samsung-sm8650/android_kernel_samsung_sm8650-modules
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

disp: msm: Fix a null pointer access in msm_gem_shrinker_count()

Browse Source 
This change moves the point at which msm_gem_object is added to
inactive list. Moving this ensures that initialization will be
complete before adding the object to the list. This change also
removes unused functions from msm_gem.c.

Change-Id: Id8fa04cc88a21e04108ae21b18d5acc761ef4c6e
Signed-off-by: Bruce Hoo <bingchua@codeaurora.org>
Signed-off-by: Jeykumar Sankaran <jsanka@codeaurora.org>
This commit is contained in:
Bruce Hoo
2021-10-13 09:33:48 +08:00
committed by Gerrit - the friendly Code Review server
parent bf0d2209a0
commit bfb91aa63f
1 changed files with 23 additions and 51 deletions
Download Patch File Download Diff File Expand all files Collapse all files

70
msm/msm_gem.c
View File

@@ -1085,10 +1085,8 @@ int msm_gem_new_handle(struct drm_device *dev, struct drm_file *file,
static int msm_gem_new_impl(struct drm_device *dev, static int msm_gem_new_impl(struct drm_device *dev,
uint32_t size, uint32_t flags, uint32_t size, uint32_t flags,
struct dma_resv *resv, struct dma_resv *resv,
struct drm_gem_object **obj, struct drm_gem_object **obj)
bool struct_mutex_locked)
{ {
struct msm_drm_private *priv = dev->dev_private;
struct msm_gem_object *msm_obj; struct msm_gem_object *msm_obj;
switch (flags & MSM_BO_CACHE_MASK) { switch (flags & MSM_BO_CACHE_MASK) {
@@ -1128,19 +1126,15 @@ static int msm_gem_new_impl(struct drm_device *dev,
msm_obj->in_active_list = false; msm_obj->in_active_list = false;
msm_obj->obj_dirty = false; msm_obj->obj_dirty = false;
mutex_lock(&priv->mm_lock);
list_add_tail(&msm_obj->mm_list, &priv->inactive_list);
mutex_unlock(&priv->mm_lock);
*obj = &msm_obj->base; *obj = &msm_obj->base;
return 0; return 0;
} }
static struct drm_gem_object *_msm_gem_new(struct drm_device *dev, struct drm_gem_object *msm_gem_new(struct drm_device *dev, uint32_t size, uint32_t flags)
uint32_t size, uint32_t flags, bool struct_mutex_locked)
{ {
struct msm_drm_private *priv = dev->dev_private; struct msm_drm_private *priv = dev->dev_private;
struct msm_gem_object *msm_obj;
struct drm_gem_object *obj = NULL; struct drm_gem_object *obj = NULL;
bool use_vram = false; bool use_vram = false;
int ret; int ret;
@@ -1161,14 +1155,15 @@ static struct drm_gem_object *_msm_gem_new(struct drm_device *dev,
if (size == 0) if (size == 0)
return ERR_PTR(-EINVAL); return ERR_PTR(-EINVAL);
ret = msm_gem_new_impl(dev, size, flags, NULL, &obj, struct_mutex_locked); ret = msm_gem_new_impl(dev, size, flags, NULL, &obj);
if (ret) if (ret)
goto fail; goto fail;
msm_obj = to_msm_bo(obj);
if (use_vram) { if (use_vram) {
struct msm_gem_vma *vma; struct msm_gem_vma *vma;
struct page **pages; struct page **pages;
struct msm_gem_object *msm_obj = to_msm_bo(obj);
mutex_lock(&msm_obj->lock); mutex_lock(&msm_obj->lock);
@@ -1196,6 +1191,10 @@ static struct drm_gem_object *_msm_gem_new(struct drm_device *dev,
goto fail; goto fail;
} }
mutex_lock(&dev->struct_mutex);
list_add_tail(&msm_obj->mm_list, &priv->inactive_list);
mutex_unlock(&dev->struct_mutex);
return obj; return obj;
fail: fail:
@@ -1203,18 +1202,6 @@ fail:
return ERR_PTR(ret); return ERR_PTR(ret);
} }
struct drm_gem_object *msm_gem_new_locked(struct drm_device *dev,
uint32_t size, uint32_t flags)
{
return _msm_gem_new(dev, size, flags, true);
}
struct drm_gem_object *msm_gem_new(struct drm_device *dev,
uint32_t size, uint32_t flags)
{
return _msm_gem_new(dev, size, flags, false);
}
int msm_gem_delayed_import(struct drm_gem_object *obj) int msm_gem_delayed_import(struct drm_gem_object *obj)
{ {
struct dma_buf_attachment *attach; struct dma_buf_attachment *attach;
@@ -1258,6 +1245,7 @@ fail_import:
struct drm_gem_object *msm_gem_import(struct drm_device *dev, struct drm_gem_object *msm_gem_import(struct drm_device *dev,
struct dma_buf *dmabuf, struct sg_table *sgt) struct dma_buf *dmabuf, struct sg_table *sgt)
{ {
struct msm_drm_private *priv = dev->dev_private;
struct msm_gem_object *msm_obj; struct msm_gem_object *msm_obj;
struct drm_gem_object *obj = NULL; struct drm_gem_object *obj = NULL;
uint32_t size; uint32_t size;
@@ -1266,8 +1254,7 @@ struct drm_gem_object *msm_gem_import(struct drm_device *dev,
size = PAGE_ALIGN(dmabuf->size); size = PAGE_ALIGN(dmabuf->size);
ret = msm_gem_new_impl(dev, size, MSM_BO_WC, dmabuf->resv, &obj, ret = msm_gem_new_impl(dev, size, MSM_BO_WC, dmabuf->resv, &obj);
false);
if (ret) if (ret)
goto fail; goto fail;
@@ -1294,6 +1281,11 @@ struct drm_gem_object *msm_gem_import(struct drm_device *dev,
DRM_ERROR("dma_buf_get_flags failure, err=%d\n", ret); DRM_ERROR("dma_buf_get_flags failure, err=%d\n", ret);
mutex_unlock(&msm_obj->lock); mutex_unlock(&msm_obj->lock);
mutex_lock(&dev->struct_mutex);
list_add_tail(&msm_obj->mm_list, &priv->inactive_list);
mutex_unlock(&dev->struct_mutex);
return obj; return obj;
fail: fail:
@@ -1301,12 +1293,12 @@ fail:
return ERR_PTR(ret); return ERR_PTR(ret);
} }
static void *_msm_gem_kernel_new(struct drm_device *dev, uint32_t size, void *msm_gem_kernel_new(struct drm_device *dev, uint32_t size,
uint32_t flags, struct msm_gem_address_space *aspace, uint32_t flags, struct msm_gem_address_space *aspace,
struct drm_gem_object **bo, uint64_t *iova, bool locked) struct drm_gem_object **bo, uint64_t *iova)
{ {
void *vaddr; void *vaddr;
struct drm_gem_object *obj = _msm_gem_new(dev, size, flags, locked); struct drm_gem_object *obj = msm_gem_new(dev, size, flags);
int ret; int ret;
if (IS_ERR(obj)) if (IS_ERR(obj))
@@ -1330,31 +1322,14 @@ static void *_msm_gem_kernel_new(struct drm_device *dev, uint32_t size,
return vaddr; return vaddr;
err: err:
if (locked)
drm_gem_object_put_locked(obj);
else
drm_gem_object_put(obj); drm_gem_object_put(obj);
return ERR_PTR(ret); return ERR_PTR(ret);
} }
void *msm_gem_kernel_new(struct drm_device *dev, uint32_t size,
uint32_t flags, struct msm_gem_address_space *aspace,
struct drm_gem_object **bo, uint64_t *iova)
{
return _msm_gem_kernel_new(dev, size, flags, aspace, bo, iova, false);
}
void *msm_gem_kernel_new_locked(struct drm_device *dev, uint32_t size,
uint32_t flags, struct msm_gem_address_space *aspace,
struct drm_gem_object **bo, uint64_t *iova)
{
return _msm_gem_kernel_new(dev, size, flags, aspace, bo, iova, true);
}
void msm_gem_kernel_put(struct drm_gem_object *bo, void msm_gem_kernel_put(struct drm_gem_object *bo,
struct msm_gem_address_space *aspace, bool locked) struct msm_gem_address_space *aspace)
{ {
if (IS_ERR_OR_NULL(bo)) if (IS_ERR_OR_NULL(bo))
return; return;
@@ -1362,9 +1337,6 @@ void msm_gem_kernel_put(struct drm_gem_object *bo,
msm_gem_put_vaddr(bo); msm_gem_put_vaddr(bo);
msm_gem_unpin_iova(bo, aspace); msm_gem_unpin_iova(bo, aspace);
if (locked)
drm_gem_object_put_locked(bo);
else
drm_gem_object_put(bo); drm_gem_object_put(bo);
} }