From patchwork Tue Jul 7 09:03:36 2015 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Daniel Kurtz X-Patchwork-Id: 6731391 Return-Path: X-Original-To: patchwork-dri-devel@patchwork.kernel.org Delivered-To: patchwork-parsemail@patchwork1.web.kernel.org Received: from mail.kernel.org (mail.kernel.org [198.145.29.136]) by patchwork1.web.kernel.org (Postfix) with ESMTP id A26EB9F319 for ; Tue, 7 Jul 2015 09:03:57 +0000 (UTC) Received: from mail.kernel.org (localhost [127.0.0.1]) by mail.kernel.org (Postfix) with ESMTP id B7AAC206D0 for ; Tue, 7 Jul 2015 09:03:56 +0000 (UTC) Received: from gabe.freedesktop.org (gabe.freedesktop.org [131.252.210.177]) by mail.kernel.org (Postfix) with ESMTP id 4FDAB206A5 for ; Tue, 7 Jul 2015 09:03:52 +0000 (UTC) Received: from gabe.freedesktop.org (localhost [127.0.0.1]) by gabe.freedesktop.org (Postfix) with ESMTP id 7B4416E227; Tue, 7 Jul 2015 02:03:51 -0700 (PDT) X-Original-To: dri-devel@lists.freedesktop.org Delivered-To: dri-devel@lists.freedesktop.org Received: from mail-pd0-f178.google.com (mail-pd0-f178.google.com [209.85.192.178]) by gabe.freedesktop.org (Postfix) with ESMTPS id 191FF6E227 for ; Tue, 7 Jul 2015 02:03:50 -0700 (PDT) Received: by pddu5 with SMTP id u5so34833650pdd.3 for ; Tue, 07 Jul 2015 02:03:49 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=from:to:cc:subject:date:message-id; bh=7N9F2DatvkFTL4FbpOKv/pJ97XplTMhGg8XcXJ395wc=; b=RRRvvqrII/W7Xw5L+f1zJHYNZ5mR7xLcRfFhXg5KA6iT3SERlnc9YSKgf2ZunJ5khx IMdm/HXSPguuP5DxPzyTh46wzxxMm9PFP9cgXLeMreDD+ekz7jEeU/G+4aHsAUvskiTC KlK9QS43I5sKFCi7gd8vTDc5vcv/UcuVUG5Wo= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:from:to:cc:subject:date:message-id; bh=7N9F2DatvkFTL4FbpOKv/pJ97XplTMhGg8XcXJ395wc=; b=IL0PjAW+vSl0LB+9F67imjX8M4AfLtMAOXtEUuGCmyAGo9dU311NrrmJabB716ElnG Zh8o1THv9Jsir4fq1F96wk4Qj7QeJVkARVwo/s05iotDWwAyfcn9JH4yuX+OSRsf2tpV dAZGZTzA4C43VAMj4PQVm0l5Fr+6R56mw+0xML1p/vfpVVTLuep77tDJGwGMU7Puj0CZ Qul+UXMrUG1v2ohpoURMCLlKBWW1PuHTE8FfXh6WbWSvru+Rqi2j6YPsCuySnhXSxYfc mQAzLvWbFNx/BLP51DZMg9vspp/VQO49K8fRAQWkeU0WQz0fNpLIrz4drS0vCSt9NvFB SjjA== X-Gm-Message-State: ALoCoQkwD8qew4Zr7i0q+IEeAUc7FRyzLAiyowfynAABgqAmRD5Lb1ArkoBdL4Q1sy/llPwwptsi X-Received: by 10.70.38.231 with SMTP id j7mr6932055pdk.146.1436259829577; Tue, 07 Jul 2015 02:03:49 -0700 (PDT) Received: from djkurtz1.tpe.corp.google.com ([172.30.210.4]) by mx.google.com with ESMTPSA id ph4sm21106555pdb.43.2015.07.07.02.03.46 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Tue, 07 Jul 2015 02:03:48 -0700 (PDT) From: Daniel Kurtz To: Subject: [PATCH] drm/rockchip: use drm_gem_mmap helpers Date: Tue, 7 Jul 2015 17:03:36 +0800 Message-Id: <1436259816-31090-1-git-send-email-djkurtz@chromium.org> X-Mailer: git-send-email 2.4.3.573.g4eafbef Cc: Kees Cook , Daniel Vetter , "open list:DRM DRIVERS FOR ROCKCHIP" , Douglas Anderson , stable@vger.kernel.org, open list , "open list:ARM/Rockchip SoC support" , "moderated list:ARM/Rockchip SoC support" X-BeenThere: dri-devel@lists.freedesktop.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: Direct Rendering Infrastructure - Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: dri-devel-bounces@lists.freedesktop.org Sender: "dri-devel" X-Spam-Status: No, score=-4.9 required=5.0 tests=BAYES_00,DKIM_SIGNED, RCVD_IN_DNSWL_MED,RP_MATCHES_RCVD,T_DKIM_INVALID,UNPARSEABLE_RELAY autolearn=unavailable version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on mail.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP Rather than (incompletely [0]) re-implementing drm_gem_mmap() and drm_gem_mmap_obj() helpers, call them directly from the rockchip mmap routines. Once the core functions return successfully, the rockchip mmap routines can still use dma_mmap_attrs() to simply mmap the entire buffer. [0] Previously, we were performing the mmap() without first taking a reference on the underlying gem buffer. This could leak ptes if the gem object is destroyed while userspace is still holding the mapping. Signed-off-by: Daniel Kurtz Reviewed-by: Daniel Vetter Cc: stable@vger.kernel.org --- drivers/gpu/drm/rockchip/rockchip_drm_gem.c | 67 +++++++++++++++-------------- 1 file changed, 34 insertions(+), 33 deletions(-) diff --git a/drivers/gpu/drm/rockchip/rockchip_drm_gem.c b/drivers/gpu/drm/rockchip/rockchip_drm_gem.c index eb2282c..eba5f8a 100644 --- a/drivers/gpu/drm/rockchip/rockchip_drm_gem.c +++ b/drivers/gpu/drm/rockchip/rockchip_drm_gem.c @@ -54,55 +54,56 @@ static void rockchip_gem_free_buf(struct rockchip_gem_object *rk_obj) &rk_obj->dma_attrs); } -int rockchip_gem_mmap_buf(struct drm_gem_object *obj, - struct vm_area_struct *vma) +static int rockchip_drm_gem_object_mmap(struct drm_gem_object *obj, + struct vm_area_struct *vma) + { + int ret; struct rockchip_gem_object *rk_obj = to_rockchip_obj(obj); struct drm_device *drm = obj->dev; - unsigned long vm_size; - vma->vm_flags |= VM_IO | VM_DONTEXPAND | VM_DONTDUMP; - vm_size = vma->vm_end - vma->vm_start; - - if (vm_size > obj->size) - return -EINVAL; + /* + * dma_alloc_attrs() allocated a struct page table for rk_obj, so clear + * VM_PFNMAP flag that was set by drm_gem_mmap_obj()/drm_gem_mmap(). + */ + vma->vm_flags &= ~VM_PFNMAP; - return dma_mmap_attrs(drm->dev, vma, rk_obj->kvaddr, rk_obj->dma_addr, + ret = dma_mmap_attrs(drm->dev, vma, rk_obj->kvaddr, rk_obj->dma_addr, obj->size, &rk_obj->dma_attrs); + if (ret) + drm_gem_vm_close(vma); + + return ret; } -/* drm driver mmap file operations */ -int rockchip_gem_mmap(struct file *filp, struct vm_area_struct *vma) +int rockchip_gem_mmap_buf(struct drm_gem_object *obj, + struct vm_area_struct *vma) { - struct drm_file *priv = filp->private_data; - struct drm_device *dev = priv->minor->dev; - struct drm_gem_object *obj; - struct drm_vma_offset_node *node; + struct drm_device *drm = obj->dev; int ret; - if (drm_device_is_unplugged(dev)) - return -ENODEV; + mutex_lock(&drm->struct_mutex); + ret = drm_gem_mmap_obj(obj, obj->size, vma); + mutex_unlock(&drm->struct_mutex); + if (ret) + return ret; - mutex_lock(&dev->struct_mutex); + return rockchip_drm_gem_object_mmap(obj, vma); +} - node = drm_vma_offset_exact_lookup(dev->vma_offset_manager, - vma->vm_pgoff, - vma_pages(vma)); - if (!node) { - mutex_unlock(&dev->struct_mutex); - DRM_ERROR("failed to find vma node.\n"); - return -EINVAL; - } else if (!drm_vma_node_is_allowed(node, filp)) { - mutex_unlock(&dev->struct_mutex); - return -EACCES; - } +/* drm driver mmap file operations */ +int rockchip_gem_mmap(struct file *filp, struct vm_area_struct *vma) +{ + struct drm_gem_object *obj; + int ret; - obj = container_of(node, struct drm_gem_object, vma_node); - ret = rockchip_gem_mmap_buf(obj, vma); + ret = drm_gem_mmap(filp, vma); + if (ret) + return ret; - mutex_unlock(&dev->struct_mutex); + obj = vma->vm_private_data; - return ret; + return rockchip_drm_gem_object_mmap(obj, vma); } struct rockchip_gem_object *