From: Chia-I Wu olvaffe@gmail.com
[ Upstream commit 5afa9d2a9bb1410f816e0123846047288b16e4b9 ]
Fail early from panthor_vm_bind_prepare_op_ctx instead of late from ops->map_pages.
Signed-off-by: Chia-I Wu olvaffe@gmail.com Reviewed-by: Boris Brezillon boris.brezillon@collabora.com Reviewed-by: Liviu Dudau liviu.dudau@arm.com Reviewed-by: Steven Price steven.price@arm.com Signed-off-by: Steven Price steven.price@arm.com Link: https://lore.kernel.org/r/20250828200116.3532255-1-olvaffe@gmail.com Signed-off-by: Sasha Levin sashal@kernel.org ---
LLM Generated explanations, may be completely bogus:
YES
- What changed - Adds page-size alignment validation for `op->bo_offset` alongside `op->va` and `op->size` in `panthor_vm_bind_prepare_op_ctx`, causing early `-EINVAL` if any are misaligned (drivers/gpu/drm/panthor/panthor_mmu.c:2450). - Clarifies `panthor_vm_prepare_map_op_ctx` by updating the comment to reflect it only checks in-bounds, not alignment (drivers/gpu/drm/panthor/panthor_mmu.c:1225).
- Why it matters - Previously, only `va` and `size` were checked for alignment at bind- prepare time; an unaligned `bo_offset` would be detected later during page-table mapping via `ops->map_pages`, i.e., deeper in the map path (drivers/gpu/drm/panthor/panthor_mmu.c:917). This late failure wastes work (page pinning, SGT fetching, VM BO handling, PT prealloc) before unwinding. - The new check fails fast at the UAPI entry point for both async and sync VM_BIND flows: - Async: `panthor_vm_bind_job_create` calls prepare and now rejects invalid input immediately (drivers/gpu/drm/panthor/panthor_mmu.c:2514). - Sync: `panthor_vm_bind_exec_sync_op` likewise rejects before any mapping work (drivers/gpu/drm/panthor/panthor_mmu.c:2683). - Behavior for invalid inputs does not change (still returns `-EINVAL`), but error is returned sooner and more predictably. There is no change for valid inputs.
- Correctness and consistency - Alignment to the VM page size is consistent with existing checks: VA and size are enforced to page alignment in various paths, and the VM’s page size is derived from the IOMMU page-table configuration (drivers/gpu/drm/panthor/panthor_mmu.c:848). - Mapping uses the physical address `paddr = sg_dma_address(sgl) + offset`; an unaligned `offset` directly misaligns `paddr`, which can cause `ops->map_pages` to fail or fall back suboptimally. Catching this in the ioctl path avoids deeper IOMMU/map failures (drivers/gpu/drm/panthor/panthor_mmu.c:917).
- Risk assessment - Small, contained validation change with no API or architectural changes; affects only the panthor driver. - Reduces resource churn on error paths (pin/unpin, PT prealloc, etc.) and avoids late failures; cleanup paths already exist and remain unchanged. - No change to success paths; only earlier rejection for inputs that would fail later anyway.
- Stable backport criteria - Fixes a real (though not catastrophic) bug: missing parameter validation leading to late errors and unnecessary work. - Minimal regression risk and confined to a single subsystem file. - Improves robustness and user-visible behavior (fail early, consistent `-EINVAL`), aligning with stable policy for small, low- risk fixes.
Given the above, this is a good candidate for stable backport.
drivers/gpu/drm/panthor/panthor_mmu.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/gpu/drm/panthor/panthor_mmu.c b/drivers/gpu/drm/panthor/panthor_mmu.c index 4140f697ba5af..d18c832d8ae9a 100644 --- a/drivers/gpu/drm/panthor/panthor_mmu.c +++ b/drivers/gpu/drm/panthor/panthor_mmu.c @@ -1194,7 +1194,7 @@ static int panthor_vm_prepare_map_op_ctx(struct panthor_vm_op_ctx *op_ctx, (flags & DRM_PANTHOR_VM_BIND_OP_TYPE_MASK) != DRM_PANTHOR_VM_BIND_OP_TYPE_MAP) return -EINVAL;
- /* Make sure the VA and size are aligned and in-bounds. */ + /* Make sure the VA and size are in-bounds. */ if (size > bo->base.base.size || offset > bo->base.base.size - size) return -EINVAL;
@@ -2411,7 +2411,7 @@ panthor_vm_bind_prepare_op_ctx(struct drm_file *file, int ret;
/* Aligned on page size. */ - if (!IS_ALIGNED(op->va | op->size, vm_pgsz)) + if (!IS_ALIGNED(op->va | op->size | op->bo_offset, vm_pgsz)) return -EINVAL;
switch (op->flags & DRM_PANTHOR_VM_BIND_OP_TYPE_MASK) {