On Fri, 31 May 2019 14:54:54 +0200
Tomeu Vizoso <tomeu@xxxxxxxxxxxxxxx> wrote:
> On Wed, 29 May 2019 at 11:18, Boris Brezillon
> <boris.brezillon@xxxxxxxxxxxxx> wrote:
> >
> > mmu_ops->unmap() will fail when called on a BO that has not been
> > previously mapped, and the error path in panfrost_ioctl_create_bo()
> > can call drm_gem_object_put_unlocked() (which in turn calls
> > panfrost_mmu_unmap()) on a BO that has not been mapped yet.
> >
> > Keep track of the mapped/unmapped state to avoid such issues.
> >
> > Fixes: f3ba91228e8e ("drm/panfrost: Add initial panfrost driver")
> > Cc: <stable@xxxxxxxxxxxxxxx>
> > Signed-off-by: Boris Brezillon <boris.brezillon@xxxxxxxxxxxxx>
> > ---
> > drivers/gpu/drm/panfrost/panfrost_gem.h | 1 +
> > drivers/gpu/drm/panfrost/panfrost_mmu.c | 8 ++++++++
> > 2 files changed, 9 insertions(+)
> >
> > diff --git a/drivers/gpu/drm/panfrost/panfrost_gem.h b/drivers/gpu/drm/panfrost/panfrost_gem.h
> > index 045000eb5fcf..6dbcaba020fc 100644
> > --- a/drivers/gpu/drm/panfrost/panfrost_gem.h
> > +++ b/drivers/gpu/drm/panfrost/panfrost_gem.h
> > @@ -11,6 +11,7 @@ struct panfrost_gem_object {
> > struct drm_gem_shmem_object base;
> >
> > struct drm_mm_node node;
> > + bool is_mapped;
> > };
> >
> > static inline
> > diff --git a/drivers/gpu/drm/panfrost/panfrost_mmu.c b/drivers/gpu/drm/panfrost/panfrost_mmu.c
> > index 762b1bd2a8c2..fb556aa89203 100644
> > --- a/drivers/gpu/drm/panfrost/panfrost_mmu.c
> > +++ b/drivers/gpu/drm/panfrost/panfrost_mmu.c
> > @@ -156,6 +156,9 @@ int panfrost_mmu_map(struct panfrost_gem_object *bo)
> > struct sg_table *sgt;
> > int ret;
> >
> > + if (bo->is_mapped)
> > + return 0;
>
> In what circumstances we want to silently go on? I would expect that
> for this function to be called when the BO has been mapped already
> would mean that we have a bug in the kernel, so why not a WARN?
>
> > +
> > sgt = drm_gem_shmem_get_pages_sgt(obj);
> > if (WARN_ON(IS_ERR(sgt)))
> > return PTR_ERR(sgt);
> > @@ -189,6 +192,7 @@ int panfrost_mmu_map(struct panfrost_gem_object *bo)
> >
> > pm_runtime_mark_last_busy(pfdev->dev);
> > pm_runtime_put_autosuspend(pfdev->dev);
> > + bo->is_mapped = true;
> >
> > return 0;
> > }
> > @@ -203,6 +207,9 @@ void panfrost_mmu_unmap(struct panfrost_gem_object *bo)
> > size_t unmapped_len = 0;
> > int ret;
> >
> > + if (!bo->is_mapped)
> > + return;
>
> Similarly, I think that what we should do is not to call
> panfrost_mmu_unmap when a BO is freed if we know it isn't mapped. And
> probably add a WARN here if it still gets called when the BO isn't
> mapped.
Okay, will add WARN_ON()s and add a check in the caller.
