 1; /* Eventually re-allocate the array */ - *fences = krealloc_array(*fences, count, - sizeof(void *), - GFP_KERNEL); - if (count && !*fences) { + new_fences = krealloc_array(*fences, count, + sizeof(void *), + GFP_KERNEL); + if (count && !new_fences) { + kfree(*fences); + *fences = NULL; + *num_fences = 0; dma_resv_iter_end(&cursor); return -ENOMEM; } + *fences = new_fences; } (*fences)[(*num_fences)++] = dma_fence_get(fence); Patches currently in stable-queue which might be from ville.syrjala(a)linux.intel.com are queue-6.1/dma-buf-dma-resv-stop-leaking-on-krealloc-failure.patch

2 years, 4 months

1
0
0 0

[PATCH] dma-buf: remove unintended hyphen in the sysfs path

by Luc Ma

From: Luc Ma <luc(a)sietium.com> Signed-off-by: Luc Ma <luc(a)sietium.com> --- drivers/dma-buf/dma-buf-sysfs-stats.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/dma-buf/dma-buf-sysfs-stats.c b/drivers/dma-buf/dma-buf-sysfs-stats.c index 6cfbbf0720bd..b5b62e40ccc1 100644 --- a/drivers/dma-buf/dma-buf-sysfs-stats.c +++ b/drivers/dma-buf/dma-buf-sysfs-stats.c @@ -33,7 +33,7 @@ * into their address space. This necessitated the creation of the DMA-BUF sysfs * statistics interface to provide per-buffer information on production systems. * - * The interface at ``/sys/kernel/dma-buf/buffers`` exposes information about + * The interface at ``/sys/kernel/dmabuf/buffers`` exposes information about * every DMA-BUF when ``CONFIG_DMABUF_SYSFS_STATS`` is enabled. * * The following stats are exposed by the interface: -- 2.25.1

2 years, 5 months

2
2
0 0

[PATCH] dma-buf/dma-resv: Stop leaking on krealloc() failure

by Ville Syrjala

From: Ville Syrjälä <ville.syrjala(a)linux.intel.com> Currently dma_resv_get_fences() will leak the previously allocated array if the fence iteration got restarted and the krealloc_array() fails. Free the old array by hand, and make sure we still clear the returned *fences so the caller won't end up accessing freed memory. Some (but not all) of the callers of dma_resv_get_fences() seem to still trawl through the array even when dma_resv_get_fences() failed. And let's zero out *num_fences as well for good measure. Cc: Sumit Semwal <sumit.semwal(a)linaro.org> Cc: Christian König <christian.koenig(a)amd.com> Cc: linux-media(a)vger.kernel.org Cc: dri-devel(a)lists.freedesktop.org Cc: linaro-mm-sig(a)lists.linaro.org Fixes: d3c80698c9f5 ("dma-buf: use new iterator in dma_resv_get_fences v3") Signed-off-by: Ville Syrjälä <ville.syrjala(a)linux.intel.com> --- drivers/dma-buf/dma-resv.c | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) diff --git a/drivers/dma-buf/dma-resv.c b/drivers/dma-buf/dma-resv.c index b6f71eb00866..38b4110378de 100644 --- a/drivers/dma-buf/dma-resv.c +++ b/drivers/dma-buf/dma-resv.c @@ -571,6 +571,7 @@ int dma_resv_get_fences(struct dma_resv *obj, enum dma_resv_usage usage, dma_resv_for_each_fence_unlocked(&cursor, fence) { if (dma_resv_iter_is_restarted(&cursor)) { + struct dma_fence **new_fences; unsigned int count; while (*num_fences) @@ -579,13 +580,17 @@ int dma_resv_get_fences(struct dma_resv *obj, enum dma_resv_usage usage, count = cursor.num_fences + 1; /* Eventually re-allocate the array */ - *fences = krealloc_array(*fences, count, - sizeof(void *), - GFP_KERNEL); - if (count && !*fences) { + new_fences = krealloc_array(*fences, count, + sizeof(void *), + GFP_KERNEL); + if (count && !new_fences) { + kfree(*fences); + *fences = NULL; + *num_fences = 0; dma_resv_iter_end(&cursor); return -ENOMEM; } + *fences = new_fences; } (*fences)[(*num_fences)++] = dma_fence_get(fence); -- 2.39.3

2 years, 5 months

3
2
0 0

[PATCH v2 00/24] use vmalloc_array and vcalloc

by Julia Lawall

The functions vmalloc_array and vcalloc were introduced in commit a8749a35c399 ("mm: vmalloc: introduce array allocation functions") but are not used much yet. This series introduces uses of these functions, to protect against multiplication overflows. The changes were done using the following Coccinelle semantic patch. @initialize:ocaml@ @@ let rename alloc = match alloc with "vmalloc" -> "vmalloc_array" | "vzalloc" -> "vcalloc" | _ -> failwith "unknown" @@ size_t e1,e2; constant C1, C2; expression E1, E2, COUNT, x1, x2, x3; typedef u8; typedef __u8; type t = {u8,__u8,char,unsigned char}; identifier alloc = {vmalloc,vzalloc}; fresh identifier realloc = script:ocaml(alloc) { rename alloc }; @@ ( alloc(x1*x2*x3) | alloc(C1 * C2) | alloc((sizeof(t)) * (COUNT), ...) | - alloc((e1) * (e2)) + realloc(e1, e2) | - alloc((e1) * (COUNT)) + realloc(COUNT, e1) | - alloc((E1) * (E2)) + realloc(E1, E2) ) v2: This series uses vmalloc_array and vcalloc instead of array_size. It also leaves a multiplication of a constant by a sizeof as is. Two patches are thus dropped from the series. --- arch/x86/kernel/cpu/sgx/main.c | 2 +- drivers/accel/habanalabs/common/device.c | 3 ++- drivers/accel/habanalabs/common/state_dump.c | 7 ++++--- drivers/bus/mhi/host/init.c | 2 +- drivers/comedi/comedi_buf.c | 4 ++-- drivers/dma-buf/heaps/system_heap.c | 2 +- drivers/gpu/drm/gud/gud_pipe.c | 2 +- drivers/gpu/drm/i915/gvt/gtt.c | 6 ++++-- drivers/infiniband/hw/bnxt_re/qplib_res.c | 4 ++-- drivers/infiniband/hw/erdma/erdma_verbs.c | 4 ++-- drivers/infiniband/sw/siw/siw_qp.c | 4 ++-- drivers/infiniband/sw/siw/siw_verbs.c | 6 +++--- drivers/iommu/tegra-gart.c | 4 ++-- drivers/net/ethernet/amd/pds_core/core.c | 4 ++-- drivers/net/ethernet/freescale/enetc/enetc.c | 4 ++-- drivers/net/ethernet/google/gve/gve_tx.c | 2 +- drivers/net/ethernet/marvell/octeon_ep/octep_rx.c | 2 +- drivers/net/ethernet/microsoft/mana/hw_channel.c | 2 +- drivers/net/ethernet/pensando/ionic/ionic_lif.c | 4 ++-- drivers/scsi/fnic/fnic_trace.c | 2 +- drivers/scsi/qla2xxx/qla_init.c | 4 ++-- drivers/vdpa/vdpa_user/iova_domain.c | 4 ++-- drivers/virtio/virtio_mem.c | 6 +++--- fs/btrfs/zoned.c | 4 ++-- kernel/kcov.c | 2 +- lib/test_vmalloc.c | 9 +++++---- 26 files changed, 52 insertions(+), 47 deletions(-)

2 years, 5 months

4
5
0 0

[PATCH v2] dma-buf: fix an error pointer vs NULL bug

by Dan Carpenter

Smatch detected potential error pointer dereference. drivers/gpu/drm/drm_syncobj.c:888 drm_syncobj_transfer_to_timeline() error: 'fence' dereferencing possible ERR_PTR() The error pointer comes from dma_fence_allocate_private_stub(). One caller expected error pointers and one expected NULL pointers. Change it to return NULL and update the caller which expected error pointers, drm_syncobj_assign_null_handle(), to check for NULL instead. Fixes: f781f661e8c9 ("dma-buf: keep the signaling time of merged fences v3") Signed-off-by: Dan Carpenter <dan.carpenter(a)linaro.org> --- v2: Fix it in dma_fence_allocate_private_stub() instead of __dma_fence_unwrap_merge(). drivers/dma-buf/dma-fence.c | 2 +- drivers/gpu/drm/drm_syncobj.c | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/drivers/dma-buf/dma-fence.c b/drivers/dma-buf/dma-fence.c index ad076f208760..8aa8f8cb7071 100644 --- a/drivers/dma-buf/dma-fence.c +++ b/drivers/dma-buf/dma-fence.c @@ -160,7 +160,7 @@ struct dma_fence *dma_fence_allocate_private_stub(ktime_t timestamp) fence = kzalloc(sizeof(*fence), GFP_KERNEL); if (fence == NULL) - return ERR_PTR(-ENOMEM); + return NULL; dma_fence_init(fence, &dma_fence_stub_ops, diff --git a/drivers/gpu/drm/drm_syncobj.c b/drivers/gpu/drm/drm_syncobj.c index 04589a35eb09..e592c5da70ce 100644 --- a/drivers/gpu/drm/drm_syncobj.c +++ b/drivers/gpu/drm/drm_syncobj.c @@ -355,8 +355,8 @@ static int drm_syncobj_assign_null_handle(struct drm_syncobj *syncobj) { struct dma_fence *fence = dma_fence_allocate_private_stub(ktime_get()); - if (IS_ERR(fence)) - return PTR_ERR(fence); + if (!fence) + return -ENOMEM; drm_syncobj_replace_fence(syncobj, fence); dma_fence_put(fence); -- 2.39.2

2 years, 5 months

3
2
0 0

[PATCH] dma-buf: fix an error pointer vs NULL bug

by Dan Carpenter

The __dma_fence_unwrap_merge() function is supposed to return NULL on error. But the dma_fence_allocate_private_stub() returns error pointers so check for that and covert the error pointers to NULL returns. Otherwise, the callers do not expect error pointers and it leads to an Oops. Fixes: f781f661e8c9 ("dma-buf: keep the signaling time of merged fences v3") Signed-off-by: Dan Carpenter <dan.carpenter(a)linaro.org> --- drivers/dma-buf/dma-fence-unwrap.c | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/drivers/dma-buf/dma-fence-unwrap.c b/drivers/dma-buf/dma-fence-unwrap.c index c625bb2b5d56..d183eda0db89 100644 --- a/drivers/dma-buf/dma-fence-unwrap.c +++ b/drivers/dma-buf/dma-fence-unwrap.c @@ -94,8 +94,12 @@ struct dma_fence *__dma_fence_unwrap_merge(unsigned int num_fences, * If we couldn't find a pending fence just return a private signaled * fence with the timestamp of the last signaled one. */ - if (count == 0) - return dma_fence_allocate_private_stub(timestamp); + if (count == 0) { + tmp = dma_fence_allocate_private_stub(timestamp); + if (IS_ERR(tmp)) + return NULL; + return tmp; + } array = kmalloc_array(count, sizeof(*array), GFP_KERNEL); if (!array) @@ -176,6 +180,8 @@ struct dma_fence *__dma_fence_unwrap_merge(unsigned int num_fences, return_tmp: kfree(array); + if (IS_ERR(tmp)) + return NULL; return tmp; } EXPORT_SYMBOL_GPL(__dma_fence_unwrap_merge); -- 2.39.2

2 years, 5 months

2
2
0 0

[v5, PATCH] drm/mediatek: add dma buffer control for drm plane disable

by Yongqiang Niu

dma buffer release before overlay disable, that will cause m4u translation fault warning. add dma buffer control flow in mediatek driver: get dma buffer when drm plane disable put dma buffer when overlay really disable Fixes: 41016fe1028e ("drm: Rename plane->state variables in atomic update and disable") Signed-off-by: Yongqiang Niu <yongqiang.niu(a)mediatek.com> --- drivers/gpu/drm/mediatek/mtk_drm_crtc.c | 25 ++++++++++++++++++++++++ drivers/gpu/drm/mediatek/mtk_drm_drv.c | 1 + drivers/gpu/drm/mediatek/mtk_drm_plane.c | 12 ++++++++++++ drivers/gpu/drm/mediatek/mtk_drm_plane.h | 1 + 4 files changed, 39 insertions(+) diff --git a/drivers/gpu/drm/mediatek/mtk_drm_crtc.c b/drivers/gpu/drm/mediatek/mtk_drm_crtc.c index d40142842f85..49d671100785 100644 --- a/drivers/gpu/drm/mediatek/mtk_drm_crtc.c +++ b/drivers/gpu/drm/mediatek/mtk_drm_crtc.c @@ -4,6 +4,7 @@ */ #include <linux/clk.h> +#include <linux/dma-buf.h> #include <linux/dma-mapping.h> #include <linux/mailbox_controller.h> #include <linux/pm_runtime.h> @@ -283,6 +284,23 @@ struct mtk_ddp_comp *mtk_drm_ddp_comp_for_plane(struct drm_crtc *crtc, return NULL; } +static void mtk_drm_dma_buf_put(struct mtk_drm_crtc *mtk_crtc) +{ + unsigned int i; + + for (i = 0; i < mtk_crtc->layer_nr; i++) { + struct drm_plane *plane = &mtk_crtc->planes[i]; + struct mtk_plane_state *plane_state; + + plane_state = to_mtk_plane_state(plane->state); + + if (plane_state && plane_state->pending.dma_buf) { + dma_buf_put(plane_state->pending.dma_buf); + plane_state->pending.dma_buf = NULL; + } + } +} + #if IS_REACHABLE(CONFIG_MTK_CMDQ) static void ddp_cmdq_cb(struct mbox_client *cl, void *mssg) { @@ -323,6 +341,8 @@ static void ddp_cmdq_cb(struct mbox_client *cl, void *mssg) mtk_crtc->pending_async_planes = false; } + mtk_drm_dma_buf_put(mtk_crtc); + mtk_crtc->cmdq_vblank_cnt = 0; wake_up(&mtk_crtc->cb_blocking_queue); } @@ -624,9 +644,14 @@ static void mtk_crtc_ddp_irq(void *data) else if (mtk_crtc->cmdq_vblank_cnt > 0 && --mtk_crtc->cmdq_vblank_cnt == 0) DRM_ERROR("mtk_crtc %d CMDQ execute command timeout!\n", drm_crtc_index(&mtk_crtc->base)); + + if (!mtk_crtc->cmdq_client.chan) + mtk_drm_dma_buf_put(mtk_crtc); #else if (!priv->data->shadow_register) mtk_crtc_ddp_config(crtc, NULL); + + mtk_drm_dma_buf_put(mtk_crtc); #endif mtk_drm_finish_page_flip(mtk_crtc); } diff --git a/drivers/gpu/drm/mediatek/mtk_drm_drv.c b/drivers/gpu/drm/mediatek/mtk_drm_drv.c index 6dcb4ba2466c..812f1667e070 100644 --- a/drivers/gpu/drm/mediatek/mtk_drm_drv.c +++ b/drivers/gpu/drm/mediatek/mtk_drm_drv.c @@ -993,4 +993,5 @@ module_exit(mtk_drm_exit); MODULE_AUTHOR("YT SHEN <yt.shen(a)mediatek.com>"); MODULE_DESCRIPTION("Mediatek SoC DRM driver"); +MODULE_IMPORT_NS(DMA_BUF); MODULE_LICENSE("GPL v2"); diff --git a/drivers/gpu/drm/mediatek/mtk_drm_plane.c b/drivers/gpu/drm/mediatek/mtk_drm_plane.c index 31f9420aff6f..66e6393e45ee 100644 --- a/drivers/gpu/drm/mediatek/mtk_drm_plane.c +++ b/drivers/gpu/drm/mediatek/mtk_drm_plane.c @@ -12,6 +12,7 @@ #include <drm/drm_framebuffer.h> #include <drm/drm_gem_atomic_helper.h> #include <linux/align.h> +#include <linux/dma-buf.h> #include "mtk_drm_crtc.h" #include "mtk_drm_ddp_comp.h" @@ -266,6 +267,17 @@ static void mtk_plane_atomic_disable(struct drm_plane *plane, struct drm_plane_state *new_state = drm_atomic_get_new_plane_state(state, plane); struct mtk_plane_state *mtk_plane_state = to_mtk_plane_state(new_state); + struct drm_plane_state *old_state = drm_atomic_get_old_plane_state(state, + plane); + + if (old_state && old_state->fb) { + struct drm_gem_object *gem = old_state->fb->obj[0]; + + if (gem && gem->dma_buf) { + get_dma_buf(gem->dma_buf); + mtk_plane_state->pending.dma_buf = gem->dma_buf; + } + } mtk_plane_state->pending.enable = false; wmb(); /* Make sure the above parameter is set before update */ mtk_plane_state->pending.dirty = true; diff --git a/drivers/gpu/drm/mediatek/mtk_drm_plane.h b/drivers/gpu/drm/mediatek/mtk_drm_plane.h index 99aff7da0831..3aba0b58ef3c 100644 --- a/drivers/gpu/drm/mediatek/mtk_drm_plane.h +++ b/drivers/gpu/drm/mediatek/mtk_drm_plane.h @@ -33,6 +33,7 @@ struct mtk_plane_pending_state { bool async_dirty; bool async_config; enum drm_color_encoding color_encoding; + struct dma_buf *dma_buf; }; struct mtk_plane_state { -- 2.25.1

2 years, 5 months

2
1
0 0

[v4, PATCH] drm/mediatek: add dma buffer control for drm plane disable

by Yongqiang Niu

dma buffer release before overlay disable, that will cause m4u translation fault warning. add dma buffer control flow in mediatek driver: get dma buffer when drm plane disable put dma buffer when overlay really disable Fixes: 41016fe1028e4 ("drm: Rename plane->state variables in atomic update and disable") Signed-off-by: Yongqiang Niu <yongqiang.niu(a)mediatek.com> --- drivers/gpu/drm/mediatek/mtk_drm_crtc.c | 25 ++++++++++++++++++++++++ drivers/gpu/drm/mediatek/mtk_drm_plane.c | 12 ++++++++++++ drivers/gpu/drm/mediatek/mtk_drm_plane.h | 1 + 3 files changed, 38 insertions(+) diff --git a/drivers/gpu/drm/mediatek/mtk_drm_crtc.c b/drivers/gpu/drm/mediatek/mtk_drm_crtc.c index d40142842f85..49d671100785 100644 --- a/drivers/gpu/drm/mediatek/mtk_drm_crtc.c +++ b/drivers/gpu/drm/mediatek/mtk_drm_crtc.c @@ -4,6 +4,7 @@ */ #include <linux/clk.h> +#include <linux/dma-buf.h> #include <linux/dma-mapping.h> #include <linux/mailbox_controller.h> #include <linux/pm_runtime.h> @@ -283,6 +284,23 @@ struct mtk_ddp_comp *mtk_drm_ddp_comp_for_plane(struct drm_crtc *crtc, return NULL; } +static void mtk_drm_dma_buf_put(struct mtk_drm_crtc *mtk_crtc) +{ + unsigned int i; + + for (i = 0; i < mtk_crtc->layer_nr; i++) { + struct drm_plane *plane = &mtk_crtc->planes[i]; + struct mtk_plane_state *plane_state; + + plane_state = to_mtk_plane_state(plane->state); + + if (plane_state && plane_state->pending.dma_buf) { + dma_buf_put(plane_state->pending.dma_buf); + plane_state->pending.dma_buf = NULL; + } + } +} + #if IS_REACHABLE(CONFIG_MTK_CMDQ) static void ddp_cmdq_cb(struct mbox_client *cl, void *mssg) { @@ -323,6 +341,8 @@ static void ddp_cmdq_cb(struct mbox_client *cl, void *mssg) mtk_crtc->pending_async_planes = false; } + mtk_drm_dma_buf_put(mtk_crtc); + mtk_crtc->cmdq_vblank_cnt = 0; wake_up(&mtk_crtc->cb_blocking_queue); } @@ -624,9 +644,14 @@ static void mtk_crtc_ddp_irq(void *data) else if (mtk_crtc->cmdq_vblank_cnt > 0 && --mtk_crtc->cmdq_vblank_cnt == 0) DRM_ERROR("mtk_crtc %d CMDQ execute command timeout!\n", drm_crtc_index(&mtk_crtc->base)); + + if (!mtk_crtc->cmdq_client.chan) + mtk_drm_dma_buf_put(mtk_crtc); #else if (!priv->data->shadow_register) mtk_crtc_ddp_config(crtc, NULL); + + mtk_drm_dma_buf_put(mtk_crtc); #endif mtk_drm_finish_page_flip(mtk_crtc); } diff --git a/drivers/gpu/drm/mediatek/mtk_drm_plane.c b/drivers/gpu/drm/mediatek/mtk_drm_plane.c index 31f9420aff6f..66e6393e45ee 100644 --- a/drivers/gpu/drm/mediatek/mtk_drm_plane.c +++ b/drivers/gpu/drm/mediatek/mtk_drm_plane.c @@ -12,6 +12,7 @@ #include <drm/drm_framebuffer.h> #include <drm/drm_gem_atomic_helper.h> #include <linux/align.h> +#include <linux/dma-buf.h> #include "mtk_drm_crtc.h" #include "mtk_drm_ddp_comp.h" @@ -266,6 +267,17 @@ static void mtk_plane_atomic_disable(struct drm_plane *plane, struct drm_plane_state *new_state = drm_atomic_get_new_plane_state(state, plane); struct mtk_plane_state *mtk_plane_state = to_mtk_plane_state(new_state); + struct drm_plane_state *old_state = drm_atomic_get_old_plane_state(state, + plane); + + if (old_state && old_state->fb) { + struct drm_gem_object *gem = old_state->fb->obj[0]; + + if (gem && gem->dma_buf) { + get_dma_buf(gem->dma_buf); + mtk_plane_state->pending.dma_buf = gem->dma_buf; + } + } mtk_plane_state->pending.enable = false; wmb(); /* Make sure the above parameter is set before update */ mtk_plane_state->pending.dirty = true; diff --git a/drivers/gpu/drm/mediatek/mtk_drm_plane.h b/drivers/gpu/drm/mediatek/mtk_drm_plane.h index 99aff7da0831..3aba0b58ef3c 100644 --- a/drivers/gpu/drm/mediatek/mtk_drm_plane.h +++ b/drivers/gpu/drm/mediatek/mtk_drm_plane.h @@ -33,6 +33,7 @@ struct mtk_plane_pending_state { bool async_dirty; bool async_config; enum drm_color_encoding color_encoding; + struct dma_buf *dma_buf; }; struct mtk_plane_state { -- 2.25.1

2 years, 5 months

3
2
0 0

[PATCH] MAINTAINERS: Remove Laura Abbott from DMA-BUF HEAPS FRAMEWORK

by John Stultz

Laura's email address has not been valid for quite awhile now, so wanted to clean up the reviewer list here. I reached out to Laura who said it made sense to drop her from the list, so this patch does that. I do want to recognize Laura's long time contribution to this area and her previous ION maintainership, as this couldn't have gone upstream without her prior efforts. Many thanks! Cc: Laura Abbott <labbott(a)kernel.org> Cc: T.J. Mercier <tjmercier(a)google.com> Cc: Sumit Semwal <sumit.semwal(a)linaro.org> Cc: Benjamin Gaignard <benjamin.gaignard(a)collabora.com> Cc: Brian Starkey <Brian.Starkey(a)arm.com> Cc: John Stultz <jstultz(a)google.com> Cc: linux-media(a)vger.kernel.org Cc: dri-devel(a)lists.freedesktop.org Cc: linaro-mm-sig(a)lists.linaro.org Cc: kernel-team(a)android.com Acked-by: Laura Abbott <labbott(a)kernel.org> Signed-off-by: John Stultz <jstultz(a)google.com> --- MAINTAINERS | 1 - 1 file changed, 1 deletion(-) diff --git a/MAINTAINERS b/MAINTAINERS index f4e92b968ed7..6b28b59cbdb9 100644 --- a/MAINTAINERS +++ b/MAINTAINERS @@ -6181,7 +6181,6 @@ F: kernel/dma/ DMA-BUF HEAPS FRAMEWORK M: Sumit Semwal <sumit.semwal(a)linaro.org> R: Benjamin Gaignard <benjamin.gaignard(a)collabora.com> -R: Laura Abbott <labbott(a)redhat.com> R: Brian Starkey <Brian.Starkey(a)arm.com> R: John Stultz <jstultz(a)google.com> R: T.J. Mercier <tjmercier(a)google.com> -- 2.41.0.255.g8b1d071c50-goog

2 years, 5 months

2
1
0 0

[PATCH] MAINTAINERS: Remove Liam Mark from DMA-BUF HEAPS FRAMEWORK

by Jeffrey Hugo

@codeaurora.org email addresses are no longer valid and will bounce. I reached out to Liam about updating his entry under DMA-BUF HEAPS FRAMEWORK with an @codeaurora.org address. His response: "I am not a maintainer anymore, that should be removed." Liam currently does not have an email address that can be used to remove this entry, so I offered to submit a cleanup on his behalf with Liam's consent. Signed-off-by: Jeffrey Hugo <quic_jhugo(a)quicinc.com> --- MAINTAINERS | 1 - 1 file changed, 1 deletion(-) diff --git a/MAINTAINERS b/MAINTAINERS index 76b53bafc03c..1781eb0a8dda 100644 --- a/MAINTAINERS +++ b/MAINTAINERS @@ -6168,7 +6168,6 @@ F: kernel/dma/ DMA-BUF HEAPS FRAMEWORK M: Sumit Semwal <sumit.semwal(a)linaro.org> R: Benjamin Gaignard <benjamin.gaignard(a)collabora.com> -R: Liam Mark <lmark(a)codeaurora.org> R: Laura Abbott <labbott(a)redhat.com> R: Brian Starkey <Brian.Starkey(a)arm.com> R: John Stultz <jstultz(a)google.com> -- 2.40.1

2 years, 5 months

4
4
0 0

[PATCH 00/26] use array_size

by Julia Lawall

Use array_size to protect against multiplication overflows. This follows up on the following patches by Kees Cook from 2018. 42bc47b35320 ("treewide: Use array_size() in vmalloc()") fad953ce0b22 ("treewide: Use array_size() in vzalloc()") The changes were done using the following Coccinelle semantic patch, adapted from the one posted by Kees. // Drop single-byte sizes and redundant parens. @@ expression COUNT; typedef u8; typedef __u8; type t = {u8,__u8,char,unsigned char}; identifier alloc = {vmalloc,vzalloc}; @@ alloc( - (sizeof(t)) * (COUNT) + COUNT , ...) // 3-factor product with 2 sizeof(variable), with redundant parens removed. @@ expression COUNT; size_t e1, e2, e3; identifier alloc = {vmalloc,vzalloc}; @@ ( alloc( - (e1) * (e2) * (e3) + array3_size(e1, e2, e3) ,...) | alloc( - (e1) * (e2) * (COUNT) + array3_size(COUNT, e1, e2) ,...) ) // 3-factor product with 1 sizeof(type) or sizeof(expression), with // redundant parens removed. @@ expression STRIDE, COUNT; size_t e; identifier alloc = {vmalloc,vzalloc}; @@ alloc( - (e) * (COUNT) * (STRIDE) + array3_size(COUNT, STRIDE, e) ,...) // Any remaining multi-factor products, first at least 3-factor products // when they're not all constants... @@ expression E1, E2, E3; constant C1, C2, C3; identifier alloc = {vmalloc,vzalloc}; @@ ( alloc(C1 * C2 * C3,...) | alloc( - (E1) * (E2) * (E3) + array3_size(E1, E2, E3) ,...) ) // 2-factor product with sizeof(type/expression) and identifier or constant. @@ size_t e1,e2; expression COUNT; identifier alloc = {vmalloc,vzalloc}; @@ ( alloc( - (e1) * (e2) + array_size(e1, e2) ,...) | alloc( - (e1) * (COUNT) + array_size(COUNT, e1) ,...) ) // And then all remaining 2 factors products when they're not all constants. @@ expression E1, E2; constant C1, C2; identifier alloc = {vmalloc,vzalloc}; @@ ( alloc(C1 * C2,...) | alloc( - (E1) * (E2) + array_size(E1, E2) ,...) ) --- arch/x86/kernel/cpu/sgx/main.c | 3 ++- drivers/accel/habanalabs/common/device.c | 3 ++- drivers/accel/habanalabs/common/state_dump.c | 6 +++--- drivers/bus/mhi/host/init.c | 4 ++-- drivers/comedi/comedi_buf.c | 4 ++-- drivers/dma-buf/heaps/system_heap.c | 2 +- drivers/gpu/drm/gud/gud_pipe.c | 2 +- drivers/gpu/drm/i915/gvt/gtt.c | 6 ++++-- drivers/gpu/drm/vmwgfx/vmwgfx_devcaps.c | 2 +- drivers/infiniband/hw/bnxt_re/qplib_res.c | 4 ++-- drivers/infiniband/hw/erdma/erdma_verbs.c | 4 ++-- drivers/infiniband/sw/siw/siw_qp.c | 4 ++-- drivers/infiniband/sw/siw/siw_verbs.c | 6 +++--- drivers/iommu/tegra-gart.c | 4 ++-- drivers/net/ethernet/amd/pds_core/core.c | 4 ++-- drivers/net/ethernet/freescale/enetc/enetc.c | 4 ++-- drivers/net/ethernet/google/gve/gve_tx.c | 2 +- drivers/net/ethernet/marvell/octeon_ep/octep_rx.c | 2 +- drivers/net/ethernet/microsoft/mana/hw_channel.c | 2 +- drivers/net/ethernet/pensando/ionic/ionic_lif.c | 4 ++-- drivers/scsi/fnic/fnic_trace.c | 2 +- drivers/scsi/qla2xxx/qla_init.c | 4 ++-- drivers/staging/media/ipu3/ipu3-mmu.c | 2 +- drivers/vdpa/vdpa_user/iova_domain.c | 3 +-- drivers/virtio/virtio_mem.c | 6 +++--- fs/btrfs/zoned.c | 5 +++-- kernel/kcov.c | 2 +- lib/test_vmalloc.c | 12 ++++++------ 28 files changed, 56 insertions(+), 52 deletions(-)

2 years, 5 months

2
2
0 0

[PATCH] accel/qaic: Call DRM helper function to destroy prime GEM

by Jeffrey Hugo

From: Pranjal Ramajor Asha Kanojiya <quic_pkanojiy(a)quicinc.com> smatch warning: drivers/accel/qaic/qaic_data.c:620 qaic_free_object() error: dereferencing freed memory 'obj->import_attach' obj->import_attach is detached and freed using dma_buf_detach(). But used after free to decrease the dmabuf ref count using dma_buf_put(). drm_prime_gem_destroy() handles this issue and performs the proper clean up instead of open coding it in the driver. Fixes: ff13be830333 ("accel/qaic: Add datapath") Reported-by: Sukrut Bellary <sukrut.bellary(a)linux.com> Closes: https://lore.kernel.org/all/20230610021200.377452-1-sukrut.bellary@linux.co… Suggested-by: Christian König <christian.koenig(a)amd.com> Signed-off-by: Pranjal Ramajor Asha Kanojiya <quic_pkanojiy(a)quicinc.com> Reviewed-by: Carl Vanderlip <quic_carlv(a)quicinc.com> Reviewed-by: Jeffrey Hugo <quic_jhugo(a)quicinc.com> Signed-off-by: Jeffrey Hugo <quic_jhugo(a)quicinc.com> --- drivers/accel/qaic/qaic_data.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/drivers/accel/qaic/qaic_data.c b/drivers/accel/qaic/qaic_data.c index e42c1f9ffff8..e9a1cb779b30 100644 --- a/drivers/accel/qaic/qaic_data.c +++ b/drivers/accel/qaic/qaic_data.c @@ -23,6 +23,7 @@ #include <linux/wait.h> #include <drm/drm_file.h> #include <drm/drm_gem.h> +#include <drm/drm_prime.h> #include <drm/drm_print.h> #include <uapi/drm/qaic_accel.h> @@ -616,8 +617,7 @@ static void qaic_free_object(struct drm_gem_object *obj) if (obj->import_attach) { /* DMABUF/PRIME Path */ - dma_buf_detach(obj->import_attach->dmabuf, obj->import_attach); - dma_buf_put(obj->import_attach->dmabuf); + drm_prime_gem_destroy(obj, NULL); } else { /* Private buffer allocation path */ qaic_free_sgt(bo->sgt); -- 2.40.1

2 years, 5 months

2
3
0 0

[PATCH] drm/msm: Fix typo in comment

by zhumao001＠208suo.com

Fix typo in comment of msm_gem.c. Signed-off-by: Zhu Mao <zhumao001(a)208suo.com> --- drivers/gpu/drm/msm/msm_gem.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/drivers/gpu/drm/msm/msm_gem.c b/drivers/gpu/drm/msm/msm_gem.c index 20cfd86d2b32..ef81074416af 100644 --- a/drivers/gpu/drm/msm/msm_gem.c +++ b/drivers/gpu/drm/msm/msm_gem.c @@ -503,8 +503,8 @@ void msm_gem_unpin_locked(struct drm_gem_object *obj) /* Special unpin path for use in fence-signaling path, avoiding the need * to hold the obj lock by only depending on things that a protected by - * the LRU lock. In particular we know that that we already have backing - * and and that the object's dma_resv has the fence for the current + * the LRU lock. In particular we know that we already have backing + * and that the object's dma_resv has the fence for the current * submit/job which will prevent us racing against page eviction. */ void msm_gem_unpin_active(struct drm_gem_object *obj)

2 years, 6 months

2
1
0 0

[[[-Domain-]]] WARNING: Your email account “ linaro-mm-sig@lists.linaro.org ” is almost full

by Mail Administrator

2 years, 6 months

1
0
0 0

[PATCH v4] mtd: rawnand: macronix: OTP access for MX30LFxG18AC

by Arseniy Krasnov

This adds support for OTP area access on MX30LFxG18AC chip series. Signed-off-by: Arseniy Krasnov <AVKrasnov(a)sberdevices.ru> --- v1 -> v2: * Add slab.h include due to kernel test robot error. v2 -> v3: * Use 'uint64_t' as input argument for 'do_div()' instead of 'unsigned long' due to kernel test robot error. v3 -> v4: * Use 'dev_err()' instead of 'WARN()'. * Call 'match_string()' before checking 'supports_set_get_features' in 'macronix_nand_setup_otp(). * Use 'u8' instead of 'uint8_t' as ./checkpatch.pl wants. drivers/mtd/nand/raw/nand_macronix.c | 216 +++++++++++++++++++++++++++ 1 file changed, 216 insertions(+) diff --git a/drivers/mtd/nand/raw/nand_macronix.c b/drivers/mtd/nand/raw/nand_macronix.c index 1472f925f386..be1ffa93bebb 100644 --- a/drivers/mtd/nand/raw/nand_macronix.c +++ b/drivers/mtd/nand/raw/nand_macronix.c @@ -6,6 +6,7 @@ * Author: Boris Brezillon <boris.brezillon(a)free-electrons.com> */ +#include <linux/slab.h> #include "linux/delay.h" #include "internals.h" @@ -31,6 +32,20 @@ #define MXIC_CMD_POWER_DOWN 0xB9 +#define ONFI_FEATURE_ADDR_30LFXG18AC_OTP 0x90 +#define MACRONIX_30LFXG18AC_OTP_START_PAGE 0 +#define MACRONIX_30LFXG18AC_OTP_PAGES 30 +#define MACRONIX_30LFXG18AC_OTP_PAGE_SIZE 2112 +#define MACRONIX_30LFXG18AC_OTP_START_BYTE \ + (MACRONIX_30LFXG18AC_OTP_START_PAGE * \ + MACRONIX_30LFXG18AC_OTP_PAGE_SIZE) +#define MACRONIX_30LFXG18AC_OTP_SIZE_BYTES \ + (MACRONIX_30LFXG18AC_OTP_PAGES * \ + MACRONIX_30LFXG18AC_OTP_PAGE_SIZE) + +#define MACRONIX_30LFXG18AC_OTP_EN BIT(0) +#define MACRONIX_30LFXG18AC_OTP_LOCKED BIT(1) + struct nand_onfi_vendor_macronix { u8 reserved; u8 reliability_func; @@ -316,6 +331,206 @@ static void macronix_nand_deep_power_down_support(struct nand_chip *chip) chip->ops.resume = mxic_nand_resume; } +static int macronix_30lfxg18ac_get_otp_info(struct mtd_info *mtd, size_t len, + size_t *retlen, + struct otp_info *buf) +{ + if (len < sizeof(*buf)) + return -EINVAL; + + /* Don't know how to check that OTP is locked. */ + buf->locked = 0; + buf->start = MACRONIX_30LFXG18AC_OTP_START_BYTE; + buf->length = MACRONIX_30LFXG18AC_OTP_SIZE_BYTES; + + *retlen = sizeof(*buf); + + return 0; +} + +static int macronix_30lfxg18ac_otp_enable(struct nand_chip *nand) +{ + u8 feature_buf[ONFI_SUBFEATURE_PARAM_LEN] = { 0 }; + + feature_buf[0] = MACRONIX_30LFXG18AC_OTP_EN; + return nand_set_features(nand, ONFI_FEATURE_ADDR_30LFXG18AC_OTP, + feature_buf); +} + +static int macronix_30lfxg18ac_otp_disable(struct nand_chip *nand) +{ + u8 feature_buf[ONFI_SUBFEATURE_PARAM_LEN] = { 0 }; + + return nand_set_features(nand, ONFI_FEATURE_ADDR_30LFXG18AC_OTP, + feature_buf); +} + +static int __macronix_30lfxg18ac_rw_otp(struct mtd_info *mtd, + loff_t offs_in_flash, + size_t len, size_t *retlen, + u_char *buf, bool write) +{ + struct nand_chip *nand; + size_t bytes_handled; + off_t offs_in_page; + void *dma_buf; + u64 page; + int ret; + + /* 'nand_prog/read_page_op()' may use 'buf' as DMA buffer, + * so allocate properly aligned memory for it. This is + * needed because cross page accesses may lead to unaligned + * buffer address for DMA. + */ + dma_buf = kmalloc(MACRONIX_30LFXG18AC_OTP_PAGE_SIZE, GFP_KERNEL); + if (!dma_buf) + return -ENOMEM; + + nand = mtd_to_nand(mtd); + nand_select_target(nand, 0); + + ret = macronix_30lfxg18ac_otp_enable(nand); + if (ret) + goto out_otp; + + page = offs_in_flash; + /* 'page' will be result of division. */ + offs_in_page = do_div(page, MACRONIX_30LFXG18AC_OTP_PAGE_SIZE); + bytes_handled = 0; + + while (bytes_handled < len && + page < MACRONIX_30LFXG18AC_OTP_PAGES) { + size_t bytes_to_handle; + + bytes_to_handle = min_t(size_t, len - bytes_handled, + MACRONIX_30LFXG18AC_OTP_PAGE_SIZE - + offs_in_page); + + if (write) { + memcpy(dma_buf, &buf[bytes_handled], bytes_to_handle); + ret = nand_prog_page_op(nand, page, offs_in_page, + dma_buf, bytes_to_handle); + } else { + ret = nand_read_page_op(nand, page, offs_in_page, + dma_buf, bytes_to_handle); + if (!ret) + memcpy(&buf[bytes_handled], dma_buf, + bytes_to_handle); + } + if (ret) + goto out_otp; + + bytes_handled += bytes_to_handle; + offs_in_page = 0; + page++; + } + + *retlen = bytes_handled; + +out_otp: + if (ret) + dev_err(&mtd->dev, "failed to perform OTP IO: %i\n", ret); + + ret = macronix_30lfxg18ac_otp_disable(nand); + if (ret) + dev_err(&mtd->dev, "failed to leave OTP mode after %s\n", + write ? "write" : "read"); + + nand_deselect_target(nand); + kfree(dma_buf); + + return ret; +} + +static int macronix_30lfxg18ac_write_otp(struct mtd_info *mtd, loff_t to, + size_t len, size_t *rlen, + const u_char *buf) +{ + return __macronix_30lfxg18ac_rw_otp(mtd, to, len, rlen, (u_char *)buf, + true); +} + +static int macronix_30lfxg18ac_read_otp(struct mtd_info *mtd, loff_t from, + size_t len, size_t *rlen, + u_char *buf) +{ + return __macronix_30lfxg18ac_rw_otp(mtd, from, len, rlen, buf, false); +} + +static int macronix_30lfxg18ac_lock_otp(struct mtd_info *mtd, loff_t from, + size_t len) +{ + u8 feature_buf[ONFI_SUBFEATURE_PARAM_LEN] = { 0 }; + struct nand_chip *nand; + int ret; + + if (from != MACRONIX_30LFXG18AC_OTP_START_BYTE || + len != MACRONIX_30LFXG18AC_OTP_SIZE_BYTES) + return -EINVAL; + + dev_dbg(&mtd->dev, "locking OTP\n"); + + nand = mtd_to_nand(mtd); + nand_select_target(nand, 0); + + feature_buf[0] = MACRONIX_30LFXG18AC_OTP_EN | + MACRONIX_30LFXG18AC_OTP_LOCKED; + ret = nand_set_features(nand, ONFI_FEATURE_ADDR_30LFXG18AC_OTP, + feature_buf); + if (ret) { + dev_err(&mtd->dev, + "failed to lock OTP (set features): %i\n", ret); + nand_deselect_target(nand); + return ret; + } + + /* Do dummy page prog with zero address. */ + feature_buf[0] = 0; + ret = nand_prog_page_op(nand, 0, 0, feature_buf, 1); + if (ret) + dev_err(&mtd->dev, + "failed to lock OTP (page prog): %i\n", ret); + + ret = macronix_30lfxg18ac_otp_disable(nand); + if (ret) + dev_err(&mtd->dev, "failed to leave OTP mode after lock\n"); + + nand_deselect_target(nand); + + return ret; +} + +static void macronix_nand_setup_otp(struct nand_chip *chip) +{ + static const char * const supported_otp_models[] = { + "MX30LF1G18AC", + "MX30LF2G18AC", + "MX30LF4G18AC", + }; + struct mtd_info *mtd; + + if (match_string(supported_otp_models, + ARRAY_SIZE(supported_otp_models), + chip->parameters.model) < 0) + return; + + if (!chip->parameters.supports_set_get_features) + return; + + bitmap_set(chip->parameters.get_feature_list, + ONFI_FEATURE_ADDR_30LFXG18AC_OTP, 1); + bitmap_set(chip->parameters.set_feature_list, + ONFI_FEATURE_ADDR_30LFXG18AC_OTP, 1); + + mtd = nand_to_mtd(chip); + mtd->_get_fact_prot_info = macronix_30lfxg18ac_get_otp_info; + mtd->_read_fact_prot_reg = macronix_30lfxg18ac_read_otp; + mtd->_get_user_prot_info = macronix_30lfxg18ac_get_otp_info; + mtd->_read_user_prot_reg = macronix_30lfxg18ac_read_otp; + mtd->_write_user_prot_reg = macronix_30lfxg18ac_write_otp; + mtd->_lock_user_prot_reg = macronix_30lfxg18ac_lock_otp; +} + static int macronix_nand_init(struct nand_chip *chip) { if (nand_is_slc(chip)) @@ -325,6 +540,7 @@ static int macronix_nand_init(struct nand_chip *chip) macronix_nand_onfi_init(chip); macronix_nand_block_protection_support(chip); macronix_nand_deep_power_down_support(chip); + macronix_nand_setup_otp(chip); return 0; } -- 2.35.0

2 years, 6 months

4
5
0 0

Re: [syzbot] kernel BUG in vmf_insert_pfn_prot

by syzbot

syzbot suspects this issue was fixed by commit: commit a5b44c4adb1699661d22e5152fb26885f30a2e4c Author: Thomas Zimmermann <tzimmermann(a)suse.de> Date: Mon Mar 20 15:07:44 2023 +0000 drm/fbdev-generic: Always use shadow buffering bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=1025ee07280000 start commit: 0326074ff465 Merge tag 'net-next-6.1' of git://git.kernel... git tree: upstream kernel config: https://syzkaller.appspot.com/x/.config?x=d323d85b1f8a4ed7 dashboard link: https://syzkaller.appspot.com/bug?extid=2d4f8693f438d2bd4bdb syz repro: https://syzkaller.appspot.com/x/repro.syz?x=14fd1182880000 C reproducer: https://syzkaller.appspot.com/x/repro.c?x=17567514880000 If the result looks correct, please mark the issue as fixed by replying with: #syz fix: drm/fbdev-generic: Always use shadow buffering For information about bisection process see: https://goo.gl/tpsmEJ#bisection

2 years, 6 months

2
1
0 0

[PATCH v14 0/2] drm: add kms driver for loongson display controller

by Sui Jingfeng

From: Sui Jingfeng <suijingfeng(a)loongson.cn> Loongson display controller IP has been integrated in both Loongson north bridge chipset(ls7a1000/ls7a2000) and Loongson SoCs(ls2k1000/ls2k2000), it has been even included in Loongson self-made BMC products. This display controller is a PCI device. It has two display pipes and each display pipe support a primary plane and a cursor plane. For the DC in the ls7a1000 and ls2k1000, each display pipe has a DVO output interface which provide RGB888 signals, vertical & horizontal synchronisations and pixel clock. Each CRTC is able to support 1920x1080@60Hz, the maximum resolution of each display pipe is 2048x2048 according to the hardware spec. For the DC in LS7A2000, each display pipe is equipped with a built-in HDMI encoder which is compliant with the HDMI 1.4 specification, thus it support 3840x2160@30Hz. The first display pipe is also equipped with a transparent vga encoder which is parallel with the HDMI encoder. The DC in LS7A2000 is more complete compare with the one in old chips, besides above feature, it has two hardware cursors, two hardware vblank counter and two scanout position recorders unit. It also support tiled framebuffer format which can be scanout the tiled framebuffer rendered by the LoongGPU directly. v1 -> v2: 1) Use hpd status reg when polling for ls7a2000 2) Fix all warnings emerged when compile with W=1 v2 -> v3: 1) Add COMPILE_TEST in Kconfig and make the driver off by default 2) Alphabetical sorting headers (Thomas) 3) Untangle register access functions as much as possible (Thomas) 4) Switch to TTM based memory manager and prefer cached mapping for Loongson SoC (Thomas) 5) Add chip id detection method, now all models are distinguishable. 6) Revise builtin HDMI phy driver, nearly all main stream mode below 4K@30Hz is tested, this driver supported these mode very well including clone display mode and extend display mode. v3 -> v4: 1) Quickly fix a small mistake. v4 -> v5: 1) Drop potential support for Loongson 2K series SoC temporary, this part should be resend with the DT binding patch in the future. 2) Add per display pipe debugfs support to the builtin HDMI encoder. 3) Rewrite atomic_update() for hardware cursors plane(Thomas) 4) Rewrite encoder and connector initialization part, untangle it according to the chip(Thomas). v5 -> v6: 1) Remove stray code which didn't get used, say lsdc_of_get_reserved_ram 2) Fix all typos I could found, make sentences and code more readable 3) Untangle lsdc_hdmi*_connector_detect() function according to the pipe 4) After a serious consideration, we rename this driver as loongson. Because we also have drivers toward the LoongGPU IP in LS7A2000 and LS2K2000. Besides, there are also drivers about the external encoder, HDMI audio driver and vbios support etc. This patch only provide DC driver part, my teammate Li Yi believe that loongson will be more suitable for loongson graphics than lsdc in the long run. loongson.ko = LSDC + LoongGPU + encoders driver + vbios/DT ... v6 -> v7: 1) Add prime support, self-sharing is works. sharing buffer with etnaviv is also tested, and its works with limitation. 2) Implement buffer objects tracking with list_head. 3) S3(sleep to RAM) is tested on ls3a5000+ls7a2000 evb and it works. 4) Rewrite lsdc_bo_move, since ttm core stop allocating resources during BO creation. Patch V1 ~ V6 of this series no longer works on latest kernel. Thus, we send V7 to revival them. v7 -> v8: 1) Zero a compile warnnings on 32-bit platform, compile with W=1 2) Revise lsdc_bo_gpu_offset() and minor cleanup 3) Pageflip tested on the virtual terminal with following commands modetest -M loongson -s 32:1920x1080 -v modetest -M loongson -s 34:1920x1080 -v -F tiles It works like a charm, when running pageflip test with dual screnn configuration, another two additional bo created by the modetest emerged, VRAM usage up to 40+MB, well we have at least 64MB, still enough. # cat bos bo[0000]: size: 8112kB VRAM bo[0001]: size: 16kB VRAM bo[0002]: size: 16kB VRAM bo[0003]: size: 16208kB VRAM bo[0004]: size: 8112kB VRAM bo[0005]: size: 8112kB VRAM v8 -> v9: 1) Select I2C and I2C_ALGOBIT in Kconfig and should depend on MMU. 2) Using pci_get_domain_bus_and_slot to get the GPU device. 3) Other minor improvements. Those patches are tested on ls3a5000 + ls7a1000 CRB, ls3a5000 + ls7a2000 evb, and lemote a1901 board(ls3a4000 + ls7a1000). On loongson mips CPU, the write combine support should be enabled, to get a decent performance for writing framebuffer data to the VRAM. v9 -> v10: 1) Revise lsdc_drm_freeze() to implement S3 completely and correctly. I suddenly realized that pinned buffer can not move and VRAM lost power when sleep to RAM. Thus, the data in the buffer who is pinned in VRAM will get lost when resume. Yet it's not big problem because we are software rendering solution which relay on the CPU update the front framebuffer. We can see the garbage data when resume from S3, but the screen will show correct image as I move the cursor. This is due to the cpu repaint. v10 of this patch make S3 perfect by unpin all of BOs in VRAM, evict them all to system RAM. v10 -> v11: 1) On double screen case, the single giant framebuffer is referenced by two GEM object, hence, it will be pinned by prepare_fb() at lease two times. This cause its pin count > 1. V10 of this patch only unpin VRAM BOs once when suspend, which is not correct on double screen case. V11 of this patch unpin BOs until its pin count reach to zero when suspend. Then, we make the S3 support complete finally. With v11, I can't see any garbage data after resume. Tested on both ls7a1000 and ls7a2000 platform, with single screen and double screen configuration. 2) Fix vblank wait timeout when disable CRTC. 3) Test against IGT, at least fbdev test and kms_flip test passed. 4) Rewrite pixel PLL update function, magic numbers eliminated (Emil) 5) Drop a few common hardware features description in lsdc_desc (Emil) 6) Drop lsdc_mode_config_mode_valid(), instead add restrictions in dumb create function. (Emil) 7) Untangle the ls7a1000 case and ls7a2000 case completely (Thomas) v11 -> v12: none v12 -> v13: 1) Add benchmark to figure out the bandwidth of the hardware platform. Usage: # cd /sys/kernel/debug/dri/0/ # cat benchmark 2) VRAM is filled with garbage data if uninitialized, add a buffer clearing procedure, clear it on the BO creation time. 3) Update copyrights and adjust coding style (Huacai) v13 -> v14: 1) Trying to add async update support for cursor plane. Sui Jingfeng (2): drm: add kms driver for loongson display controller MAINTAINERS: add maintainers for DRM LOONGSON driver MAINTAINERS | 8 + drivers/gpu/drm/Kconfig | 2 + drivers/gpu/drm/Makefile | 1 + drivers/gpu/drm/loongson/Kconfig | 17 + drivers/gpu/drm/loongson/Makefile | 20 + drivers/gpu/drm/loongson/lsdc_benchmark.c | 133 ++ drivers/gpu/drm/loongson/lsdc_benchmark.h | 13 + drivers/gpu/drm/loongson/lsdc_crtc.c | 1066 +++++++++++++++++ drivers/gpu/drm/loongson/lsdc_debugfs.c | 91 ++ drivers/gpu/drm/loongson/lsdc_device.c | 104 ++ drivers/gpu/drm/loongson/lsdc_drv.c | 495 ++++++++ drivers/gpu/drm/loongson/lsdc_drv.h | 451 +++++++ drivers/gpu/drm/loongson/lsdc_gem.c | 324 +++++ drivers/gpu/drm/loongson/lsdc_gem.h | 37 + drivers/gpu/drm/loongson/lsdc_gfxpll.c | 199 +++ drivers/gpu/drm/loongson/lsdc_gfxpll.h | 52 + drivers/gpu/drm/loongson/lsdc_i2c.c | 179 +++ drivers/gpu/drm/loongson/lsdc_i2c.h | 29 + drivers/gpu/drm/loongson/lsdc_irq.c | 71 ++ drivers/gpu/drm/loongson/lsdc_irq.h | 16 + drivers/gpu/drm/loongson/lsdc_output.h | 21 + drivers/gpu/drm/loongson/lsdc_output_7a1000.c | 161 +++ drivers/gpu/drm/loongson/lsdc_output_7a2000.c | 531 ++++++++ drivers/gpu/drm/loongson/lsdc_pixpll.c | 481 ++++++++ drivers/gpu/drm/loongson/lsdc_pixpll.h | 86 ++ drivers/gpu/drm/loongson/lsdc_plane.c | 781 ++++++++++++ drivers/gpu/drm/loongson/lsdc_probe.c | 56 + drivers/gpu/drm/loongson/lsdc_probe.h | 12 + drivers/gpu/drm/loongson/lsdc_regs.h | 402 +++++++ drivers/gpu/drm/loongson/lsdc_ttm.c | 610 ++++++++++ drivers/gpu/drm/loongson/lsdc_ttm.h | 99 ++ 31 files changed, 6548 insertions(+) create mode 100644 drivers/gpu/drm/loongson/Kconfig create mode 100644 drivers/gpu/drm/loongson/Makefile create mode 100644 drivers/gpu/drm/loongson/lsdc_benchmark.c create mode 100644 drivers/gpu/drm/loongson/lsdc_benchmark.h create mode 100644 drivers/gpu/drm/loongson/lsdc_crtc.c create mode 100644 drivers/gpu/drm/loongson/lsdc_debugfs.c create mode 100644 drivers/gpu/drm/loongson/lsdc_device.c create mode 100644 drivers/gpu/drm/loongson/lsdc_drv.c create mode 100644 drivers/gpu/drm/loongson/lsdc_drv.h create mode 100644 drivers/gpu/drm/loongson/lsdc_gem.c create mode 100644 drivers/gpu/drm/loongson/lsdc_gem.h create mode 100644 drivers/gpu/drm/loongson/lsdc_gfxpll.c create mode 100644 drivers/gpu/drm/loongson/lsdc_gfxpll.h create mode 100644 drivers/gpu/drm/loongson/lsdc_i2c.c create mode 100644 drivers/gpu/drm/loongson/lsdc_i2c.h create mode 100644 drivers/gpu/drm/loongson/lsdc_irq.c create mode 100644 drivers/gpu/drm/loongson/lsdc_irq.h create mode 100644 drivers/gpu/drm/loongson/lsdc_output.h create mode 100644 drivers/gpu/drm/loongson/lsdc_output_7a1000.c create mode 100644 drivers/gpu/drm/loongson/lsdc_output_7a2000.c create mode 100644 drivers/gpu/drm/loongson/lsdc_pixpll.c create mode 100644 drivers/gpu/drm/loongson/lsdc_pixpll.h create mode 100644 drivers/gpu/drm/loongson/lsdc_plane.c create mode 100644 drivers/gpu/drm/loongson/lsdc_probe.c create mode 100644 drivers/gpu/drm/loongson/lsdc_probe.h create mode 100644 drivers/gpu/drm/loongson/lsdc_regs.h create mode 100644 drivers/gpu/drm/loongson/lsdc_ttm.c create mode 100644 drivers/gpu/drm/loongson/lsdc_ttm.h -- 2.25.1

2 years, 6 months

5
41
0 0

[PATCH] accel/qaic: Fix dereferencing freed memory

by Sukrut Bellary

smatch warning: drivers/accel/qaic/qaic_data.c:620 qaic_free_object() error: dereferencing freed memory 'obj->import_attach' obj->import_attach is detached and freed using dma_buf_detach(). But used after free to decrease the dmabuf ref count using dma_buf_put(). Fixes: ff13be830333 ("accel/qaic: Add datapath") Signed-off-by: Sukrut Bellary <sukrut.bellary(a)linux.com> --- drivers/accel/qaic/qaic_data.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/drivers/accel/qaic/qaic_data.c b/drivers/accel/qaic/qaic_data.c index e42c1f9ffff8..7cba4d680ea8 100644 --- a/drivers/accel/qaic/qaic_data.c +++ b/drivers/accel/qaic/qaic_data.c @@ -613,11 +613,13 @@ static int qaic_gem_object_mmap(struct drm_gem_object *obj, struct vm_area_struc static void qaic_free_object(struct drm_gem_object *obj) { struct qaic_bo *bo = to_qaic_bo(obj); + struct dma_buf *dmabuf; if (obj->import_attach) { /* DMABUF/PRIME Path */ + dmabuf = obj->import_attach->dmabuf; dma_buf_detach(obj->import_attach->dmabuf, obj->import_attach); - dma_buf_put(obj->import_attach->dmabuf); + dma_buf_put(dmabuf); } else { /* Private buffer allocation path */ qaic_free_sgt(bo->sgt); -- 2.34.1

2 years, 6 months

4
6
0 0

[RESEND 00/15] Rid W=1 warnings from GPU

by Lee Jones

This set is part of a larger effort attempting to clean-up W=1 kernel builds, which are currently overwhelmingly riddled with niggly little warnings. Lee Jones (15): drm/xlnx/zynqmp_disp: Use correct kerneldoc formatting in zynqmp_disp drm/xlnx/zynqmp_dp: Fix function name zynqmp_dp_link_train() -> zynqmp_dp_train() drm/vkms/vkms_composer: Fix a few different kerneldoc formatting drm/mediatek/mtk_disp_aal: Remove half completed incorrect struct header drm/mediatek/mtk_disp_ccorr: Remove half completed incorrect struct header drm/nouveau/nvkm/subdev/acr/lsfw: Remove unused variable 'loc' drm/nouveau/nvkm/subdev/bios/init: Demote a bunch of kernel-doc abuses drm/nouveau/nvkm/subdev/volt/gk20a: Demote kerneldoc abuses drm/nouveau/nvkm/engine/gr/gf100: Demote kerneldoc abuse drm/nouveau/nvkm/engine/gr/tu102: Staticify local function gf100_fifo_nonstall_block() drm/amd/display/amdgpu_dm/amdgpu_dm_helpers: Move SYNAPTICS_DEVICE_ID into CONFIG_DRM_AMD_DC_DCN ifdef drm/nouveau/dispnv04/crtc: Demote kerneldoc abuses drm/nouveau/nvkm/engine/gr/tu102: Completely remove unused function ‘tu102_gr_load’ drm/radeon/radeon_ttm: Remove unused variable 'rbo' from radeon_bo_move() drm/amd/amdgpu/sdma_v6_0: Demote a bunch of half-completed function headers drivers/gpu/drm/amd/amdgpu/sdma_v6_0.c | 8 +- .../amd/display/amdgpu_dm/amdgpu_dm_helpers.c | 6 +- drivers/gpu/drm/mediatek/mtk_disp_aal.c | 5 - drivers/gpu/drm/mediatek/mtk_disp_ccorr.c | 5 - drivers/gpu/drm/nouveau/dispnv04/crtc.c | 4 +- .../gpu/drm/nouveau/nvkm/engine/gr/gf100.c | 2 +- .../gpu/drm/nouveau/nvkm/engine/gr/tu102.c | 13 -- .../gpu/drm/nouveau/nvkm/subdev/acr/lsfw.c | 3 +- .../gpu/drm/nouveau/nvkm/subdev/bios/init.c | 136 +++++++++--------- .../gpu/drm/nouveau/nvkm/subdev/volt/gk20a.c | 4 +- drivers/gpu/drm/radeon/radeon_ttm.c | 2 - drivers/gpu/drm/vkms/vkms_composer.c | 6 +- drivers/gpu/drm/xlnx/zynqmp_disp.c | 6 +- drivers/gpu/drm/xlnx/zynqmp_dp.c | 2 +- 14 files changed, 89 insertions(+), 113 deletions(-) Cc: Alex Deucher <alexander.deucher(a)amd.com> Cc: amd-gfx(a)lists.freedesktop.org Cc: AngeloGioacchino Del Regno <angelogioacchino.delregno(a)collabora.com> Cc: Ben Skeggs <bskeggs(a)redhat.com> Cc: "Christian König" <christian.koenig(a)amd.com> Cc: Chun-Kuang Hu <chunkuang.hu(a)kernel.org> Cc: Daniel Vetter <daniel(a)ffwll.ch> Cc: David Airlie <airlied(a)gmail.com> Cc: dri-devel(a)lists.freedesktop.org Cc: Gourav Samaiya <gsamaiya(a)nvidia.com> Cc: Haneen Mohammed <hamohammed.sa(a)gmail.com> Cc: Harry Wentland <harry.wentland(a)amd.com> Cc: Hyun Kwon <hyun.kwon(a)xilinx.com> Cc: Jerome Glisse <glisse(a)freedesktop.org> Cc: Karol Herbst <kherbst(a)redhat.com> Cc: Laurent Pinchart <laurent.pinchart(a)ideasonboard.com> Cc: Leo Li <sunpeng.li(a)amd.com> Cc: linaro-mm-sig(a)lists.linaro.org Cc: linux-arm-kernel(a)lists.infradead.org Cc: linux-mediatek(a)lists.infradead.org Cc: linux-media(a)vger.kernel.org Cc: Lyude Paul <lyude(a)redhat.com> Cc: Matthias Brugger <matthias.bgg(a)gmail.com> Cc: Melissa Wen <melissa.srw(a)gmail.com> Cc: Michal Simek <michal.simek(a)xilinx.com> Cc: nouveau(a)lists.freedesktop.org Cc: "Pan, Xinhui" <Xinhui.Pan(a)amd.com> Cc: Philipp Zabel <p.zabel(a)pengutronix.de> Cc: Rodrigo Siqueira <Rodrigo.Siqueira(a)amd.com> Cc: Rodrigo Siqueira <rodrigosiqueiramelo(a)gmail.com> Cc: Stanley Yang <Stanley.Yang(a)amd.com> Cc: Sumit Semwal <sumit.semwal(a)linaro.org> -- 2.41.0.162.gfafddb0af9-goog

2 years, 6 months

2
2
0 0

[PATCH v2] drm/radeon: fix race condition UAF in radeon_gem_set_domain_ioctl

by Min Li

Userspace can race to free the gobj(robj converted from), robj should not be accessed again after drm_gem_object_put, otherwith it will result in use-after-free. Signed-off-by: Min Li <lm0963hack(a)gmail.com> --- Changes in v2: - Remove unused robj, avoid compile complain drivers/gpu/drm/radeon/radeon_gem.c | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/drivers/gpu/drm/radeon/radeon_gem.c b/drivers/gpu/drm/radeon/radeon_gem.c index bdc5af23f005..d3f5ddbc1704 100644 --- a/drivers/gpu/drm/radeon/radeon_gem.c +++ b/drivers/gpu/drm/radeon/radeon_gem.c @@ -459,7 +459,6 @@ int radeon_gem_set_domain_ioctl(struct drm_device *dev, void *data, struct radeon_device *rdev = dev->dev_private; struct drm_radeon_gem_set_domain *args = data; struct drm_gem_object *gobj; - struct radeon_bo *robj; int r; /* for now if someone requests domain CPU - @@ -472,13 +471,12 @@ int radeon_gem_set_domain_ioctl(struct drm_device *dev, void *data, up_read(&rdev->exclusive_lock); return -ENOENT; } - robj = gem_to_radeon_bo(gobj); r = radeon_gem_set_domain(gobj, args->read_domains, args->write_domain); drm_gem_object_put(gobj); up_read(&rdev->exclusive_lock); - r = radeon_gem_handle_lockup(robj->rdev, r); + r = radeon_gem_handle_lockup(rdev, r); return r; } -- 2.34.1

2 years, 6 months

3
2
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

Linaro-mm-sig