* [PATCH v2 1/2] drm/virtio: factor out the sg_table from virtio_gpu_object
@ 2020-03-04 2:05 Gurchetan Singh
2020-03-04 2:05 ` [PATCH v2 2/2] drm/virtio: add case for shmem objects in virtio_gpu_cleanup_object(..) Gurchetan Singh
0 siblings, 1 reply; 3+ messages in thread
From: Gurchetan Singh @ 2020-03-04 2:05 UTC (permalink / raw)
To: dri-devel; +Cc: kraxel, Gurchetan Singh
A resource will be a shmem based resource or a (planned)
vram based resource, so it makes sense to factor out common fields
(resource handle, dumb).
v2: move mapped field to shmem object
Signed-off-by: Gurchetan Singh <gurchetansingh@chromium.org>
---
drivers/gpu/drm/virtio/virtgpu_drv.h | 13 +++++++----
drivers/gpu/drm/virtio/virtgpu_object.c | 31 ++++++++++++++-----------
drivers/gpu/drm/virtio/virtgpu_vq.c | 6 +++--
3 files changed, 30 insertions(+), 20 deletions(-)
diff --git a/drivers/gpu/drm/virtio/virtgpu_drv.h b/drivers/gpu/drm/virtio/virtgpu_drv.h
index ce73895cf74b..8e2027da6cce 100644
--- a/drivers/gpu/drm/virtio/virtgpu_drv.h
+++ b/drivers/gpu/drm/virtio/virtgpu_drv.h
@@ -69,16 +69,21 @@ struct virtio_gpu_object_params {
struct virtio_gpu_object {
struct drm_gem_shmem_object base;
uint32_t hw_res_handle;
-
- struct sg_table *pages;
- uint32_t mapped;
-
bool dumb;
bool created;
};
#define gem_to_virtio_gpu_obj(gobj) \
container_of((gobj), struct virtio_gpu_object, base.base)
+struct virtio_gpu_object_shmem {
+ struct virtio_gpu_object base;
+ struct sg_table *pages;
+ uint32_t mapped;
+};
+
+#define to_virtio_gpu_shmem(virtio_gpu_object) \
+ container_of((virtio_gpu_object), struct virtio_gpu_object_shmem, base)
+
struct virtio_gpu_object_array {
struct ww_acquire_ctx ticket;
struct list_head next;
diff --git a/drivers/gpu/drm/virtio/virtgpu_object.c b/drivers/gpu/drm/virtio/virtgpu_object.c
index c5cad949eb8d..1f8b062bb9eb 100644
--- a/drivers/gpu/drm/virtio/virtgpu_object.c
+++ b/drivers/gpu/drm/virtio/virtgpu_object.c
@@ -65,16 +65,17 @@ static void virtio_gpu_resource_id_put(struct virtio_gpu_device *vgdev, uint32_t
void virtio_gpu_cleanup_object(struct virtio_gpu_object *bo)
{
struct virtio_gpu_device *vgdev = bo->base.base.dev->dev_private;
+ struct virtio_gpu_object_shmem *shmem = to_virtio_gpu_shmem(bo);
- if (bo->pages) {
- if (bo->mapped) {
+ if (shmem->pages) {
+ if (shmem->mapped) {
dma_unmap_sg(vgdev->vdev->dev.parent,
- bo->pages->sgl, bo->mapped,
+ shmem->pages->sgl, shmem->mapped,
DMA_TO_DEVICE);
- bo->mapped = 0;
+ shmem->mapped = 0;
}
- sg_free_table(bo->pages);
- bo->pages = NULL;
+ sg_free_table(shmem->pages);
+ shmem->pages = NULL;
drm_gem_shmem_unpin(&bo->base.base);
}
virtio_gpu_resource_id_put(vgdev, bo->hw_res_handle);
@@ -133,6 +134,7 @@ static int virtio_gpu_object_shmem_init(struct virtio_gpu_device *vgdev,
unsigned int *nents)
{
bool use_dma_api = !virtio_has_iommu_quirk(vgdev->vdev);
+ struct virtio_gpu_object_shmem *shmem = to_virtio_gpu_shmem(bo);
struct scatterlist *sg;
int si, ret;
@@ -140,19 +142,20 @@ static int virtio_gpu_object_shmem_init(struct virtio_gpu_device *vgdev,
if (ret < 0)
return -EINVAL;
- bo->pages = drm_gem_shmem_get_sg_table(&bo->base.base);
- if (!bo->pages) {
+ shmem->pages = drm_gem_shmem_get_sg_table(&bo->base.base);
+ if (!shmem->pages) {
drm_gem_shmem_unpin(&bo->base.base);
return -EINVAL;
}
if (use_dma_api) {
- bo->mapped = dma_map_sg(vgdev->vdev->dev.parent,
- bo->pages->sgl, bo->pages->nents,
- DMA_TO_DEVICE);
- *nents = bo->mapped;
+ shmem->mapped = dma_map_sg(vgdev->vdev->dev.parent,
+ shmem->pages->sgl,
+ shmem->pages->nents,
+ DMA_TO_DEVICE);
+ *nents = shmem->mapped;
} else {
- *nents = bo->pages->nents;
+ *nents = shmem->pages->nents;
}
*ents = kmalloc_array(*nents, sizeof(struct virtio_gpu_mem_entry),
@@ -162,7 +165,7 @@ static int virtio_gpu_object_shmem_init(struct virtio_gpu_device *vgdev,
return -ENOMEM;
}
- for_each_sg(bo->pages->sgl, sg, *nents, si) {
+ for_each_sg(shmem->pages->sgl, sg, *nents, si) {
(*ents)[si].addr = cpu_to_le64(use_dma_api
? sg_dma_address(sg)
: sg_phys(sg));
diff --git a/drivers/gpu/drm/virtio/virtgpu_vq.c b/drivers/gpu/drm/virtio/virtgpu_vq.c
index 5e2375e0f7bb..73854915ec34 100644
--- a/drivers/gpu/drm/virtio/virtgpu_vq.c
+++ b/drivers/gpu/drm/virtio/virtgpu_vq.c
@@ -600,10 +600,11 @@ void virtio_gpu_cmd_transfer_to_host_2d(struct virtio_gpu_device *vgdev,
struct virtio_gpu_transfer_to_host_2d *cmd_p;
struct virtio_gpu_vbuffer *vbuf;
bool use_dma_api = !virtio_has_iommu_quirk(vgdev->vdev);
+ struct virtio_gpu_object_shmem *shmem = to_virtio_gpu_shmem(bo);
if (use_dma_api)
dma_sync_sg_for_device(vgdev->vdev->dev.parent,
- bo->pages->sgl, bo->pages->nents,
+ shmem->pages->sgl, shmem->pages->nents,
DMA_TO_DEVICE);
cmd_p = virtio_gpu_alloc_cmd(vgdev, &vbuf, sizeof(*cmd_p));
@@ -1015,10 +1016,11 @@ void virtio_gpu_cmd_transfer_to_host_3d(struct virtio_gpu_device *vgdev,
struct virtio_gpu_transfer_host_3d *cmd_p;
struct virtio_gpu_vbuffer *vbuf;
bool use_dma_api = !virtio_has_iommu_quirk(vgdev->vdev);
+ struct virtio_gpu_object_shmem *shmem = to_virtio_gpu_shmem(bo);
if (use_dma_api)
dma_sync_sg_for_device(vgdev->vdev->dev.parent,
- bo->pages->sgl, bo->pages->nents,
+ shmem->pages->sgl, shmem->pages->nents,
DMA_TO_DEVICE);
cmd_p = virtio_gpu_alloc_cmd(vgdev, &vbuf, sizeof(*cmd_p));
--
2.25.1.481.gfbce0eb801-goog
_______________________________________________
dri-devel mailing list
dri-devel@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/dri-devel
^ permalink raw reply related [flat|nested] 3+ messages in thread
* [PATCH v2 2/2] drm/virtio: add case for shmem objects in virtio_gpu_cleanup_object(..)
2020-03-04 2:05 [PATCH v2 1/2] drm/virtio: factor out the sg_table from virtio_gpu_object Gurchetan Singh
@ 2020-03-04 2:05 ` Gurchetan Singh
2020-03-04 8:10 ` Gerd Hoffmann
0 siblings, 1 reply; 3+ messages in thread
From: Gurchetan Singh @ 2020-03-04 2:05 UTC (permalink / raw)
To: dri-devel; +Cc: kraxel, Gurchetan Singh
This function can be reused for hostmem objects.
v2: move virtio_gpu_is_shmem() check to virtio_gpu_cleanup_object()
Signed-off-by: Gurchetan Singh <gurchetansingh@chromium.org>
---
drivers/gpu/drm/virtio/virtgpu_drv.h | 2 +-
drivers/gpu/drm/virtio/virtgpu_object.c | 32 +++++++++++++++----------
2 files changed, 20 insertions(+), 14 deletions(-)
diff --git a/drivers/gpu/drm/virtio/virtgpu_drv.h b/drivers/gpu/drm/virtio/virtgpu_drv.h
index 8e2027da6cce..c1824bdf2418 100644
--- a/drivers/gpu/drm/virtio/virtgpu_drv.h
+++ b/drivers/gpu/drm/virtio/virtgpu_drv.h
@@ -371,7 +371,7 @@ int virtio_gpu_object_create(struct virtio_gpu_device *vgdev,
struct virtio_gpu_object **bo_ptr,
struct virtio_gpu_fence *fence);
-bool virtio_gpu_is_shmem(struct drm_gem_object *obj);
+bool virtio_gpu_is_shmem(struct virtio_gpu_object *bo);
/* virtgpu_prime.c */
struct drm_gem_object *virtgpu_gem_prime_import_sg_table(
diff --git a/drivers/gpu/drm/virtio/virtgpu_object.c b/drivers/gpu/drm/virtio/virtgpu_object.c
index 1f8b062bb9eb..0610a2effa40 100644
--- a/drivers/gpu/drm/virtio/virtgpu_object.c
+++ b/drivers/gpu/drm/virtio/virtgpu_object.c
@@ -65,21 +65,27 @@ static void virtio_gpu_resource_id_put(struct virtio_gpu_device *vgdev, uint32_t
void virtio_gpu_cleanup_object(struct virtio_gpu_object *bo)
{
struct virtio_gpu_device *vgdev = bo->base.base.dev->dev_private;
- struct virtio_gpu_object_shmem *shmem = to_virtio_gpu_shmem(bo);
- if (shmem->pages) {
- if (shmem->mapped) {
- dma_unmap_sg(vgdev->vdev->dev.parent,
- shmem->pages->sgl, shmem->mapped,
- DMA_TO_DEVICE);
- shmem->mapped = 0;
+ if (virtio_gpu_is_shmem(bo)) {
+ struct virtio_gpu_object_shmem *shmem = to_virtio_gpu_shmem(bo);
+
+ if (shmem->pages) {
+ if (shmem->mapped) {
+ dma_unmap_sg(vgdev->vdev->dev.parent,
+ shmem->pages->sgl, shmem->mapped,
+ DMA_TO_DEVICE);
+ shmem->mapped = 0;
+ }
+
+ sg_free_table(shmem->pages);
+ shmem->pages = NULL;
+ drm_gem_shmem_unpin(&bo->base.base);
}
- sg_free_table(shmem->pages);
- shmem->pages = NULL;
- drm_gem_shmem_unpin(&bo->base.base);
+
+ drm_gem_shmem_free_object(&bo->base.base);
}
+
virtio_gpu_resource_id_put(vgdev, bo->hw_res_handle);
- drm_gem_shmem_free_object(&bo->base.base);
}
static void virtio_gpu_free_object(struct drm_gem_object *obj)
@@ -110,9 +116,9 @@ static const struct drm_gem_object_funcs virtio_gpu_shmem_funcs = {
.mmap = drm_gem_shmem_mmap,
};
-bool virtio_gpu_is_shmem(struct drm_gem_object *obj)
+bool virtio_gpu_is_shmem(struct virtio_gpu_object *bo)
{
- return obj->funcs == &virtio_gpu_shmem_funcs;
+ return bo->base.base.funcs == &virtio_gpu_shmem_funcs;
}
struct drm_gem_object *virtio_gpu_create_object(struct drm_device *dev,
--
2.25.1.481.gfbce0eb801-goog
_______________________________________________
dri-devel mailing list
dri-devel@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/dri-devel
^ permalink raw reply related [flat|nested] 3+ messages in thread
* Re: [PATCH v2 2/2] drm/virtio: add case for shmem objects in virtio_gpu_cleanup_object(..)
2020-03-04 2:05 ` [PATCH v2 2/2] drm/virtio: add case for shmem objects in virtio_gpu_cleanup_object(..) Gurchetan Singh
@ 2020-03-04 8:10 ` Gerd Hoffmann
0 siblings, 0 replies; 3+ messages in thread
From: Gerd Hoffmann @ 2020-03-04 8:10 UTC (permalink / raw)
To: Gurchetan Singh; +Cc: dri-devel
Hi,
> + drm_gem_shmem_free_object(&bo->base.base);
> }
> +
> virtio_gpu_resource_id_put(vgdev, bo->hw_res_handle);
use-after-free here.
cheers,
Gerd
_______________________________________________
dri-devel mailing list
dri-devel@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/dri-devel
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2020-03-04 8:10 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-03-04 2:05 [PATCH v2 1/2] drm/virtio: factor out the sg_table from virtio_gpu_object Gurchetan Singh
2020-03-04 2:05 ` [PATCH v2 2/2] drm/virtio: add case for shmem objects in virtio_gpu_cleanup_object(..) Gurchetan Singh
2020-03-04 8:10 ` Gerd Hoffmann
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.