Merge "msm: kgsl: Protect the memdesc->gpuaddr in SVM use cases"

		kref_get(&entry->refcount);

	}

	atomic_set(&entry->map_count, 0);

	return entry;

}

	return true;

}

static int memdesc_sg_virt(struct kgsl_memdesc *memdesc)

static int memdesc_sg_virt(struct kgsl_memdesc *memdesc, unsigned long useraddr)

{

	int ret = 0;

	long npages = 0, i;

	}

	down_read(&current->mm->mmap_sem);

	if (!check_vma(memdesc->useraddr, memdesc->size)) {

	if (!check_vma(useraddr, memdesc->size)) {

		up_read(&current->mm->mmap_sem);

		ret = -EFAULT;

		goto out;

	}

	npages = get_user_pages(memdesc->useraddr, sglen, write, pages, NULL);

	npages = get_user_pages(useraddr, sglen, write, pages, NULL);

	up_read(&current->mm->mmap_sem);

	ret = (npages < 0) ? (int)npages : 0;

	entry->memdesc.pagetable = pagetable;

	entry->memdesc.size = (uint64_t) size;

	entry->memdesc.useraddr = hostptr;

	entry->memdesc.flags |= (uint64_t)KGSL_MEMFLAGS_USERMEM_ADDR;

	if (kgsl_memdesc_use_cpu_map(&entry->memdesc)) {

		/* Register the address in the database */

		ret = kgsl_mmu_set_svm_region(pagetable,

			(uint64_t) entry->memdesc.useraddr, (uint64_t) size);

			(uint64_t) hostptr, (uint64_t) size);

		if (ret)

			return ret;

		entry->memdesc.gpuaddr = (uint64_t)  entry->memdesc.useraddr;

		entry->memdesc.gpuaddr = (uint64_t) hostptr;

	}

	return memdesc_sg_virt(&entry->memdesc);

	return memdesc_sg_virt(&entry->memdesc, hostptr);

}

#ifdef CONFIG_DMA_SHARED_BUFFER

		return ret;

	}

	/* Setup the user addr/cache mode for cache operations */

	entry->memdesc.useraddr = hostptr;

	/* Setup the cache mode for cache operations */

	_setup_cache_mode(entry, vma);

	if (kgsl_mmu_has_feature(device, KGSL_MMU_IO_COHERENT) &&

	param->flags = (unsigned int) entry->memdesc.flags;

	param->size = (size_t) entry->memdesc.size;

	param->mmapsize = (size_t) kgsl_memdesc_footprint(&entry->memdesc);

	param->useraddr = entry->memdesc.useraddr;

	/*

	 * Entries can have multiple user mappings so thre isn't any one address

	 * we can report. Plus, the user should already know their mappings, so

	 * there isn't any value in reporting it back to them.

	 */

	param->useraddr = 0;

	kgsl_mem_entry_put(entry);

	return result;

	param->flags = entry->memdesc.flags;

	param->size = entry->memdesc.size;

	param->va_len = kgsl_memdesc_footprint(&entry->memdesc);

	param->va_addr = (uint64_t) entry->memdesc.useraddr;

	/*

	 * Entries can have multiple user mappings so thre isn't any one address

	 * we can report. Plus, the user should already know their mappings, so

	 * there isn't any value in reporting it back to them.

	 */

	param->va_addr = 0;

	kgsl_mem_entry_put(entry);

	return 0;

	if (kgsl_mem_entry_get(entry) == 0)

		vma->vm_private_data = NULL;

	atomic_inc(&entry->map_count);

}

static vm_fault_t

	if (!entry)

		return;

	entry->memdesc.useraddr = 0;

	atomic64_sub(entry->memdesc.mapsize, &entry->priv->gpumem_mapped);

	entry->memdesc.mapsize = 0;

	/*

	 * Remove the memdesc from the mapped stat once all the mappings have

	 * gone away

	 */

	if (!atomic_dec_return(&entry->map_count))

		atomic64_sub(entry->memdesc.size, &entry->priv->gpumem_mapped);

	kgsl_mem_entry_put(entry);

}

		goto err_put;

	}

	if (entry->memdesc.useraddr != 0) {

	/* Don't allow ourselves to remap user memory */

	if (entry->memdesc.flags & KGSL_MEMFLAGS_USERMEM_ADDR) {

		ret = -EBUSY;

		goto err_put;

	}

{

	int ret;

	/*

	 * Protect access to the gpuaddr here to prevent multiple vmas from

	 * trying to map a SVM region at the same time

	 */

	spin_lock(&entry->memdesc.lock);

	if (entry->memdesc.gpuaddr) {

		spin_unlock(&entry->memdesc.lock);

		return (unsigned long) -EBUSY;

	}

	ret = kgsl_mmu_set_svm_region(private->pagetable, (uint64_t) addr,

		(uint64_t) size);

	if (ret != 0)

		return ret;

	if (ret != 0) {

		spin_unlock(&entry->memdesc.lock);

		return (unsigned long) ret;

	}

	entry->memdesc.gpuaddr = (uint64_t) addr;

	spin_unlock(&entry->memdesc.lock);

	entry->memdesc.pagetable = private->pagetable;

	ret = kgsl_mmu_map(private->pagetable, &entry->memdesc);

	if (ret) {

		kgsl_mmu_put_gpuaddr(&entry->memdesc);

		return ret;

		return (unsigned long) ret;

	}

	kgsl_memfree_purge(private->pagetable, entry->memdesc.gpuaddr,

			ret = set_svm_area(file, entry, iova, len, flags);

			if (!IS_ERR_VALUE(ret))

				return ret;

			/*

			 * set_svm_area will return -EBUSY if we tried to set up

			 * SVM on an object that already has a GPU address. If

			 * that happens don't bother walking the rest of the

			 * region

			 */

			if ((long) ret == -EBUSY)

				return -EBUSY;

		}

		iova = kgsl_mmu_find_svm_region(private->pagetable,

	vma->vm_file = file;

	entry->memdesc.useraddr = vma->vm_start;

	atomic64_add(entry->memdesc.size, &entry->priv->gpumem_mapped);

	entry->memdesc.mapsize += entry->memdesc.size;

	atomic64_add(entry->memdesc.mapsize, &entry->priv->gpumem_mapped);

	atomic_inc(&entry->map_count);

	trace_kgsl_mem_mmap(entry);

	trace_kgsl_mem_mmap(entry, vma->vm_start);

	return 0;

}

 * @pagetable: Pointer to the pagetable that the object is mapped in

 * @hostptr: Kernel virtual address

 * @hostptr_count: Number of threads using hostptr

 * @useraddr: User virtual address (if applicable)

 * @gpuaddr: GPU virtual address

 * @physaddr: Physical address of the memory object

 * @size: Size of the memory object

 * @mapsize: Size of memory mapped in userspace

 * @priv: Internal flags and settings

 * @sgt: Scatter gather table for allocated pages

 * @ops: Function hooks for the memdesc memory type

	struct kgsl_pagetable *pagetable;

	void *hostptr;

	unsigned int hostptr_count;

	unsigned long useraddr;

	uint64_t gpuaddr;

	phys_addr_t physaddr;

	uint64_t size;

	uint64_t mapsize;

	unsigned int priv;

	struct sg_table *sgt;

	const struct kgsl_memdesc_ops *ops;

	unsigned long attrs;

	struct page **pages;

	unsigned int page_count;

	/*

	 * @lock: Spinlock to protect the gpuaddr from being accessed by

	 * multiple entities trying to map the same SVM region at once

	 */

	spinlock_t lock;

};

/**

	 * userspace

	 */

	u64 mapped;

	/**

	 * @map_count: Count how many vmas this object is mapped in - used for

	 * debugfs accounting

	 */

	atomic_t map_count;

};

struct kgsl_device_private;

	flags[3] = get_alignflag(m);

	flags[4] = get_cacheflag(m);

	flags[5] = kgsl_memdesc_use_cpu_map(m) ? 'p' : '-';

	flags[6] = (m->useraddr) ? 'Y' : 'N';

	/* Show Y if at least one vma has this entry mapped (could be multiple) */

	flags[6] = atomic_read(&entry->map_count) ? 'Y' : 'N';

	flags[7] = kgsl_memdesc_is_secured(m) ?  's' : '-';

	flags[8] = '-';

	flags[9] = '\0';

	seq_printf(s, "%pK %pK %16llu %5d %9s %10s %16s %5d %16llu %6d %6d",

			(uint64_t *)(uintptr_t) m->gpuaddr,

			(unsigned long *) m->useraddr,

			m->size, entry->id, flags,

			/*

			 * Show zero for the useraddr - we can't reliably track

			 * that value for multiple vmas anyway

			 */

			0, m->size, entry->id, flags,

			memtype_str(usermem_type),

			usage, (m->sgt ? m->sgt->nents : 0), m->mapsize,

			usage, (m->sgt ? m->sgt->nents : 0), m->size,

			egl_surface_count, egl_image_count);

	if (entry->metadata[0] != 0)

		goto out;

	}

	/*

	 * This path is only called in a non-SVM path with locks so we can be

	 * sure we aren't racing with anybody so we don't need to worry about

	 * taking the lock

	 */

	ret = _insert_gpuaddr(pagetable, addr, size);

	if (ret == 0) {

		memdesc->gpuaddr = addr;

	if (PT_OP_VALID(pagetable, put_gpuaddr) && (unmap_fail == 0))

		pagetable->pt_ops->put_gpuaddr(memdesc);

	memdesc->pagetable = NULL;

	/*

	 * If SVM tries to take a GPU address it will lose the race until the

	 * gpuaddr returns to zero so we shouldn't need to worry about taking a

	 * lock here

	 */

	if (!kgsl_memdesc_is_global(memdesc))

		memdesc->gpuaddr = 0;

	memdesc->pagetable = NULL;

}

/**