Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 4e67bee8 authored by Ben Skeggs's avatar Ben Skeggs
Browse files

drm/nouveau/vm: take subdev mutex, not the mm, protects against race with vm/nvc0 



nvc0_vm_flush() accesses the pgd list, which will soon be able to race
with vm_unlink() during channel destruction.

Signed-off-by: default avatarBen Skeggs <bskeggs@redhat.com>
parent 15cace59

drivers/gpu/drm/nouveau/core/subdev/vm/base.c

+17 −16
Original line number Original line Diff line number Diff line
@@ -236,9 +236,9 @@ nouveau_vm_unmap_pgt(struct nouveau_vm *vm, int big, u32 fpde, u32 lpde) 
			vmm->map_pgt(vpgd->obj, pde, vpgt->obj);

			vmm->map_pgt(vpgd->obj, pde, vpgt->obj);

		}

		}





		mutex_unlock(&vm->mm.mutex);

		mutex_unlock(&nv_subdev(vmm)->mutex);

		nouveau_gpuobj_ref(NULL, &pgt);

		nouveau_gpuobj_ref(NULL, &pgt);

		mutex_lock(&vm->mm.mutex);

		mutex_lock(&nv_subdev(vmm)->mutex);

	}

	}

}

}
@@ -256,18 +256,18 @@ nouveau_vm_map_pgt(struct nouveau_vm *vm, u32 pde, u32 type) 
	pgt_size  = (1 << (vmm->pgt_bits + 12)) >> type;

	pgt_size  = (1 << (vmm->pgt_bits + 12)) >> type;

	pgt_size *= 8;

	pgt_size *= 8;





	mutex_unlock(&vm->mm.mutex);

	mutex_unlock(&nv_subdev(vmm)->mutex);

	ret = nouveau_gpuobj_new(nv_object(vm->vmm), NULL, pgt_size, 0x1000,

	ret = nouveau_gpuobj_new(nv_object(vm->vmm), NULL, pgt_size, 0x1000,

				 NVOBJ_FLAG_ZERO_ALLOC, &pgt);

				 NVOBJ_FLAG_ZERO_ALLOC, &pgt);

	mutex_lock(&vm->mm.mutex);

	mutex_lock(&nv_subdev(vmm)->mutex);

	if (unlikely(ret))

	if (unlikely(ret))

		return ret;

		return ret;





	/* someone beat us to filling the PDE while we didn't have the lock */

	/* someone beat us to filling the PDE while we didn't have the lock */

	if (unlikely(vpgt->refcount[big]++)) {

	if (unlikely(vpgt->refcount[big]++)) {

		mutex_unlock(&vm->mm.mutex);

		mutex_unlock(&nv_subdev(vmm)->mutex);

		nouveau_gpuobj_ref(NULL, &pgt);

		nouveau_gpuobj_ref(NULL, &pgt);

		mutex_lock(&vm->mm.mutex);

		mutex_lock(&nv_subdev(vmm)->mutex);

		return 0;

		return 0;

	}

	}
@@ -289,11 +289,11 @@ nouveau_vm_get(struct nouveau_vm *vm, u64 size, u32 page_shift, 
	u32 fpde, lpde, pde;

	u32 fpde, lpde, pde;

	int ret;

	int ret;





	mutex_lock(&vm->mm.mutex);

	mutex_lock(&nv_subdev(vmm)->mutex);

	ret = nouveau_mm_head(&vm->mm, page_shift, msize, msize, align,

	ret = nouveau_mm_head(&vm->mm, page_shift, msize, msize, align,

			     &vma->node);

			     &vma->node);

	if (unlikely(ret != 0)) {

	if (unlikely(ret != 0)) {

		mutex_unlock(&vm->mm.mutex);

		mutex_unlock(&nv_subdev(vmm)->mutex);

		return ret;

		return ret;

	}

	}
@@ -314,11 +314,11 @@ nouveau_vm_get(struct nouveau_vm *vm, u64 size, u32 page_shift, 
			if (pde != fpde)

			if (pde != fpde)

				nouveau_vm_unmap_pgt(vm, big, fpde, pde - 1);

				nouveau_vm_unmap_pgt(vm, big, fpde, pde - 1);

			nouveau_mm_free(&vm->mm, &vma->node);

			nouveau_mm_free(&vm->mm, &vma->node);

			mutex_unlock(&vm->mm.mutex);

			mutex_unlock(&nv_subdev(vmm)->mutex);

			return ret;

			return ret;

		}

		}

	}

	}

	mutex_unlock(&vm->mm.mutex);

	mutex_unlock(&nv_subdev(vmm)->mutex);





	vma->vm     = vm;

	vma->vm     = vm;

	vma->offset = (u64)vma->node->offset << 12;

	vma->offset = (u64)vma->node->offset << 12;
@@ -338,10 +338,10 @@ nouveau_vm_put(struct nouveau_vma *vma) 
	fpde = (vma->node->offset >> vmm->pgt_bits);

	fpde = (vma->node->offset >> vmm->pgt_bits);

	lpde = (vma->node->offset + vma->node->length - 1) >> vmm->pgt_bits;

	lpde = (vma->node->offset + vma->node->length - 1) >> vmm->pgt_bits;





	mutex_lock(&vm->mm.mutex);

	mutex_lock(&nv_subdev(vmm)->mutex);

	nouveau_vm_unmap_pgt(vm, vma->node->type != vmm->spg_shift, fpde, lpde);

	nouveau_vm_unmap_pgt(vm, vma->node->type != vmm->spg_shift, fpde, lpde);

	nouveau_mm_free(&vm->mm, &vma->node);

	nouveau_mm_free(&vm->mm, &vma->node);

	mutex_unlock(&vm->mm.mutex);

	mutex_unlock(&nv_subdev(vmm)->mutex);

}

}





int

int
@@ -405,24 +405,25 @@ nouveau_vm_link(struct nouveau_vm *vm, struct nouveau_gpuobj *pgd) 




	nouveau_gpuobj_ref(pgd, &vpgd->obj);

	nouveau_gpuobj_ref(pgd, &vpgd->obj);





	mutex_lock(&vm->mm.mutex);

	mutex_lock(&nv_subdev(vmm)->mutex);

	for (i = vm->fpde; i <= vm->lpde; i++)

	for (i = vm->fpde; i <= vm->lpde; i++)

		vmm->map_pgt(pgd, i, vm->pgt[i - vm->fpde].obj);

		vmm->map_pgt(pgd, i, vm->pgt[i - vm->fpde].obj);

	list_add(&vpgd->head, &vm->pgd_list);

	list_add(&vpgd->head, &vm->pgd_list);

	mutex_unlock(&vm->mm.mutex);

	mutex_unlock(&nv_subdev(vmm)->mutex);

	return 0;

	return 0;

}

}





static void

static void

nouveau_vm_unlink(struct nouveau_vm *vm, struct nouveau_gpuobj *mpgd)

nouveau_vm_unlink(struct nouveau_vm *vm, struct nouveau_gpuobj *mpgd)

{

{

	struct nouveau_vmmgr *vmm = vm->vmm;

	struct nouveau_vm_pgd *vpgd, *tmp;

	struct nouveau_vm_pgd *vpgd, *tmp;

	struct nouveau_gpuobj *pgd = NULL;

	struct nouveau_gpuobj *pgd = NULL;





	if (!mpgd)

	if (!mpgd)

		return;

		return;





	mutex_lock(&vm->mm.mutex);

	mutex_lock(&nv_subdev(vmm)->mutex);

	list_for_each_entry_safe(vpgd, tmp, &vm->pgd_list, head) {

	list_for_each_entry_safe(vpgd, tmp, &vm->pgd_list, head) {

		if (vpgd->obj == mpgd) {

		if (vpgd->obj == mpgd) {

			pgd = vpgd->obj;

			pgd = vpgd->obj;
@@ -431,7 +432,7 @@ nouveau_vm_unlink(struct nouveau_vm *vm, struct nouveau_gpuobj *mpgd) 
			break;

			break;

		}

		}

	}

	}

	mutex_unlock(&vm->mm.mutex);

	mutex_unlock(&nv_subdev(vmm)->mutex);





	nouveau_gpuobj_ref(NULL, &pgd);

	nouveau_gpuobj_ref(NULL, &pgd);

}

}