From: Sean Paul <sean@poorly.run>
To: Brian Masney <masneyb@onstation.org>
Cc: robdclark@gmail.com, sean@poorly.run, bjorn.andersson@linaro.org,
dri-devel@lists.freedesktop.org, linux-arm-msm@vger.kernel.org,
freedreno@lists.freedesktop.org, airlied@linux.ie,
daniel@ffwll.ch, linux-kernel@vger.kernel.org,
linus.walleij@linaro.org, jonathan@marek.ca, robh@kernel.org
Subject: Re: [PATCH v2.1 1/2] drm/msm: remove resv fields from msm_gem_object struct
Date: Tue, 14 May 2019 14:12:29 -0400 [thread overview]
Message-ID: <20190514181229.GR17077@art_vandelay> (raw)
In-Reply-To: <20190513234105.7531-1-masneyb@onstation.org>
On Mon, May 13, 2019 at 07:41:04PM -0400, Brian Masney wrote:
> The msm_gem_object structure contains resv and _resv fields that are
> no longer needed since the reservation object is now stored on
> drm_gem_object. msm_atomic_prepare_fb() and msm_atomic_prepare_fb()
> both referenced the wrong reservation object, and would lead to an
> attempt to dereference a NULL pointer. Correct those two cases to
> point to the correct reservation object.
>
> Signed-off-by: Brian Masney <masneyb@onstation.org>
Thanks Brian for your patches. I've applied them to drm-misc-next-fixes for
inclusion in 5.2
Sean
> Reviewed-by: Bjorn Andersson <bjorn.andersson@linaro.org>
> Tested-by: Bjorn Andersson <bjorn.andersson@linaro.org>
> Fixes: dd55cf6929e6 ("drm: msm: Switch to use drm_gem_object reservation_object")
> ---
> This is a split out version of this patch from where I am working to get
> the display working on the Nexus 5:
>
> https://lore.kernel.org/lkml/20190509020352.14282-2-masneyb@onstation.org/
>
> Bjorn asks:
> This resolves a NULL-pointer dereference about to show up in v5.2-rc1,
> so please pick this up for -rc.
>
> In this version, I dropped the change to msm_gem_new_impl() that
> mistakenly removed 'msm_obj->base.resv = resv;'. I did not put a v3 on
> this patch since I wanted to keep that version number for the larger work
> to get the display working on the Nexus 5 so I went with 2.1 here. :)
>
> drivers/gpu/drm/msm/disp/dpu1/dpu_plane.c | 4 +---
> drivers/gpu/drm/msm/msm_atomic.c | 4 +---
> drivers/gpu/drm/msm/msm_gem.h | 4 ----
> 3 files changed, 2 insertions(+), 10 deletions(-)
>
> diff --git a/drivers/gpu/drm/msm/disp/dpu1/dpu_plane.c b/drivers/gpu/drm/msm/disp/dpu1/dpu_plane.c
> index 4fca24b8702c..f3d009a3dc63 100644
> --- a/drivers/gpu/drm/msm/disp/dpu1/dpu_plane.c
> +++ b/drivers/gpu/drm/msm/disp/dpu1/dpu_plane.c
> @@ -781,7 +781,6 @@ static int dpu_plane_prepare_fb(struct drm_plane *plane,
> struct dpu_plane_state *pstate = to_dpu_plane_state(new_state);
> struct dpu_hw_fmt_layout layout;
> struct drm_gem_object *obj;
> - struct msm_gem_object *msm_obj;
> struct dma_fence *fence;
> struct dpu_kms *kms = _dpu_plane_get_kms(&pdpu->base);
> int ret;
> @@ -800,8 +799,7 @@ static int dpu_plane_prepare_fb(struct drm_plane *plane,
> * implicit fence and fb prepare by hand here.
> */
> obj = msm_framebuffer_bo(new_state->fb, 0);
> - msm_obj = to_msm_bo(obj);
> - fence = reservation_object_get_excl_rcu(msm_obj->resv);
> + fence = reservation_object_get_excl_rcu(obj->resv);
> if (fence)
> drm_atomic_set_fence_for_plane(new_state, fence);
>
> diff --git a/drivers/gpu/drm/msm/msm_atomic.c b/drivers/gpu/drm/msm/msm_atomic.c
> index f5b1256e32b6..131c23a267ee 100644
> --- a/drivers/gpu/drm/msm/msm_atomic.c
> +++ b/drivers/gpu/drm/msm/msm_atomic.c
> @@ -49,15 +49,13 @@ int msm_atomic_prepare_fb(struct drm_plane *plane,
> struct msm_drm_private *priv = plane->dev->dev_private;
> struct msm_kms *kms = priv->kms;
> struct drm_gem_object *obj;
> - struct msm_gem_object *msm_obj;
> struct dma_fence *fence;
>
> if (!new_state->fb)
> return 0;
>
> obj = msm_framebuffer_bo(new_state->fb, 0);
> - msm_obj = to_msm_bo(obj);
> - fence = reservation_object_get_excl_rcu(msm_obj->resv);
> + fence = reservation_object_get_excl_rcu(obj->resv);
>
> drm_atomic_set_fence_for_plane(new_state, fence);
>
> diff --git a/drivers/gpu/drm/msm/msm_gem.h b/drivers/gpu/drm/msm/msm_gem.h
> index c5ac781dffee..812d1b1369a5 100644
> --- a/drivers/gpu/drm/msm/msm_gem.h
> +++ b/drivers/gpu/drm/msm/msm_gem.h
> @@ -86,10 +86,6 @@ struct msm_gem_object {
>
> struct llist_node freed;
>
> - /* normally (resv == &_resv) except for imported bo's */
> - struct reservation_object *resv;
> - struct reservation_object _resv;
> -
> /* For physically contiguous buffers. Used when we don't have
> * an IOMMU. Also used for stolen/splashscreen buffer.
> */
> --
> 2.20.1
>
--
Sean Paul, Software Engineer, Google / Chromium OS
prev parent reply other threads:[~2019-05-14 18:12 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-05-13 23:41 [PATCH v2.1 1/2] drm/msm: remove resv fields from msm_gem_object struct Brian Masney
2019-05-13 23:41 ` [PATCH 2/2] drm/msm: correct attempted NULL pointer dereference in debugfs Brian Masney
2019-05-13 23:41 ` Brian Masney
2019-05-14 18:12 ` Sean Paul [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190514181229.GR17077@art_vandelay \
--to=sean@poorly.run \
--cc=airlied@linux.ie \
--cc=bjorn.andersson@linaro.org \
--cc=daniel@ffwll.ch \
--cc=dri-devel@lists.freedesktop.org \
--cc=freedreno@lists.freedesktop.org \
--cc=jonathan@marek.ca \
--cc=linus.walleij@linaro.org \
--cc=linux-arm-msm@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=masneyb@onstation.org \
--cc=robdclark@gmail.com \
--cc=robh@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.