From: Bjorn Andersson <bjorn.andersson@linaro.org>
To: Brian Masney <masneyb@onstation.org>
Cc: robdclark@gmail.com, sean@poorly.run,
dri-devel@lists.freedesktop.org, linux-arm-msm@vger.kernel.org,
freedreno@lists.freedesktop.org, airlied@linux.ie,
daniel@ffwll.ch, linux-kernel@vger.kernel.org,
linus.walleij@linaro.org, jonathan@marek.ca, robh@kernel.org
Subject: Re: [PATCH v2 1/6] drm: msm: remove resv fields from msm_gem_object struct
Date: Mon, 13 May 2019 13:32:39 -0700 [thread overview]
Message-ID: <20190513203239.GA9527@builder> (raw)
In-Reply-To: <20190509020352.14282-2-masneyb@onstation.org>
On Wed 08 May 19:03 PDT 2019, Brian Masney wrote:
> The msm_gem_object structure contains resv and _resv fields that are
> no longer needed since the reservation object is now stored on
> drm_gem_object. msm_atomic_prepare_fb() and msm_atomic_prepare_fb()
> both referenced the wrong reservation object, and would lead to an
> attempt to dereference a NULL pointer. Correct those two cases to
> point to the correct reservation object.
>
> Signed-off-by: Brian Masney <masneyb@onstation.org>
> Fixes: dd55cf6929e6 ("drm: msm: Switch to use drm_gem_object reservation_object")
Reviewed-by: Bjorn Andersson <bjorn.andersson@linaro.org>
Tested-by: Bjorn Andersson <bjorn.andersson@linaro.org>
This resolves a NULL-pointer dereference about to show up in v5.2-rc1,
so please pick this up for -rc.
Regards,
Bjorn
> ---
> Patch introduced in v2
>
> drivers/gpu/drm/msm/disp/dpu1/dpu_plane.c | 4 +---
> drivers/gpu/drm/msm/msm_atomic.c | 4 +---
> drivers/gpu/drm/msm/msm_gem.c | 3 ---
> drivers/gpu/drm/msm/msm_gem.h | 4 ----
> 4 files changed, 2 insertions(+), 13 deletions(-)
>
> diff --git a/drivers/gpu/drm/msm/disp/dpu1/dpu_plane.c b/drivers/gpu/drm/msm/disp/dpu1/dpu_plane.c
> index da1f727d7495..ce1a555e1f31 100644
> --- a/drivers/gpu/drm/msm/disp/dpu1/dpu_plane.c
> +++ b/drivers/gpu/drm/msm/disp/dpu1/dpu_plane.c
> @@ -780,7 +780,6 @@ static int dpu_plane_prepare_fb(struct drm_plane *plane,
> struct dpu_plane_state *pstate = to_dpu_plane_state(new_state);
> struct dpu_hw_fmt_layout layout;
> struct drm_gem_object *obj;
> - struct msm_gem_object *msm_obj;
> struct dma_fence *fence;
> struct dpu_kms *kms = _dpu_plane_get_kms(&pdpu->base);
> int ret;
> @@ -799,8 +798,7 @@ static int dpu_plane_prepare_fb(struct drm_plane *plane,
> * implicit fence and fb prepare by hand here.
> */
> obj = msm_framebuffer_bo(new_state->fb, 0);
> - msm_obj = to_msm_bo(obj);
> - fence = reservation_object_get_excl_rcu(msm_obj->resv);
> + fence = reservation_object_get_excl_rcu(obj->resv);
> if (fence)
> drm_atomic_set_fence_for_plane(new_state, fence);
>
> diff --git a/drivers/gpu/drm/msm/msm_atomic.c b/drivers/gpu/drm/msm/msm_atomic.c
> index f5b1256e32b6..131c23a267ee 100644
> --- a/drivers/gpu/drm/msm/msm_atomic.c
> +++ b/drivers/gpu/drm/msm/msm_atomic.c
> @@ -49,15 +49,13 @@ int msm_atomic_prepare_fb(struct drm_plane *plane,
> struct msm_drm_private *priv = plane->dev->dev_private;
> struct msm_kms *kms = priv->kms;
> struct drm_gem_object *obj;
> - struct msm_gem_object *msm_obj;
> struct dma_fence *fence;
>
> if (!new_state->fb)
> return 0;
>
> obj = msm_framebuffer_bo(new_state->fb, 0);
> - msm_obj = to_msm_bo(obj);
> - fence = reservation_object_get_excl_rcu(msm_obj->resv);
> + fence = reservation_object_get_excl_rcu(obj->resv);
>
> drm_atomic_set_fence_for_plane(new_state, fence);
>
> diff --git a/drivers/gpu/drm/msm/msm_gem.c b/drivers/gpu/drm/msm/msm_gem.c
> index 31d5a744d84f..947508e8269d 100644
> --- a/drivers/gpu/drm/msm/msm_gem.c
> +++ b/drivers/gpu/drm/msm/msm_gem.c
> @@ -973,9 +973,6 @@ static int msm_gem_new_impl(struct drm_device *dev,
> msm_obj->flags = flags;
> msm_obj->madv = MSM_MADV_WILLNEED;
>
> - if (resv)
> - msm_obj->base.resv = resv;
> -
> INIT_LIST_HEAD(&msm_obj->submit_entry);
> INIT_LIST_HEAD(&msm_obj->vmas);
>
> diff --git a/drivers/gpu/drm/msm/msm_gem.h b/drivers/gpu/drm/msm/msm_gem.h
> index c5ac781dffee..812d1b1369a5 100644
> --- a/drivers/gpu/drm/msm/msm_gem.h
> +++ b/drivers/gpu/drm/msm/msm_gem.h
> @@ -86,10 +86,6 @@ struct msm_gem_object {
>
> struct llist_node freed;
>
> - /* normally (resv == &_resv) except for imported bo's */
> - struct reservation_object *resv;
> - struct reservation_object _resv;
> -
> /* For physically contiguous buffers. Used when we don't have
> * an IOMMU. Also used for stolen/splashscreen buffer.
> */
> --
> 2.20.1
>
next prev parent reply other threads:[~2019-05-13 20:32 UTC|newest]
Thread overview: 35+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-05-09 2:03 [PATCH RFC v2 0/6] ARM: qcom: initial Nexus 5 display support Brian Masney
2019-05-09 2:03 ` [PATCH v2 1/6] drm: msm: remove resv fields from msm_gem_object struct Brian Masney
2019-05-13 20:32 ` Bjorn Andersson [this message]
2019-05-13 22:25 ` Brian Masney
2019-05-09 2:03 ` [PATCH RFC v2 2/6] drm: msm: add dirty framebuffer helper Brian Masney
2019-05-09 2:03 ` [PATCH v2 3/6] ARM: qcom_defconfig: add display-related options Brian Masney
2019-05-09 2:03 ` Brian Masney
2019-05-09 2:03 ` [PATCH v2 4/6] ARM: dts: msm8974: add display support Brian Masney
2019-05-09 2:03 ` Brian Masney
2019-05-09 2:03 ` [PATCH v2 5/6] ARM: dts: qcom: msm8974-hammerhead: add support for backlight Brian Masney
2019-05-09 2:03 ` Brian Masney
2019-05-09 2:03 ` [PATCH v2 6/6] ARM: dts: qcom: msm8974-hammerhead: add support for display Brian Masney
2019-05-09 2:03 ` Brian Masney
2019-05-09 2:06 ` [PATCH RFC v2 0/6] ARM: qcom: initial Nexus 5 display support Brian Masney
2019-05-09 2:06 ` Brian Masney
2019-05-28 13:46 ` Linus Walleij
2019-05-29 1:17 ` Brian Masney
2019-05-29 1:32 ` [Freedreno] " Jeffrey Hugo
2019-05-29 1:32 ` Jeffrey Hugo
2019-05-29 1:37 ` [Freedreno] " Brian Masney
2019-05-29 1:42 ` Jeffrey Hugo
2019-05-29 2:46 ` Brian Masney
2019-05-29 2:46 ` Brian Masney
[not found] ` <CAOCk7NpC93ACr4jFm7SBOKSvFJSDhq2byX6BAYPX29BuYEkWnQ@mail.gmail.com>
[not found] ` <CAOCk7NpC93ACr4jFm7SBOKSvFJSDhq2byX6BAYPX29BuYEkWnQ-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2019-05-29 10:28 ` Brian Masney
2019-05-29 10:28 ` [Freedreno] " Brian Masney
2019-05-29 14:41 ` Jeffrey Hugo
2019-05-29 19:30 ` Brian Masney
2019-05-29 19:58 ` Jeffrey Hugo
2019-05-29 21:54 ` Brian Masney
2019-05-29 21:54 ` Brian Masney
2019-05-29 2:14 ` Rob Clark
2019-05-29 2:24 ` [Freedreno] " Jeffrey Hugo
2019-05-29 6:23 ` Linus Walleij
2019-05-29 9:41 ` Brian Masney
2019-05-29 9:41 ` Brian Masney
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190513203239.GA9527@builder \
--to=bjorn.andersson@linaro.org \
--cc=airlied@linux.ie \
--cc=daniel@ffwll.ch \
--cc=dri-devel@lists.freedesktop.org \
--cc=freedreno@lists.freedesktop.org \
--cc=jonathan@marek.ca \
--cc=linus.walleij@linaro.org \
--cc=linux-arm-msm@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=masneyb@onstation.org \
--cc=robdclark@gmail.com \
--cc=robh@kernel.org \
--cc=sean@poorly.run \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.