Merge branch 'vmwgfx-fixes-4.11' of git://people.freedesktop.org/~thomash/linux into drm-fixes (84c4ba54) · Commits · e / devices / android_kernel_fairphone_FP4

drivers/gpu/drm/ttm/ttm_object.c

+8 −6

Original line number	Diff line number	Diff line
		@@ -179,7 +179,7 @@ int ttm_base_object_init(struct ttm_object_file *tfile,
		if (unlikely(ret != 0))
		goto out_err0;

		ret = ttm_ref_object_add(tfile, base, TTM_REF_USAGE, NULL);
		ret = ttm_ref_object_add(tfile, base, TTM_REF_USAGE, NULL, false);
		if (unlikely(ret != 0))
		goto out_err1;

		@@ -318,7 +318,8 @@ EXPORT_SYMBOL(ttm_ref_object_exists);

		int ttm_ref_object_add(struct ttm_object_file *tfile,
		struct ttm_base_object *base,
		enum ttm_ref_type ref_type, bool *existed)
		enum ttm_ref_type ref_type, bool *existed,
		bool require_existed)
		{
		struct drm_open_hash *ht = &tfile->ref_hash[ref_type];
		struct ttm_ref_object *ref;
		@@ -345,6 +346,9 @@ int ttm_ref_object_add(struct ttm_object_file *tfile,
		}

		rcu_read_unlock();
		if (require_existed)
		return -EPERM;

		ret = ttm_mem_global_alloc(mem_glob, sizeof(*ref),
		false, false);
		if (unlikely(ret != 0))
		@@ -449,10 +453,10 @@ void ttm_object_file_release(struct ttm_object_file **p_tfile)
		ttm_ref_object_release(&ref->kref);
		}

		spin_unlock(&tfile->lock);
		for (i = 0; i < TTM_REF_NUM; ++i)
		drm_ht_remove(&tfile->ref_hash[i]);

		spin_unlock(&tfile->lock);
		ttm_object_file_unref(&tfile);
		}
		EXPORT_SYMBOL(ttm_object_file_release);
		@@ -529,9 +533,7 @@ void ttm_object_device_release(struct ttm_object_device **p_tdev)

		*p_tdev = NULL;

		spin_lock(&tdev->object_lock);
		drm_ht_remove(&tdev->object_hash);
		spin_unlock(&tdev->object_lock);

		kfree(tdev);
		}
		@@ -635,7 +637,7 @@ int ttm_prime_fd_to_handle(struct ttm_object_file *tfile,
		prime = (struct ttm_prime_object *) dma_buf->priv;
		base = &prime->base;
		*handle = base->hash.key;
		ret = ttm_ref_object_add(tfile, base, TTM_REF_USAGE, NULL);
		ret = ttm_ref_object_add(tfile, base, TTM_REF_USAGE, NULL, false);

		dma_buf_put(dma_buf);

drivers/gpu/drm/vmwgfx/vmwgfx_fence.c

+50 −29

Original line number	Diff line number	Diff line
		@@ -701,6 +701,41 @@ void vmw_fence_fifo_up(struct vmw_fence_manager *fman)
		}


		/**
		* vmw_fence_obj_lookup - Look up a user-space fence object
		*
		* @tfile: A struct ttm_object_file identifying the caller.
		* @handle: A handle identifying the fence object.
		* @return: A struct vmw_user_fence base ttm object on success or
		* an error pointer on failure.
		*
		* The fence object is looked up and type-checked. The caller needs
		* to have opened the fence object first, but since that happens on
		* creation and fence objects aren't shareable, that's not an
		* issue currently.
		*/
		static struct ttm_base_object *
		vmw_fence_obj_lookup(struct ttm_object_file *tfile, u32 handle)
		{
		struct ttm_base_object *base = ttm_base_object_lookup(tfile, handle);

		if (!base) {
		pr_err("Invalid fence object handle 0x%08lx.\n",
		(unsigned long)handle);
		return ERR_PTR(-EINVAL);
		}

		if (base->refcount_release != vmw_user_fence_base_release) {
		pr_err("Invalid fence object handle 0x%08lx.\n",
		(unsigned long)handle);
		ttm_base_object_unref(&base);
		return ERR_PTR(-EINVAL);
		}

		return base;
		}


		int vmw_fence_obj_wait_ioctl(struct drm_device dev, void data,
		struct drm_file *file_priv)
		{
		@@ -726,13 +761,9 @@ int vmw_fence_obj_wait_ioctl(struct drm_device dev, void data,
		arg->kernel_cookie = jiffies + wait_timeout;
		}

		base = ttm_base_object_lookup(tfile, arg->handle);
		if (unlikely(base == NULL)) {
		printk(KERN_ERR "Wait invalid fence object handle "
		"0x%08lx.\n",
		(unsigned long)arg->handle);
		return -EINVAL;
		}
		base = vmw_fence_obj_lookup(tfile, arg->handle);
		if (IS_ERR(base))
		return PTR_ERR(base);

		fence = &(container_of(base, struct vmw_user_fence, base)->fence);

		@@ -771,13 +802,9 @@ int vmw_fence_obj_signaled_ioctl(struct drm_device dev, void data,
		struct ttm_object_file *tfile = vmw_fpriv(file_priv)->tfile;
		struct vmw_private *dev_priv = vmw_priv(dev);

		base = ttm_base_object_lookup(tfile, arg->handle);
		if (unlikely(base == NULL)) {
		printk(KERN_ERR "Fence signaled invalid fence object handle "
		"0x%08lx.\n",
		(unsigned long)arg->handle);
		return -EINVAL;
		}
		base = vmw_fence_obj_lookup(tfile, arg->handle);
		if (IS_ERR(base))
		return PTR_ERR(base);

		fence = &(container_of(base, struct vmw_user_fence, base)->fence);
		fman = fman_from_fence(fence);
		@@ -1024,6 +1051,7 @@ int vmw_fence_event_ioctl(struct drm_device dev, void data,
		(struct drm_vmw_fence_event_arg *) data;
		struct vmw_fence_obj *fence = NULL;
		struct vmw_fpriv *vmw_fp = vmw_fpriv(file_priv);
		struct ttm_object_file *tfile = vmw_fp->tfile;
		struct drm_vmw_fence_rep __user *user_fence_rep =
		(struct drm_vmw_fence_rep __user *)(unsigned long)
		arg->fence_rep;
		@@ -1037,24 +1065,18 @@ int vmw_fence_event_ioctl(struct drm_device dev, void data,
		*/
		if (arg->handle) {
		struct ttm_base_object *base =
		ttm_base_object_lookup_for_ref(dev_priv->tdev,
		arg->handle);
		vmw_fence_obj_lookup(tfile, arg->handle);

		if (IS_ERR(base))
		return PTR_ERR(base);

		if (unlikely(base == NULL)) {
		DRM_ERROR("Fence event invalid fence object handle "
		"0x%08lx.\n",
		(unsigned long)arg->handle);
		return -EINVAL;
		}
		fence = &(container_of(base, struct vmw_user_fence,
		base)->fence);
		(void) vmw_fence_obj_reference(fence);

		if (user_fence_rep != NULL) {
		bool existed;

		ret = ttm_ref_object_add(vmw_fp->tfile, base,
		TTM_REF_USAGE, &existed);
		TTM_REF_USAGE, NULL, false);
		if (unlikely(ret != 0)) {
		DRM_ERROR("Failed to reference a fence "
		"object.\n");
		@@ -1097,8 +1119,7 @@ int vmw_fence_event_ioctl(struct drm_device dev, void data,
		return 0;
		out_no_create:
		if (user_fence_rep != NULL)
		ttm_ref_object_base_unref(vmw_fpriv(file_priv)->tfile,
		handle, TTM_REF_USAGE);
		ttm_ref_object_base_unref(tfile, handle, TTM_REF_USAGE);
		out_no_ref_obj:
		vmw_fence_obj_unreference(&fence);
		return ret;

drivers/gpu/drm/vmwgfx/vmwgfx_ioctl.c

+1 −3

Original line number	Diff line number	Diff line
		@@ -114,8 +114,6 @@ int vmw_getparam_ioctl(struct drm_device dev, void data,
		param->value = dev_priv->has_dx;
		break;
		default:
		DRM_ERROR("Illegal vmwgfx get param request: %d\n",
		param->param);
		return -EINVAL;
		}

		@@ -186,7 +184,7 @@ int vmw_get_cap_3d_ioctl(struct drm_device dev, void data,
		bool gb_objects = !!(dev_priv->capabilities & SVGA_CAP_GBOBJECTS);
		struct vmw_fpriv *vmw_fp = vmw_fpriv(file_priv);

		if (unlikely(arg->pad64 != 0)) {
		if (unlikely(arg->pad64 != 0 \|\| arg->max_size == 0)) {
		DRM_ERROR("Illegal GET_3D_CAP argument.\n");
		return -EINVAL;
		}

drivers/gpu/drm/vmwgfx/vmwgfx_resource.c

+2 −2

Original line number	Diff line number	Diff line
		@@ -589,7 +589,7 @@ static int vmw_user_dmabuf_synccpu_grab(struct vmw_user_dma_buffer *user_bo,
		return ret;

		ret = ttm_ref_object_add(tfile, &user_bo->prime.base,
		TTM_REF_SYNCCPU_WRITE, &existed);
		TTM_REF_SYNCCPU_WRITE, &existed, false);
		if (ret != 0 \|\| existed)
		ttm_bo_synccpu_write_release(&user_bo->dma.base);

		@@ -773,7 +773,7 @@ int vmw_user_dmabuf_reference(struct ttm_object_file *tfile,

		*handle = user_bo->prime.base.hash.key;
		return ttm_ref_object_add(tfile, &user_bo->prime.base,
		TTM_REF_USAGE, NULL);
		TTM_REF_USAGE, NULL, false);
		}

		/*

drivers/gpu/drm/vmwgfx/vmwgfx_surface.c

+15 −16

Original line number	Diff line number	Diff line
		@@ -713,11 +713,14 @@ int vmw_surface_define_ioctl(struct drm_device dev, void data,
		128;

		num_sizes = 0;
		for (i = 0; i < DRM_VMW_MAX_SURFACE_FACES; ++i)
		for (i = 0; i < DRM_VMW_MAX_SURFACE_FACES; ++i) {
		if (req->mip_levels[i] > DRM_VMW_MAX_MIP_LEVELS)
		return -EINVAL;
		num_sizes += req->mip_levels[i];
		}

		if (num_sizes > DRM_VMW_MAX_SURFACE_FACES *
		DRM_VMW_MAX_MIP_LEVELS)
		if (num_sizes > DRM_VMW_MAX_SURFACE_FACES * DRM_VMW_MAX_MIP_LEVELS \|\|
		num_sizes == 0)
		return -EINVAL;

		size = vmw_user_surface_size + 128 +
		@@ -891,17 +894,16 @@ vmw_surface_handle_reference(struct vmw_private *dev_priv,
		uint32_t handle;
		struct ttm_base_object *base;
		int ret;
		bool require_exist = false;

		if (handle_type == DRM_VMW_HANDLE_PRIME) {
		ret = ttm_prime_fd_to_handle(tfile, u_handle, &handle);
		if (unlikely(ret != 0))
		return ret;
		} else {
		if (unlikely(drm_is_render_client(file_priv))) {
		DRM_ERROR("Render client refused legacy "
		"surface reference.\n");
		return -EACCES;
		}
		if (unlikely(drm_is_render_client(file_priv)))
		require_exist = true;

		if (ACCESS_ONCE(vmw_fpriv(file_priv)->locked_master)) {
		DRM_ERROR("Locked master refused legacy "
		"surface reference.\n");
		@@ -929,17 +931,14 @@ vmw_surface_handle_reference(struct vmw_private *dev_priv,

		/*
		* Make sure the surface creator has the same
		* authenticating master.
		* authenticating master, or is already registered with us.
		*/
		if (drm_is_primary_client(file_priv) &&
		user_srf->master != file_priv->master) {
		DRM_ERROR("Trying to reference surface outside of"
		" master domain.\n");
		ret = -EACCES;
		goto out_bad_resource;
		}
		user_srf->master != file_priv->master)
		require_exist = true;

		ret = ttm_ref_object_add(tfile, base, TTM_REF_USAGE, NULL);
		ret = ttm_ref_object_add(tfile, base, TTM_REF_USAGE, NULL,
		require_exist);
		if (unlikely(ret != 0)) {
		DRM_ERROR("Could not add a reference to a surface.\n");
		goto out_bad_resource;