I am not entirely sure if this fixes anything, but the code standed out while investigated problematic calls to vunmap.
nvkm_umem.io is only ever set for the NVKM_OBJECT_MAP_IO case in nvkm_umem_map, but never for the NVKM_OBJECT_MAP_VA one, which could lead to taking the wrong patch inside nvkm_umem_unmap.
I just don't know if this is a real issue or not, but the code doesn't look correct this way.
Fixes: c83c4097eba8 ("drm/nouveau/mmu: define user interfaces to mmu memory allocation") Cc: stable@vger.kernel.org # v4.15+ --- drivers/gpu/drm/nouveau/nvkm/subdev/mmu/umem.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/drivers/gpu/drm/nouveau/nvkm/subdev/mmu/umem.c b/drivers/gpu/drm/nouveau/nvkm/subdev/mmu/umem.c index e530bb8b3b17..2608e0796066 100644 --- a/drivers/gpu/drm/nouveau/nvkm/subdev/mmu/umem.c +++ b/drivers/gpu/drm/nouveau/nvkm/subdev/mmu/umem.c @@ -102,6 +102,7 @@ nvkm_umem_map(struct nvkm_object *object, void *argv, u32 argc, *handle = (unsigned long)(void *)umem->map; *length = nvkm_memory_size(umem->memory); *type = NVKM_OBJECT_MAP_VA; + umem->io = false; return 0; } else if ((umem->type & NVKM_MEM_VRAM) || @@ -112,12 +113,11 @@ nvkm_umem_map(struct nvkm_object *object, void *argv, u32 argc, return ret;
*type = NVKM_OBJECT_MAP_IO; - } else { - return -EINVAL; + umem->io = true; + return 0; }
- umem->io = (*type == NVKM_OBJECT_MAP_IO); - return 0; + return -EINVAL; }
static void *
linux-stable-mirror@lists.linaro.org