On 2021-08-11 7:55 p.m., Mark Yacoub wrote: > From: Mark Yacoub <markyacoub@xxxxxxxxxx> > > [Why] > Userspace should get back a copy of the request that's been modified > even when drm_wait_vblank_ioctl returns a failure. > > Rationale: > drm_wait_vblank_ioctl modifies the request and expects the user to read > back. When the type is RELATIVE, it modifies it to ABSOLUTE and updates > the sequence to become current_vblank_count + sequence (which was > relative), not it becomes absolute. > drmWaitVBlank (in libdrm), expects this to be the case as it modifies > the request to be Absolute as it expects the sequence to would have been > updated. > > The change is in compat_drm_wait_vblank, which is called by > drm_compat_ioctl. This change of copying the data back regardless of the > return number makes it en par with drm_ioctl, which always copies the > data before returning. > > [How] > Copy the drm_wait_vblank request. > Return from the function after everything has been copied to user. > > Fixes: IGT:kms_flip::modeset-vs-vblank-race-interruptible > Tested on ChromeOS Trogdor(msm) > > Signed-off-by: Mark Yacoub <markyacoub@xxxxxxxxxxxx> > --- > drivers/gpu/drm/drm_ioc32.c | 8 +++++--- > 1 file changed, 5 insertions(+), 3 deletions(-) > > diff --git a/drivers/gpu/drm/drm_ioc32.c b/drivers/gpu/drm/drm_ioc32.c > index d29907955ff79..275b860df8fbe 100644 > --- a/drivers/gpu/drm/drm_ioc32.c > +++ b/drivers/gpu/drm/drm_ioc32.c > @@ -855,17 +855,19 @@ static int compat_drm_wait_vblank(struct file *file, unsigned int cmd, > req.request.sequence = req32.request.sequence; > req.request.signal = req32.request.signal; > err = drm_ioctl_kernel(file, drm_wait_vblank_ioctl, &req, DRM_UNLOCKED); > - if (err) > - return err; > > req32.reply.type = req.reply.type; > req32.reply.sequence = req.reply.sequence; > req32.reply.tval_sec = req.reply.tval_sec; > req32.reply.tval_usec = req.reply.tval_usec; > + /* drm_wait_vblank_ioctl modifies Request, update their values here as well. */ > + req32.request.type = req.request.type; > + req32.request.sequence = req.request.sequence; > + req32.request.signal = req.request.signal; The added assignments are superfluous, since req32.reply and req32.request are members of the same union. > if (copy_to_user(argp, &req32, sizeof(req32))) > return -EFAULT; > > - return 0; > + return err; > } The other changes look correct. -- Earthling Michel Dänzer | https://redhat.com Libre software enthusiast | Mesa and X developer
