[PATCH v2 0/2] drm/ttm: Cleanup state in global ttm structures

[PATCH v2 0/2] drm/ttm: Cleanup state in global ttm structures

[Brian Yip]

State in global ttm structures was not properly reset on cleanup.

In the scenario where multiple drm drivers are loaded and the first one 
fails to initialize, there is an attempt to reset the global state in
the ttm structures. However, there were some attributes which were not
properly reset during this process. This resulted in a crash and 
false positive kobj initialization warnings during subsequent initialization
of these global structures.

Fix the crash and false positive kobj initialization warnings.

---
Changes in v2:

State in global ttm structures is reset by means of zeroing memory
in global structure initialization functions rather than checking
reference counters in their corresponding release functions.

Brian Yip (2):
  drm/ttm: Reset ttm_mem_global when initialized
  drm/ttm: Reset ttm_bo_glob when initialized

 drivers/gpu/drm/ttm/ttm_bo.c     | 6 +++++-
 drivers/gpu/drm/ttm/ttm_memory.c | 2 ++
 2 files changed, 7 insertions(+), 1 deletion(-)

-- 
2.20.1

[PATCH v2 1/2] drm/ttm: Reset ttm_mem_global when initialized

[Brian Yip]

Certain attributes such as num_zones and kobj in the
ttm_mem_global structure were never reset after calling
ttm_mem_global_release(). Consequently, when multiple GPU drivers
are loaded, and the first one fails to load its firmware, the second
driver will attempt to load its own firmware. Initializing the
second driver invokes ttm_mem_global_init where ttm_mem_global.num_zones
is eventually incremented beyond TTM_MEM_MAX_ZONES.
ttm_mem_global.num_zones is then used to dereference a ttm_mem_zone beyond
the amount of ttm_mem_zones allocated, resulting in a crash.

Zero initialize the ttm_mem_global structure such that its state will
be pristine and thus, ready to be re-initialized.

Signed-off-by: Brian Yip <itsbriany@gmail.com>
---
 drivers/gpu/drm/ttm/ttm_memory.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/drivers/gpu/drm/ttm/ttm_memory.c b/drivers/gpu/drm/ttm/ttm_memory.c
index 699fed9e08ee..73b461d5a4c0 100644
--- a/drivers/gpu/drm/ttm/ttm_memory.c
+++ b/drivers/gpu/drm/ttm/ttm_memory.c
@@ -419,6 +419,8 @@ int ttm_mem_global_init(struct ttm_mem_global *glob)
 	int i;
 	struct ttm_mem_zone *zone;
 
+	memset(glob, 0, sizeof(struct ttm_mem_global));
+
 	spin_lock_init(&glob->lock);
 	glob->swap_queue = create_singlethread_workqueue("ttm_swap");
 	INIT_WORK(&glob->work, ttm_shrink_work);
-- 
2.20.1

[PATCH v2 2/2] drm/ttm: Reset ttm_bo_glob when initialized

[Brian Yip]

Always initialize ttm_bo_glob from a pristine state when its use_count
is 0. Persist use_count so that ttm_bo_glob can later be released.

Signed-off-by: Brian Yip <itsbriany@gmail.com>
---
 drivers/gpu/drm/ttm/ttm_bo.c | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/drivers/gpu/drm/ttm/ttm_bo.c b/drivers/gpu/drm/ttm/ttm_bo.c
index 988416fb8a0b..d95762a90654 100644
--- a/drivers/gpu/drm/ttm/ttm_bo.c
+++ b/drivers/gpu/drm/ttm/ttm_bo.c
@@ -1543,12 +1543,16 @@ static int ttm_bo_global_init(void)
 {
 	struct ttm_bo_global *glob = &ttm_bo_glob;
 	int ret = 0;
-	unsigned i;
+	unsigned i, uc;
 
 	mutex_lock(&ttm_global_mutex);
 	if (++glob->use_count > 1)
 		goto out;
 
+	uc = glob->use_count;
+	memset(glob, 0, sizeof(struct ttm_bo_global));
+	glob->use_count = uc;
+
 	ret = ttm_mem_global_init(&ttm_mem_glob);
 	if (ret)
 		goto out;
-- 
2.20.1