Commit Graph

4921 Commits

Author SHA1 Message Date
Karol Herbst
f706037c4e drm/nouveau/bios/vpstate: There are some fermi vbios with no boost or tdp entry
If the entry size is too small, default to invalid values for both
boost_id and tdp_id, so as to default to the base clock in both cases.

Signed-off-by: Karol Herbst <karolherbst@gmail.com>
Signed-off-by: Martin Peres <martin.peres@free.fr>
Signed-off-by: Ben Skeggs <bskeggs@redhat.com>
2018-07-16 18:06:29 +10:00
Mario Kleiner
2ae4c5f6ff drm/nouveau/kms/nv50-: Allow vblank_disable_immediate
With instantaneous high precision vblank timestamping
that updates at leading edge of vblank, the emulated
"hw vblank counter" from vblank timestamping, which
increments at leading edge of vblank, and reliable
page flip execution and completion at leading edge of
vblank, we should meet the requirements for fast/
immediate vblank irq disable/enable.

This is only allowed on nv50+ gpu's, ie. the ones with
atomic modesetting. One requirement for immediate vblank
disable is that high precision vblank timestamping works
reliably all the time on all connectors. This is not the
case on all pre-nv50 parts for analog VGA outputs, where we
currently don't always have support for scanout position
queries and therefore fall back to vblank interrupt
timestamping. The implementation in nv04_head_state() does
not return valid values for vblanks, vtotal, hblanks, htotal
for VGA outputs on all cards, but those are needed for scanout
position queries.

Testing on Linux-4.12-rc5 + drm-next on a GeForce 9500 GT
(NV G96) with timing measurement equipment indicates this
works fine, so allow immediate vblank disable for power
saving.

For debugging in case of unexpected trouble, booting
with kernel cmdline option drm.vblankoffdelay=0
(or echo 0 > /sys/module/drm/parameters/vblankoffdelay)
would keep vblank irqs permanently on to approximate old
behavior.

Signed-off-by: Mario Kleiner <mario.kleiner.de@gmail.com>
Signed-off-by: Ben Skeggs <bskeggs@redhat.com>
2018-07-16 18:06:29 +10:00
Ben Skeggs
6ec7aecf1f drm/nouveau/kms/nv50-: remove duplicate assignment
Signed-off-by: Ben Skeggs <bskeggs@redhat.com>
2018-07-16 18:06:29 +10:00
kbuild test robot
01981aeb47 drm/nouveau/kms/nv50-: fix drm-get-put.cocci warnings
Use drm_*_get() and drm_*_put() helpers instead of drm_*_reference() and
 drm_*_unreference() helpers.

Generated by: scripts/coccinelle/api/drm-get-put.cocci

Fixes: 30ed49b55b ("drm/nouveau/kms/nv50-: move code underneath dispnv50/")
Signed-off-by: kbuild test robot <fengguang.wu@intel.com>
Signed-off-by: Julia Lawall <julia.lawall@lip6.fr>
Signed-off-by: Ben Skeggs <bskeggs@redhat.com>
2018-07-16 18:06:29 +10:00
Ben Skeggs
7a26c92367 drm/nouveau/disp/nv50-gp10x: fix coverity warning
Change values to u32, there's no need for them to be 64-bit.

Reported-by: Colin Ian King <colin.king@canonical.com>
Suggested-by: Ilia Mirkin <imirkin@alum.mit.edu>
Signed-off-by: Ben Skeggs <bskeggs@redhat.com>
2018-07-16 18:06:29 +10:00
Ben Skeggs
f7fbbf2cca drm/nouveau/core: ERR_PTR vs NULL bug in nvkm_engine_info()
Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Ben Skeggs <bskeggs@redhat.com>
2018-07-16 18:06:29 +10:00
Jérôme Glisse
f0fffeeb14 drm/nouveau/mmu/gp10b: remove ghost file
This ghost file have been haunting us.

Signed-off-by: Jérôme Glisse <jglisse@redhat.com>
Signed-off-by: Ben Skeggs <bskeggs@redhat.com>
2018-07-16 18:06:29 +10:00
Nicolas Chauvet
3c9f27eeed drm/nouveau/secboot/tegra: Enable gp20b/gp10b firmware tag when relevant
This allows to have the related MODULE_FIRMWARE tag only
on relevant arch (arm64).
This will saves about 400k on initramfs when not relevant

Signed-off-by: Nicolas Chauvet <kwizart@gmail.com>
Acked-by: Thierry Reding <treding@nvidia.com>
Signed-off-by: Ben Skeggs <bskeggs@redhat.com>
2018-07-16 18:06:29 +10:00
Ben Skeggs
60cda66572 drm/nouveau/fault/gv100: fix fault buffer initialisation
Not sure how this happened, it worked last time I tested it!

Signed-off-by: Ben Skeggs <bskeggs@redhat.com>
2018-07-16 18:06:28 +10:00
Ben Skeggs
bdf4424dc3 drm/nouveau/gr/gv100: handle multiple SM-per-TPC for shader exceptions
Signed-off-by: Ben Skeggs <bskeggs@redhat.com>
2018-07-16 18:06:28 +10:00
Lyude Paul
eb493fbc15 drm/nouveau: Set DRIVER_ATOMIC cap earlier to fix debugfs
Currently nouveau doesn't actually expose the state debugfs file that's
usually provided for any modesetting driver that supports atomic, even
if nouveau is loaded with atomic=1. This is due to the fact that the
standard debugfs files that DRM creates for atomic drivers is called
when drm_get_pci_dev() is called from nouveau_drm.c. This happens well
before we've initialized the display core, which is currently
responsible for setting the DRIVER_ATOMIC cap.

So, move the atomic option into nouveau_drm.c and just add the
DRIVER_ATOMIC cap whenever it's enabled on the kernel commandline. This
shouldn't cause any actual issues, as the atomic ioctl will still fail
as expected even if the display core doesn't disable it until later in
the init sequence. This also provides the added benefit of being able to
use the state debugfs file to check the current display state even if
clients aren't allowed to modify it through anything other than the
legacy ioctls.

Additionally, disable the DRIVER_ATOMIC cap in nv04's display core, as
this was already disabled there previously.

Signed-off-by: Lyude Paul <lyude@redhat.com>
Cc: stable@vger.kernel.org
Signed-off-by: Ben Skeggs <bskeggs@redhat.com>
2018-07-16 17:59:59 +10:00
Lyude Paul
68fe23a626 drm/nouveau: Remove bogus crtc check in pmops_runtime_idle
This both uses the legacy modesetting structures in a racy manner, and
additionally also doesn't even check the right variable (enabled != the
CRTC is actually turned on for atomic).

This fixes issues on my P50 regarding the dedicated GPU not entering
runtime suspend.

Signed-off-by: Lyude Paul <lyude@redhat.com>
Cc: stable@vger.kernel.org
Reviewed-by: Daniel Vetter <daniel.vetter@ffwll.ch>
Signed-off-by: Ben Skeggs <bskeggs@redhat.com>
2018-07-16 17:59:59 +10:00
Lyude Paul
e5d54f1935 drm/nouveau/drm/nouveau: Fix runtime PM leak in nv50_disp_atomic_commit()
A CRTC being enabled doesn't mean it's on! It doesn't even necessarily
mean it's being used. This fixes runtime PM leaks on the P50 I've got
next to me.

Signed-off-by: Lyude Paul <lyude@redhat.com>
Cc: stable@vger.kernel.org
Signed-off-by: Ben Skeggs <bskeggs@redhat.com>
2018-07-16 17:59:59 +10:00
Lyude Paul
37afe55b4a drm/nouveau: Avoid looping through fake MST connectors
When MST and atomic were introduced to nouveau, another structure that
could contain a drm_connector embedded within it was introduced; struct
nv50_mstc. This meant that we no longer would be able to simply loop
through our connector list and assume that nouveau_connector() would
return a proper pointer for each connector, since the assertion that
all connectors coming from nouveau have a full nouveau_connector struct
became invalid.

Unfortunately, none of the actual code that looped through connectors
ever got updated, which means that we've been causing invalid memory
accesses for quite a while now.

An example that was caught by KASAN:

[  201.038698] ==================================================================
[  201.038792] BUG: KASAN: slab-out-of-bounds in nvif_notify_get+0x190/0x1a0 [nouveau]
[  201.038797] Read of size 4 at addr ffff88076738c650 by task kworker/0:3/718
[  201.038800]
[  201.038822] CPU: 0 PID: 718 Comm: kworker/0:3 Tainted: G           O      4.18.0-rc4Lyude-Test+ #1
[  201.038825] Hardware name: LENOVO 20EQS64N0B/20EQS64N0B, BIOS N1EET78W (1.51 ) 05/18/2018
[  201.038882] Workqueue: events nouveau_display_hpd_work [nouveau]
[  201.038887] Call Trace:
[  201.038894]  dump_stack+0xa4/0xfd
[  201.038900]  print_address_description+0x71/0x239
[  201.038929]  ? nvif_notify_get+0x190/0x1a0 [nouveau]
[  201.038935]  kasan_report.cold.6+0x242/0x2fe
[  201.038942]  __asan_report_load4_noabort+0x19/0x20
[  201.038970]  nvif_notify_get+0x190/0x1a0 [nouveau]
[  201.038998]  ? nvif_notify_put+0x1f0/0x1f0 [nouveau]
[  201.039003]  ? kmsg_dump_rewind_nolock+0xe4/0xe4
[  201.039049]  nouveau_display_init.cold.12+0x34/0x39 [nouveau]
[  201.039089]  ? nouveau_user_framebuffer_create+0x120/0x120 [nouveau]
[  201.039133]  nouveau_display_resume+0x5c0/0x810 [nouveau]
[  201.039173]  ? nvkm_client_ioctl+0x20/0x20 [nouveau]
[  201.039215]  nouveau_do_resume+0x19f/0x570 [nouveau]
[  201.039256]  nouveau_pmops_runtime_resume+0xd8/0x2a0 [nouveau]
[  201.039264]  pci_pm_runtime_resume+0x130/0x250
[  201.039269]  ? pci_restore_standard_config+0x70/0x70
[  201.039275]  __rpm_callback+0x1f2/0x5d0
[  201.039279]  ? rpm_resume+0x560/0x18a0
[  201.039283]  ? pci_restore_standard_config+0x70/0x70
[  201.039287]  ? pci_restore_standard_config+0x70/0x70
[  201.039291]  ? pci_restore_standard_config+0x70/0x70
[  201.039296]  rpm_callback+0x175/0x210
[  201.039300]  ? pci_restore_standard_config+0x70/0x70
[  201.039305]  rpm_resume+0xcc3/0x18a0
[  201.039312]  ? rpm_callback+0x210/0x210
[  201.039317]  ? __pm_runtime_resume+0x9e/0x100
[  201.039322]  ? kasan_check_write+0x14/0x20
[  201.039326]  ? do_raw_spin_lock+0xc2/0x1c0
[  201.039333]  __pm_runtime_resume+0xac/0x100
[  201.039374]  nouveau_display_hpd_work+0x67/0x1f0 [nouveau]
[  201.039380]  process_one_work+0x7a0/0x14d0
[  201.039388]  ? cancel_delayed_work_sync+0x20/0x20
[  201.039392]  ? lock_acquire+0x113/0x310
[  201.039398]  ? kasan_check_write+0x14/0x20
[  201.039402]  ? do_raw_spin_lock+0xc2/0x1c0
[  201.039409]  worker_thread+0x86/0xb50
[  201.039418]  kthread+0x2e9/0x3a0
[  201.039422]  ? process_one_work+0x14d0/0x14d0
[  201.039426]  ? kthread_create_worker_on_cpu+0xc0/0xc0
[  201.039431]  ret_from_fork+0x3a/0x50
[  201.039441]
[  201.039444] Allocated by task 79:
[  201.039449]  save_stack+0x43/0xd0
[  201.039452]  kasan_kmalloc+0xc4/0xe0
[  201.039456]  kmem_cache_alloc_trace+0x10a/0x260
[  201.039494]  nv50_mstm_add_connector+0x9a/0x340 [nouveau]
[  201.039504]  drm_dp_add_port+0xff5/0x1fc0 [drm_kms_helper]
[  201.039511]  drm_dp_send_link_address+0x4a7/0x740 [drm_kms_helper]
[  201.039518]  drm_dp_check_and_send_link_address+0x1a7/0x210 [drm_kms_helper]
[  201.039525]  drm_dp_mst_link_probe_work+0x71/0xb0 [drm_kms_helper]
[  201.039529]  process_one_work+0x7a0/0x14d0
[  201.039533]  worker_thread+0x86/0xb50
[  201.039537]  kthread+0x2e9/0x3a0
[  201.039541]  ret_from_fork+0x3a/0x50
[  201.039543]
[  201.039546] Freed by task 0:
[  201.039549] (stack is not available)
[  201.039551]
[  201.039555] The buggy address belongs to the object at ffff88076738c1a8
                                 which belongs to the cache kmalloc-2048 of size 2048
[  201.039559] The buggy address is located 1192 bytes inside of
                                 2048-byte region [ffff88076738c1a8, ffff88076738c9a8)
[  201.039563] The buggy address belongs to the page:
[  201.039567] page:ffffea001d9ce200 count:1 mapcount:0 mapping:ffff88084000d0c0 index:0x0 compound_mapcount: 0
[  201.039573] flags: 0x8000000000008100(slab|head)
[  201.039578] raw: 8000000000008100 ffffea001da3be08 ffffea001da25a08 ffff88084000d0c0
[  201.039582] raw: 0000000000000000 00000000000d000d 00000001ffffffff 0000000000000000
[  201.039585] page dumped because: kasan: bad access detected
[  201.039588]
[  201.039591] Memory state around the buggy address:
[  201.039594]  ffff88076738c500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  201.039598]  ffff88076738c580: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  201.039601] >ffff88076738c600: 00 00 00 00 00 00 00 00 00 00 fc fc fc fc fc fc
[  201.039604]                                                  ^
[  201.039607]  ffff88076738c680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  201.039611]  ffff88076738c700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  201.039613] ==================================================================

Signed-off-by: Lyude Paul <lyude@redhat.com>
Cc: stable@vger.kernel.org
Cc: Karol Herbst <karolherbst@gmail.com>
Signed-off-by: Ben Skeggs <bskeggs@redhat.com>
2018-07-16 17:59:59 +10:00
Lyude Paul
22b76bbe08 drm/nouveau: Use drm_connector_list_iter_* for iterating connectors
Every codepath in nouveau that loops through the connector list
currently does so using the old method, which is prone to race
conditions from MST connectors being created and destroyed. This has
been causing a multitude of problems, including memory corruption from
trying to access connectors that have already been freed!

Signed-off-by: Lyude Paul <lyude@redhat.com>
Cc: stable@vger.kernel.org
Cc: Karol Herbst <karolherbst@gmail.com>
Signed-off-by: Ben Skeggs <bskeggs@redhat.com>
2018-07-16 17:59:59 +10:00
Dan Carpenter
7f073d011f drm/nouveau/gem: off by one bugs in nouveau_gem_pushbuf_reloc_apply()
The bo array has req->nr_buffers elements so the > should be >= so we
don't read beyond the end of the array.

Fixes: a1606a9596 ("drm/nouveau: new gem pushbuf interface, bump to 0.0.16")
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Ben Skeggs <bskeggs@redhat.com>
2018-07-16 17:59:58 +10:00
Ben Skeggs
df0c97e2c7 drm/nouveau/kms/nv50-: ensure window updates are submitted when flushing mst disables
It was possible for this to be skipped when shutting down MST streams, and
leaving the core channel interlocked with a wndw channel update that never
happens - leading to a hung display.

Signed-off-by: Ben Skeggs <bskeggs@redhat.com>
Tested-By: Lyude Paul <lyude@redhat.com>
2018-07-16 17:59:58 +10:00
Daniel Vetter
97e14fbeb5 drm: drop _mode_ from remaining connector functions
Since there's very few callers of these I've decided to do them all in
one patch. With this the unecessarily long drm_mode_connector_ prefix
is gone from the codebase! The only exception being struct
drm_mode_connector_set_property, which is part of the uapi so can't be
renamed.

Again done with sed+some manual fixups for indent issues.

Reviewed-by: Sean Paul <seanpaul@chromium.org>
Signed-off-by: Daniel Vetter <daniel.vetter@intel.com>
Link: https://patchwork.freedesktop.org/patch/msgid/20180709084016.23750-8-daniel.vetter@ffwll.ch
2018-07-13 18:40:27 +02:00
Daniel Vetter
cde4c44d87 drm: drop _mode_ from drm_mode_connector_attach_encoder
Again to align with the usual prefix of just drm_connector_. Again
done with sed + manual fixup for indent issues.

Reviewed-by: Sean Paul <seanpaul@chromium.org>
Signed-off-by: Daniel Vetter <daniel.vetter@intel.com>
Link: https://patchwork.freedesktop.org/patch/msgid/20180709084016.23750-7-daniel.vetter@ffwll.ch
2018-07-13 18:40:27 +02:00
Daniel Vetter
c555f02371 drm: drop _mode_ from update_edit_property()
Just makes it longer, and for most things in drm_connector.[hc] we
just use the drm_connector_ prefix. Done with sed + a bit of manual
fixup for the indenting.

Reviewed-by: Sean Paul <seanpaul@chromium.org>
Signed-off-by: Daniel Vetter <daniel.vetter@intel.com>
Link: https://patchwork.freedesktop.org/patch/msgid/20180709084016.23750-6-daniel.vetter@ffwll.ch
2018-07-13 18:40:27 +02:00
Ville Syrjälä
ddba766dd0 drm/nouveau: Use drm_connector_for_each_possible_encoder()
Use drm_connector_for_each_possible_encoder() for iterating
connector->encoder_ids[]. A bit more convenient not having
to deal with the implementation details.

v2: Replace drm_for_each_connector_encoder_ids() with
    drm_connector_for_each_possible_encoder() (Daniel)
v3: Initialize nv_encoder to NULL to shut up gcc/smatch

Cc: Dan Carpenter <dan.carpenter@oracle.com>
Cc: Daniel Vetter <daniel.vetter@ffwll.ch>
Cc: Ben Skeggs <bskeggs@redhat.com>
Cc: nouveau@lists.freedesktop.org
Signed-off-by: Ville Syrjälä <ville.syrjala@linux.intel.com>
Reviewed-by: Alex Deucher <alexander.deucher@amd.com>
Link: https://patchwork.freedesktop.org/patch/msgid/20180702152927.13351-1-ville.syrjala@linux.intel.com
2018-07-05 16:52:08 +03:00
Dirk Hohndel (VMware)
eee3dc56e2 drm/noveau: add SPDX identifier and clarify license
This is dual licensed under GPL-2.0 or MIT.

Acked-by: Thomas Gleixner <tglx@linutronix.de>
Signed-off-by: Dirk Hohndel (VMware) <dirk@hohndel.org>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Link: https://patchwork.freedesktop.org/patch/msgid/20180506231626.115996-5-dirk@hohndel.org
2018-06-29 15:28:47 -05:00
Dave Airlie
845876a086 Merge branch 'linux-4.18' of git://github.com/skeggsb/linux into drm-fixes
Single nouveau regression fix.

Signed-off-by: Dave Airlie <airlied@redhat.com>
Link: https://patchwork.freedesktop.org/patch/msgid/CACAvsv5VDDKaYKJShyVAGK0MJAHMZOJ02FKQ_aW5DnBCNVgRUw@mail.gmail.com
2018-06-20 16:57:09 +10:00
Ben Skeggs
1264f8325e drm/nouveau/kms/nv50-: cursors always use core channel vram ctxdma
Ctxdmas for cursors from all heads are setup in the core channel, and due
to us tracking allocated handles per-window, we were failing with -EEXIST
on multiple-head setups trying to allocate duplicate handles.

The cursor code is hardcoded to use the core channel vram ctxdma already,
so just skip ctxdma allocation for cursor fbs to fix the issue.

Fixes: 5bca1621c0 ("drm/nouveau/kms/nv50-: move fb ctxdma tracking into windows")
Reported-by: Adam Borowski <kilobyte@angband.pl>
Signed-off-by: Ben Skeggs <bskeggs@redhat.com>
2018-06-19 10:38:26 +10:00
Kees Cook
42bc47b353 treewide: Use array_size() in vmalloc()
The vmalloc() function has no 2-factor argument form, so multiplication
factors need to be wrapped in array_size(). This patch replaces cases of:

        vmalloc(a * b)

with:
        vmalloc(array_size(a, b))

as well as handling cases of:

        vmalloc(a * b * c)

with:

        vmalloc(array3_size(a, b, c))

This does, however, attempt to ignore constant size factors like:

        vmalloc(4 * 1024)

though any constants defined via macros get caught up in the conversion.

Any factors with a sizeof() of "unsigned char", "char", and "u8" were
dropped, since they're redundant.

The Coccinelle script used for this was:

// Fix redundant parens around sizeof().
@@
type TYPE;
expression THING, E;
@@

(
  vmalloc(
-	(sizeof(TYPE)) * E
+	sizeof(TYPE) * E
  , ...)
|
  vmalloc(
-	(sizeof(THING)) * E
+	sizeof(THING) * E
  , ...)
)

// Drop single-byte sizes and redundant parens.
@@
expression COUNT;
typedef u8;
typedef __u8;
@@

(
  vmalloc(
-	sizeof(u8) * (COUNT)
+	COUNT
  , ...)
|
  vmalloc(
-	sizeof(__u8) * (COUNT)
+	COUNT
  , ...)
|
  vmalloc(
-	sizeof(char) * (COUNT)
+	COUNT
  , ...)
|
  vmalloc(
-	sizeof(unsigned char) * (COUNT)
+	COUNT
  , ...)
|
  vmalloc(
-	sizeof(u8) * COUNT
+	COUNT
  , ...)
|
  vmalloc(
-	sizeof(__u8) * COUNT
+	COUNT
  , ...)
|
  vmalloc(
-	sizeof(char) * COUNT
+	COUNT
  , ...)
|
  vmalloc(
-	sizeof(unsigned char) * COUNT
+	COUNT
  , ...)
)

// 2-factor product with sizeof(type/expression) and identifier or constant.
@@
type TYPE;
expression THING;
identifier COUNT_ID;
constant COUNT_CONST;
@@

(
  vmalloc(
-	sizeof(TYPE) * (COUNT_ID)
+	array_size(COUNT_ID, sizeof(TYPE))
  , ...)
|
  vmalloc(
-	sizeof(TYPE) * COUNT_ID
+	array_size(COUNT_ID, sizeof(TYPE))
  , ...)
|
  vmalloc(
-	sizeof(TYPE) * (COUNT_CONST)
+	array_size(COUNT_CONST, sizeof(TYPE))
  , ...)
|
  vmalloc(
-	sizeof(TYPE) * COUNT_CONST
+	array_size(COUNT_CONST, sizeof(TYPE))
  , ...)
|
  vmalloc(
-	sizeof(THING) * (COUNT_ID)
+	array_size(COUNT_ID, sizeof(THING))
  , ...)
|
  vmalloc(
-	sizeof(THING) * COUNT_ID
+	array_size(COUNT_ID, sizeof(THING))
  , ...)
|
  vmalloc(
-	sizeof(THING) * (COUNT_CONST)
+	array_size(COUNT_CONST, sizeof(THING))
  , ...)
|
  vmalloc(
-	sizeof(THING) * COUNT_CONST
+	array_size(COUNT_CONST, sizeof(THING))
  , ...)
)

// 2-factor product, only identifiers.
@@
identifier SIZE, COUNT;
@@

  vmalloc(
-	SIZE * COUNT
+	array_size(COUNT, SIZE)
  , ...)

// 3-factor product with 1 sizeof(type) or sizeof(expression), with
// redundant parens removed.
@@
expression THING;
identifier STRIDE, COUNT;
type TYPE;
@@

(
  vmalloc(
-	sizeof(TYPE) * (COUNT) * (STRIDE)
+	array3_size(COUNT, STRIDE, sizeof(TYPE))
  , ...)
|
  vmalloc(
-	sizeof(TYPE) * (COUNT) * STRIDE
+	array3_size(COUNT, STRIDE, sizeof(TYPE))
  , ...)
|
  vmalloc(
-	sizeof(TYPE) * COUNT * (STRIDE)
+	array3_size(COUNT, STRIDE, sizeof(TYPE))
  , ...)
|
  vmalloc(
-	sizeof(TYPE) * COUNT * STRIDE
+	array3_size(COUNT, STRIDE, sizeof(TYPE))
  , ...)
|
  vmalloc(
-	sizeof(THING) * (COUNT) * (STRIDE)
+	array3_size(COUNT, STRIDE, sizeof(THING))
  , ...)
|
  vmalloc(
-	sizeof(THING) * (COUNT) * STRIDE
+	array3_size(COUNT, STRIDE, sizeof(THING))
  , ...)
|
  vmalloc(
-	sizeof(THING) * COUNT * (STRIDE)
+	array3_size(COUNT, STRIDE, sizeof(THING))
  , ...)
|
  vmalloc(
-	sizeof(THING) * COUNT * STRIDE
+	array3_size(COUNT, STRIDE, sizeof(THING))
  , ...)
)

// 3-factor product with 2 sizeof(variable), with redundant parens removed.
@@
expression THING1, THING2;
identifier COUNT;
type TYPE1, TYPE2;
@@

(
  vmalloc(
-	sizeof(TYPE1) * sizeof(TYPE2) * COUNT
+	array3_size(COUNT, sizeof(TYPE1), sizeof(TYPE2))
  , ...)
|
  vmalloc(
-	sizeof(TYPE1) * sizeof(THING2) * (COUNT)
+	array3_size(COUNT, sizeof(TYPE1), sizeof(TYPE2))
  , ...)
|
  vmalloc(
-	sizeof(THING1) * sizeof(THING2) * COUNT
+	array3_size(COUNT, sizeof(THING1), sizeof(THING2))
  , ...)
|
  vmalloc(
-	sizeof(THING1) * sizeof(THING2) * (COUNT)
+	array3_size(COUNT, sizeof(THING1), sizeof(THING2))
  , ...)
|
  vmalloc(
-	sizeof(TYPE1) * sizeof(THING2) * COUNT
+	array3_size(COUNT, sizeof(TYPE1), sizeof(THING2))
  , ...)
|
  vmalloc(
-	sizeof(TYPE1) * sizeof(THING2) * (COUNT)
+	array3_size(COUNT, sizeof(TYPE1), sizeof(THING2))
  , ...)
)

// 3-factor product, only identifiers, with redundant parens removed.
@@
identifier STRIDE, SIZE, COUNT;
@@

(
  vmalloc(
-	(COUNT) * STRIDE * SIZE
+	array3_size(COUNT, STRIDE, SIZE)
  , ...)
|
  vmalloc(
-	COUNT * (STRIDE) * SIZE
+	array3_size(COUNT, STRIDE, SIZE)
  , ...)
|
  vmalloc(
-	COUNT * STRIDE * (SIZE)
+	array3_size(COUNT, STRIDE, SIZE)
  , ...)
|
  vmalloc(
-	(COUNT) * (STRIDE) * SIZE
+	array3_size(COUNT, STRIDE, SIZE)
  , ...)
|
  vmalloc(
-	COUNT * (STRIDE) * (SIZE)
+	array3_size(COUNT, STRIDE, SIZE)
  , ...)
|
  vmalloc(
-	(COUNT) * STRIDE * (SIZE)
+	array3_size(COUNT, STRIDE, SIZE)
  , ...)
|
  vmalloc(
-	(COUNT) * (STRIDE) * (SIZE)
+	array3_size(COUNT, STRIDE, SIZE)
  , ...)
|
  vmalloc(
-	COUNT * STRIDE * SIZE
+	array3_size(COUNT, STRIDE, SIZE)
  , ...)
)

// Any remaining multi-factor products, first at least 3-factor products
// when they're not all constants...
@@
expression E1, E2, E3;
constant C1, C2, C3;
@@

(
  vmalloc(C1 * C2 * C3, ...)
|
  vmalloc(
-	E1 * E2 * E3
+	array3_size(E1, E2, E3)
  , ...)
)

// And then all remaining 2 factors products when they're not all constants.
@@
expression E1, E2;
constant C1, C2;
@@

(
  vmalloc(C1 * C2, ...)
|
  vmalloc(
-	E1 * E2
+	array_size(E1, E2)
  , ...)
)

Signed-off-by: Kees Cook <keescook@chromium.org>
2018-06-12 16:19:22 -07:00
Kees Cook
778e1cdd81 treewide: kvzalloc() -> kvcalloc()
The kvzalloc() function has a 2-factor argument form, kvcalloc(). This
patch replaces cases of:

        kvzalloc(a * b, gfp)

with:
        kvcalloc(a * b, gfp)

as well as handling cases of:

        kvzalloc(a * b * c, gfp)

with:

        kvzalloc(array3_size(a, b, c), gfp)

as it's slightly less ugly than:

        kvcalloc(array_size(a, b), c, gfp)

This does, however, attempt to ignore constant size factors like:

        kvzalloc(4 * 1024, gfp)

though any constants defined via macros get caught up in the conversion.

Any factors with a sizeof() of "unsigned char", "char", and "u8" were
dropped, since they're redundant.

The Coccinelle script used for this was:

// Fix redundant parens around sizeof().
@@
type TYPE;
expression THING, E;
@@

(
  kvzalloc(
-	(sizeof(TYPE)) * E
+	sizeof(TYPE) * E
  , ...)
|
  kvzalloc(
-	(sizeof(THING)) * E
+	sizeof(THING) * E
  , ...)
)

// Drop single-byte sizes and redundant parens.
@@
expression COUNT;
typedef u8;
typedef __u8;
@@

(
  kvzalloc(
-	sizeof(u8) * (COUNT)
+	COUNT
  , ...)
|
  kvzalloc(
-	sizeof(__u8) * (COUNT)
+	COUNT
  , ...)
|
  kvzalloc(
-	sizeof(char) * (COUNT)
+	COUNT
  , ...)
|
  kvzalloc(
-	sizeof(unsigned char) * (COUNT)
+	COUNT
  , ...)
|
  kvzalloc(
-	sizeof(u8) * COUNT
+	COUNT
  , ...)
|
  kvzalloc(
-	sizeof(__u8) * COUNT
+	COUNT
  , ...)
|
  kvzalloc(
-	sizeof(char) * COUNT
+	COUNT
  , ...)
|
  kvzalloc(
-	sizeof(unsigned char) * COUNT
+	COUNT
  , ...)
)

// 2-factor product with sizeof(type/expression) and identifier or constant.
@@
type TYPE;
expression THING;
identifier COUNT_ID;
constant COUNT_CONST;
@@

(
- kvzalloc
+ kvcalloc
  (
-	sizeof(TYPE) * (COUNT_ID)
+	COUNT_ID, sizeof(TYPE)
  , ...)
|
- kvzalloc
+ kvcalloc
  (
-	sizeof(TYPE) * COUNT_ID
+	COUNT_ID, sizeof(TYPE)
  , ...)
|
- kvzalloc
+ kvcalloc
  (
-	sizeof(TYPE) * (COUNT_CONST)
+	COUNT_CONST, sizeof(TYPE)
  , ...)
|
- kvzalloc
+ kvcalloc
  (
-	sizeof(TYPE) * COUNT_CONST
+	COUNT_CONST, sizeof(TYPE)
  , ...)
|
- kvzalloc
+ kvcalloc
  (
-	sizeof(THING) * (COUNT_ID)
+	COUNT_ID, sizeof(THING)
  , ...)
|
- kvzalloc
+ kvcalloc
  (
-	sizeof(THING) * COUNT_ID
+	COUNT_ID, sizeof(THING)
  , ...)
|
- kvzalloc
+ kvcalloc
  (
-	sizeof(THING) * (COUNT_CONST)
+	COUNT_CONST, sizeof(THING)
  , ...)
|
- kvzalloc
+ kvcalloc
  (
-	sizeof(THING) * COUNT_CONST
+	COUNT_CONST, sizeof(THING)
  , ...)
)

// 2-factor product, only identifiers.
@@
identifier SIZE, COUNT;
@@

- kvzalloc
+ kvcalloc
  (
-	SIZE * COUNT
+	COUNT, SIZE
  , ...)

// 3-factor product with 1 sizeof(type) or sizeof(expression), with
// redundant parens removed.
@@
expression THING;
identifier STRIDE, COUNT;
type TYPE;
@@

(
  kvzalloc(
-	sizeof(TYPE) * (COUNT) * (STRIDE)
+	array3_size(COUNT, STRIDE, sizeof(TYPE))
  , ...)
|
  kvzalloc(
-	sizeof(TYPE) * (COUNT) * STRIDE
+	array3_size(COUNT, STRIDE, sizeof(TYPE))
  , ...)
|
  kvzalloc(
-	sizeof(TYPE) * COUNT * (STRIDE)
+	array3_size(COUNT, STRIDE, sizeof(TYPE))
  , ...)
|
  kvzalloc(
-	sizeof(TYPE) * COUNT * STRIDE
+	array3_size(COUNT, STRIDE, sizeof(TYPE))
  , ...)
|
  kvzalloc(
-	sizeof(THING) * (COUNT) * (STRIDE)
+	array3_size(COUNT, STRIDE, sizeof(THING))
  , ...)
|
  kvzalloc(
-	sizeof(THING) * (COUNT) * STRIDE
+	array3_size(COUNT, STRIDE, sizeof(THING))
  , ...)
|
  kvzalloc(
-	sizeof(THING) * COUNT * (STRIDE)
+	array3_size(COUNT, STRIDE, sizeof(THING))
  , ...)
|
  kvzalloc(
-	sizeof(THING) * COUNT * STRIDE
+	array3_size(COUNT, STRIDE, sizeof(THING))
  , ...)
)

// 3-factor product with 2 sizeof(variable), with redundant parens removed.
@@
expression THING1, THING2;
identifier COUNT;
type TYPE1, TYPE2;
@@

(
  kvzalloc(
-	sizeof(TYPE1) * sizeof(TYPE2) * COUNT
+	array3_size(COUNT, sizeof(TYPE1), sizeof(TYPE2))
  , ...)
|
  kvzalloc(
-	sizeof(TYPE1) * sizeof(THING2) * (COUNT)
+	array3_size(COUNT, sizeof(TYPE1), sizeof(TYPE2))
  , ...)
|
  kvzalloc(
-	sizeof(THING1) * sizeof(THING2) * COUNT
+	array3_size(COUNT, sizeof(THING1), sizeof(THING2))
  , ...)
|
  kvzalloc(
-	sizeof(THING1) * sizeof(THING2) * (COUNT)
+	array3_size(COUNT, sizeof(THING1), sizeof(THING2))
  , ...)
|
  kvzalloc(
-	sizeof(TYPE1) * sizeof(THING2) * COUNT
+	array3_size(COUNT, sizeof(TYPE1), sizeof(THING2))
  , ...)
|
  kvzalloc(
-	sizeof(TYPE1) * sizeof(THING2) * (COUNT)
+	array3_size(COUNT, sizeof(TYPE1), sizeof(THING2))
  , ...)
)

// 3-factor product, only identifiers, with redundant parens removed.
@@
identifier STRIDE, SIZE, COUNT;
@@

(
  kvzalloc(
-	(COUNT) * STRIDE * SIZE
+	array3_size(COUNT, STRIDE, SIZE)
  , ...)
|
  kvzalloc(
-	COUNT * (STRIDE) * SIZE
+	array3_size(COUNT, STRIDE, SIZE)
  , ...)
|
  kvzalloc(
-	COUNT * STRIDE * (SIZE)
+	array3_size(COUNT, STRIDE, SIZE)
  , ...)
|
  kvzalloc(
-	(COUNT) * (STRIDE) * SIZE
+	array3_size(COUNT, STRIDE, SIZE)
  , ...)
|
  kvzalloc(
-	COUNT * (STRIDE) * (SIZE)
+	array3_size(COUNT, STRIDE, SIZE)
  , ...)
|
  kvzalloc(
-	(COUNT) * STRIDE * (SIZE)
+	array3_size(COUNT, STRIDE, SIZE)
  , ...)
|
  kvzalloc(
-	(COUNT) * (STRIDE) * (SIZE)
+	array3_size(COUNT, STRIDE, SIZE)
  , ...)
|
  kvzalloc(
-	COUNT * STRIDE * SIZE
+	array3_size(COUNT, STRIDE, SIZE)
  , ...)
)

// Any remaining multi-factor products, first at least 3-factor products,
// when they're not all constants...
@@
expression E1, E2, E3;
constant C1, C2, C3;
@@

(
  kvzalloc(C1 * C2 * C3, ...)
|
  kvzalloc(
-	(E1) * E2 * E3
+	array3_size(E1, E2, E3)
  , ...)
|
  kvzalloc(
-	(E1) * (E2) * E3
+	array3_size(E1, E2, E3)
  , ...)
|
  kvzalloc(
-	(E1) * (E2) * (E3)
+	array3_size(E1, E2, E3)
  , ...)
|
  kvzalloc(
-	E1 * E2 * E3
+	array3_size(E1, E2, E3)
  , ...)
)

// And then all remaining 2 factors products when they're not all constants,
// keeping sizeof() as the second factor argument.
@@
expression THING, E1, E2;
type TYPE;
constant C1, C2, C3;
@@

(
  kvzalloc(sizeof(THING) * C2, ...)
|
  kvzalloc(sizeof(TYPE) * C2, ...)
|
  kvzalloc(C1 * C2 * C3, ...)
|
  kvzalloc(C1 * C2, ...)
|
- kvzalloc
+ kvcalloc
  (
-	sizeof(TYPE) * (E2)
+	E2, sizeof(TYPE)
  , ...)
|
- kvzalloc
+ kvcalloc
  (
-	sizeof(TYPE) * E2
+	E2, sizeof(TYPE)
  , ...)
|
- kvzalloc
+ kvcalloc
  (
-	sizeof(THING) * (E2)
+	E2, sizeof(THING)
  , ...)
|
- kvzalloc
+ kvcalloc
  (
-	sizeof(THING) * E2
+	E2, sizeof(THING)
  , ...)
|
- kvzalloc
+ kvcalloc
  (
-	(E1) * E2
+	E1, E2
  , ...)
|
- kvzalloc
+ kvcalloc
  (
-	(E1) * (E2)
+	E1, E2
  , ...)
|
- kvzalloc
+ kvcalloc
  (
-	E1 * E2
+	E1, E2
  , ...)
)

Signed-off-by: Kees Cook <keescook@chromium.org>
2018-06-12 16:19:22 -07:00
Kees Cook
344476e16a treewide: kvmalloc() -> kvmalloc_array()
The kvmalloc() function has a 2-factor argument form, kvmalloc_array(). This
patch replaces cases of:

        kvmalloc(a * b, gfp)

with:
        kvmalloc_array(a * b, gfp)

as well as handling cases of:

        kvmalloc(a * b * c, gfp)

with:

        kvmalloc(array3_size(a, b, c), gfp)

as it's slightly less ugly than:

        kvmalloc_array(array_size(a, b), c, gfp)

This does, however, attempt to ignore constant size factors like:

        kvmalloc(4 * 1024, gfp)

though any constants defined via macros get caught up in the conversion.

Any factors with a sizeof() of "unsigned char", "char", and "u8" were
dropped, since they're redundant.

The Coccinelle script used for this was:

// Fix redundant parens around sizeof().
@@
type TYPE;
expression THING, E;
@@

(
  kvmalloc(
-	(sizeof(TYPE)) * E
+	sizeof(TYPE) * E
  , ...)
|
  kvmalloc(
-	(sizeof(THING)) * E
+	sizeof(THING) * E
  , ...)
)

// Drop single-byte sizes and redundant parens.
@@
expression COUNT;
typedef u8;
typedef __u8;
@@

(
  kvmalloc(
-	sizeof(u8) * (COUNT)
+	COUNT
  , ...)
|
  kvmalloc(
-	sizeof(__u8) * (COUNT)
+	COUNT
  , ...)
|
  kvmalloc(
-	sizeof(char) * (COUNT)
+	COUNT
  , ...)
|
  kvmalloc(
-	sizeof(unsigned char) * (COUNT)
+	COUNT
  , ...)
|
  kvmalloc(
-	sizeof(u8) * COUNT
+	COUNT
  , ...)
|
  kvmalloc(
-	sizeof(__u8) * COUNT
+	COUNT
  , ...)
|
  kvmalloc(
-	sizeof(char) * COUNT
+	COUNT
  , ...)
|
  kvmalloc(
-	sizeof(unsigned char) * COUNT
+	COUNT
  , ...)
)

// 2-factor product with sizeof(type/expression) and identifier or constant.
@@
type TYPE;
expression THING;
identifier COUNT_ID;
constant COUNT_CONST;
@@

(
- kvmalloc
+ kvmalloc_array
  (
-	sizeof(TYPE) * (COUNT_ID)
+	COUNT_ID, sizeof(TYPE)
  , ...)
|
- kvmalloc
+ kvmalloc_array
  (
-	sizeof(TYPE) * COUNT_ID
+	COUNT_ID, sizeof(TYPE)
  , ...)
|
- kvmalloc
+ kvmalloc_array
  (
-	sizeof(TYPE) * (COUNT_CONST)
+	COUNT_CONST, sizeof(TYPE)
  , ...)
|
- kvmalloc
+ kvmalloc_array
  (
-	sizeof(TYPE) * COUNT_CONST
+	COUNT_CONST, sizeof(TYPE)
  , ...)
|
- kvmalloc
+ kvmalloc_array
  (
-	sizeof(THING) * (COUNT_ID)
+	COUNT_ID, sizeof(THING)
  , ...)
|
- kvmalloc
+ kvmalloc_array
  (
-	sizeof(THING) * COUNT_ID
+	COUNT_ID, sizeof(THING)
  , ...)
|
- kvmalloc
+ kvmalloc_array
  (
-	sizeof(THING) * (COUNT_CONST)
+	COUNT_CONST, sizeof(THING)
  , ...)
|
- kvmalloc
+ kvmalloc_array
  (
-	sizeof(THING) * COUNT_CONST
+	COUNT_CONST, sizeof(THING)
  , ...)
)

// 2-factor product, only identifiers.
@@
identifier SIZE, COUNT;
@@

- kvmalloc
+ kvmalloc_array
  (
-	SIZE * COUNT
+	COUNT, SIZE
  , ...)

// 3-factor product with 1 sizeof(type) or sizeof(expression), with
// redundant parens removed.
@@
expression THING;
identifier STRIDE, COUNT;
type TYPE;
@@

(
  kvmalloc(
-	sizeof(TYPE) * (COUNT) * (STRIDE)
+	array3_size(COUNT, STRIDE, sizeof(TYPE))
  , ...)
|
  kvmalloc(
-	sizeof(TYPE) * (COUNT) * STRIDE
+	array3_size(COUNT, STRIDE, sizeof(TYPE))
  , ...)
|
  kvmalloc(
-	sizeof(TYPE) * COUNT * (STRIDE)
+	array3_size(COUNT, STRIDE, sizeof(TYPE))
  , ...)
|
  kvmalloc(
-	sizeof(TYPE) * COUNT * STRIDE
+	array3_size(COUNT, STRIDE, sizeof(TYPE))
  , ...)
|
  kvmalloc(
-	sizeof(THING) * (COUNT) * (STRIDE)
+	array3_size(COUNT, STRIDE, sizeof(THING))
  , ...)
|
  kvmalloc(
-	sizeof(THING) * (COUNT) * STRIDE
+	array3_size(COUNT, STRIDE, sizeof(THING))
  , ...)
|
  kvmalloc(
-	sizeof(THING) * COUNT * (STRIDE)
+	array3_size(COUNT, STRIDE, sizeof(THING))
  , ...)
|
  kvmalloc(
-	sizeof(THING) * COUNT * STRIDE
+	array3_size(COUNT, STRIDE, sizeof(THING))
  , ...)
)

// 3-factor product with 2 sizeof(variable), with redundant parens removed.
@@
expression THING1, THING2;
identifier COUNT;
type TYPE1, TYPE2;
@@

(
  kvmalloc(
-	sizeof(TYPE1) * sizeof(TYPE2) * COUNT
+	array3_size(COUNT, sizeof(TYPE1), sizeof(TYPE2))
  , ...)
|
  kvmalloc(
-	sizeof(TYPE1) * sizeof(THING2) * (COUNT)
+	array3_size(COUNT, sizeof(TYPE1), sizeof(TYPE2))
  , ...)
|
  kvmalloc(
-	sizeof(THING1) * sizeof(THING2) * COUNT
+	array3_size(COUNT, sizeof(THING1), sizeof(THING2))
  , ...)
|
  kvmalloc(
-	sizeof(THING1) * sizeof(THING2) * (COUNT)
+	array3_size(COUNT, sizeof(THING1), sizeof(THING2))
  , ...)
|
  kvmalloc(
-	sizeof(TYPE1) * sizeof(THING2) * COUNT
+	array3_size(COUNT, sizeof(TYPE1), sizeof(THING2))
  , ...)
|
  kvmalloc(
-	sizeof(TYPE1) * sizeof(THING2) * (COUNT)
+	array3_size(COUNT, sizeof(TYPE1), sizeof(THING2))
  , ...)
)

// 3-factor product, only identifiers, with redundant parens removed.
@@
identifier STRIDE, SIZE, COUNT;
@@

(
  kvmalloc(
-	(COUNT) * STRIDE * SIZE
+	array3_size(COUNT, STRIDE, SIZE)
  , ...)
|
  kvmalloc(
-	COUNT * (STRIDE) * SIZE
+	array3_size(COUNT, STRIDE, SIZE)
  , ...)
|
  kvmalloc(
-	COUNT * STRIDE * (SIZE)
+	array3_size(COUNT, STRIDE, SIZE)
  , ...)
|
  kvmalloc(
-	(COUNT) * (STRIDE) * SIZE
+	array3_size(COUNT, STRIDE, SIZE)
  , ...)
|
  kvmalloc(
-	COUNT * (STRIDE) * (SIZE)
+	array3_size(COUNT, STRIDE, SIZE)
  , ...)
|
  kvmalloc(
-	(COUNT) * STRIDE * (SIZE)
+	array3_size(COUNT, STRIDE, SIZE)
  , ...)
|
  kvmalloc(
-	(COUNT) * (STRIDE) * (SIZE)
+	array3_size(COUNT, STRIDE, SIZE)
  , ...)
|
  kvmalloc(
-	COUNT * STRIDE * SIZE
+	array3_size(COUNT, STRIDE, SIZE)
  , ...)
)

// Any remaining multi-factor products, first at least 3-factor products,
// when they're not all constants...
@@
expression E1, E2, E3;
constant C1, C2, C3;
@@

(
  kvmalloc(C1 * C2 * C3, ...)
|
  kvmalloc(
-	(E1) * E2 * E3
+	array3_size(E1, E2, E3)
  , ...)
|
  kvmalloc(
-	(E1) * (E2) * E3
+	array3_size(E1, E2, E3)
  , ...)
|
  kvmalloc(
-	(E1) * (E2) * (E3)
+	array3_size(E1, E2, E3)
  , ...)
|
  kvmalloc(
-	E1 * E2 * E3
+	array3_size(E1, E2, E3)
  , ...)
)

// And then all remaining 2 factors products when they're not all constants,
// keeping sizeof() as the second factor argument.
@@
expression THING, E1, E2;
type TYPE;
constant C1, C2, C3;
@@

(
  kvmalloc(sizeof(THING) * C2, ...)
|
  kvmalloc(sizeof(TYPE) * C2, ...)
|
  kvmalloc(C1 * C2 * C3, ...)
|
  kvmalloc(C1 * C2, ...)
|
- kvmalloc
+ kvmalloc_array
  (
-	sizeof(TYPE) * (E2)
+	E2, sizeof(TYPE)
  , ...)
|
- kvmalloc
+ kvmalloc_array
  (
-	sizeof(TYPE) * E2
+	E2, sizeof(TYPE)
  , ...)
|
- kvmalloc
+ kvmalloc_array
  (
-	sizeof(THING) * (E2)
+	E2, sizeof(THING)
  , ...)
|
- kvmalloc
+ kvmalloc_array
  (
-	sizeof(THING) * E2
+	E2, sizeof(THING)
  , ...)
|
- kvmalloc
+ kvmalloc_array
  (
-	(E1) * E2
+	E1, E2
  , ...)
|
- kvmalloc
+ kvmalloc_array
  (
-	(E1) * (E2)
+	E1, E2
  , ...)
|
- kvmalloc
+ kvmalloc_array
  (
-	E1 * E2
+	E1, E2
  , ...)
)

Signed-off-by: Kees Cook <keescook@chromium.org>
2018-06-12 16:19:22 -07:00
Kees Cook
6396bb2215 treewide: kzalloc() -> kcalloc()
The kzalloc() function has a 2-factor argument form, kcalloc(). This
patch replaces cases of:

        kzalloc(a * b, gfp)

with:
        kcalloc(a * b, gfp)

as well as handling cases of:

        kzalloc(a * b * c, gfp)

with:

        kzalloc(array3_size(a, b, c), gfp)

as it's slightly less ugly than:

        kzalloc_array(array_size(a, b), c, gfp)

This does, however, attempt to ignore constant size factors like:

        kzalloc(4 * 1024, gfp)

though any constants defined via macros get caught up in the conversion.

Any factors with a sizeof() of "unsigned char", "char", and "u8" were
dropped, since they're redundant.

The Coccinelle script used for this was:

// Fix redundant parens around sizeof().
@@
type TYPE;
expression THING, E;
@@

(
  kzalloc(
-	(sizeof(TYPE)) * E
+	sizeof(TYPE) * E
  , ...)
|
  kzalloc(
-	(sizeof(THING)) * E
+	sizeof(THING) * E
  , ...)
)

// Drop single-byte sizes and redundant parens.
@@
expression COUNT;
typedef u8;
typedef __u8;
@@

(
  kzalloc(
-	sizeof(u8) * (COUNT)
+	COUNT
  , ...)
|
  kzalloc(
-	sizeof(__u8) * (COUNT)
+	COUNT
  , ...)
|
  kzalloc(
-	sizeof(char) * (COUNT)
+	COUNT
  , ...)
|
  kzalloc(
-	sizeof(unsigned char) * (COUNT)
+	COUNT
  , ...)
|
  kzalloc(
-	sizeof(u8) * COUNT
+	COUNT
  , ...)
|
  kzalloc(
-	sizeof(__u8) * COUNT
+	COUNT
  , ...)
|
  kzalloc(
-	sizeof(char) * COUNT
+	COUNT
  , ...)
|
  kzalloc(
-	sizeof(unsigned char) * COUNT
+	COUNT
  , ...)
)

// 2-factor product with sizeof(type/expression) and identifier or constant.
@@
type TYPE;
expression THING;
identifier COUNT_ID;
constant COUNT_CONST;
@@

(
- kzalloc
+ kcalloc
  (
-	sizeof(TYPE) * (COUNT_ID)
+	COUNT_ID, sizeof(TYPE)
  , ...)
|
- kzalloc
+ kcalloc
  (
-	sizeof(TYPE) * COUNT_ID
+	COUNT_ID, sizeof(TYPE)
  , ...)
|
- kzalloc
+ kcalloc
  (
-	sizeof(TYPE) * (COUNT_CONST)
+	COUNT_CONST, sizeof(TYPE)
  , ...)
|
- kzalloc
+ kcalloc
  (
-	sizeof(TYPE) * COUNT_CONST
+	COUNT_CONST, sizeof(TYPE)
  , ...)
|
- kzalloc
+ kcalloc
  (
-	sizeof(THING) * (COUNT_ID)
+	COUNT_ID, sizeof(THING)
  , ...)
|
- kzalloc
+ kcalloc
  (
-	sizeof(THING) * COUNT_ID
+	COUNT_ID, sizeof(THING)
  , ...)
|
- kzalloc
+ kcalloc
  (
-	sizeof(THING) * (COUNT_CONST)
+	COUNT_CONST, sizeof(THING)
  , ...)
|
- kzalloc
+ kcalloc
  (
-	sizeof(THING) * COUNT_CONST
+	COUNT_CONST, sizeof(THING)
  , ...)
)

// 2-factor product, only identifiers.
@@
identifier SIZE, COUNT;
@@

- kzalloc
+ kcalloc
  (
-	SIZE * COUNT
+	COUNT, SIZE
  , ...)

// 3-factor product with 1 sizeof(type) or sizeof(expression), with
// redundant parens removed.
@@
expression THING;
identifier STRIDE, COUNT;
type TYPE;
@@

(
  kzalloc(
-	sizeof(TYPE) * (COUNT) * (STRIDE)
+	array3_size(COUNT, STRIDE, sizeof(TYPE))
  , ...)
|
  kzalloc(
-	sizeof(TYPE) * (COUNT) * STRIDE
+	array3_size(COUNT, STRIDE, sizeof(TYPE))
  , ...)
|
  kzalloc(
-	sizeof(TYPE) * COUNT * (STRIDE)
+	array3_size(COUNT, STRIDE, sizeof(TYPE))
  , ...)
|
  kzalloc(
-	sizeof(TYPE) * COUNT * STRIDE
+	array3_size(COUNT, STRIDE, sizeof(TYPE))
  , ...)
|
  kzalloc(
-	sizeof(THING) * (COUNT) * (STRIDE)
+	array3_size(COUNT, STRIDE, sizeof(THING))
  , ...)
|
  kzalloc(
-	sizeof(THING) * (COUNT) * STRIDE
+	array3_size(COUNT, STRIDE, sizeof(THING))
  , ...)
|
  kzalloc(
-	sizeof(THING) * COUNT * (STRIDE)
+	array3_size(COUNT, STRIDE, sizeof(THING))
  , ...)
|
  kzalloc(
-	sizeof(THING) * COUNT * STRIDE
+	array3_size(COUNT, STRIDE, sizeof(THING))
  , ...)
)

// 3-factor product with 2 sizeof(variable), with redundant parens removed.
@@
expression THING1, THING2;
identifier COUNT;
type TYPE1, TYPE2;
@@

(
  kzalloc(
-	sizeof(TYPE1) * sizeof(TYPE2) * COUNT
+	array3_size(COUNT, sizeof(TYPE1), sizeof(TYPE2))
  , ...)
|
  kzalloc(
-	sizeof(TYPE1) * sizeof(THING2) * (COUNT)
+	array3_size(COUNT, sizeof(TYPE1), sizeof(TYPE2))
  , ...)
|
  kzalloc(
-	sizeof(THING1) * sizeof(THING2) * COUNT
+	array3_size(COUNT, sizeof(THING1), sizeof(THING2))
  , ...)
|
  kzalloc(
-	sizeof(THING1) * sizeof(THING2) * (COUNT)
+	array3_size(COUNT, sizeof(THING1), sizeof(THING2))
  , ...)
|
  kzalloc(
-	sizeof(TYPE1) * sizeof(THING2) * COUNT
+	array3_size(COUNT, sizeof(TYPE1), sizeof(THING2))
  , ...)
|
  kzalloc(
-	sizeof(TYPE1) * sizeof(THING2) * (COUNT)
+	array3_size(COUNT, sizeof(TYPE1), sizeof(THING2))
  , ...)
)

// 3-factor product, only identifiers, with redundant parens removed.
@@
identifier STRIDE, SIZE, COUNT;
@@

(
  kzalloc(
-	(COUNT) * STRIDE * SIZE
+	array3_size(COUNT, STRIDE, SIZE)
  , ...)
|
  kzalloc(
-	COUNT * (STRIDE) * SIZE
+	array3_size(COUNT, STRIDE, SIZE)
  , ...)
|
  kzalloc(
-	COUNT * STRIDE * (SIZE)
+	array3_size(COUNT, STRIDE, SIZE)
  , ...)
|
  kzalloc(
-	(COUNT) * (STRIDE) * SIZE
+	array3_size(COUNT, STRIDE, SIZE)
  , ...)
|
  kzalloc(
-	COUNT * (STRIDE) * (SIZE)
+	array3_size(COUNT, STRIDE, SIZE)
  , ...)
|
  kzalloc(
-	(COUNT) * STRIDE * (SIZE)
+	array3_size(COUNT, STRIDE, SIZE)
  , ...)
|
  kzalloc(
-	(COUNT) * (STRIDE) * (SIZE)
+	array3_size(COUNT, STRIDE, SIZE)
  , ...)
|
  kzalloc(
-	COUNT * STRIDE * SIZE
+	array3_size(COUNT, STRIDE, SIZE)
  , ...)
)

// Any remaining multi-factor products, first at least 3-factor products,
// when they're not all constants...
@@
expression E1, E2, E3;
constant C1, C2, C3;
@@

(
  kzalloc(C1 * C2 * C3, ...)
|
  kzalloc(
-	(E1) * E2 * E3
+	array3_size(E1, E2, E3)
  , ...)
|
  kzalloc(
-	(E1) * (E2) * E3
+	array3_size(E1, E2, E3)
  , ...)
|
  kzalloc(
-	(E1) * (E2) * (E3)
+	array3_size(E1, E2, E3)
  , ...)
|
  kzalloc(
-	E1 * E2 * E3
+	array3_size(E1, E2, E3)
  , ...)
)

// And then all remaining 2 factors products when they're not all constants,
// keeping sizeof() as the second factor argument.
@@
expression THING, E1, E2;
type TYPE;
constant C1, C2, C3;
@@

(
  kzalloc(sizeof(THING) * C2, ...)
|
  kzalloc(sizeof(TYPE) * C2, ...)
|
  kzalloc(C1 * C2 * C3, ...)
|
  kzalloc(C1 * C2, ...)
|
- kzalloc
+ kcalloc
  (
-	sizeof(TYPE) * (E2)
+	E2, sizeof(TYPE)
  , ...)
|
- kzalloc
+ kcalloc
  (
-	sizeof(TYPE) * E2
+	E2, sizeof(TYPE)
  , ...)
|
- kzalloc
+ kcalloc
  (
-	sizeof(THING) * (E2)
+	E2, sizeof(THING)
  , ...)
|
- kzalloc
+ kcalloc
  (
-	sizeof(THING) * E2
+	E2, sizeof(THING)
  , ...)
|
- kzalloc
+ kcalloc
  (
-	(E1) * E2
+	E1, E2
  , ...)
|
- kzalloc
+ kcalloc
  (
-	(E1) * (E2)
+	E1, E2
  , ...)
|
- kzalloc
+ kcalloc
  (
-	E1 * E2
+	E1, E2
  , ...)
)

Signed-off-by: Kees Cook <keescook@chromium.org>
2018-06-12 16:19:22 -07:00
Kees Cook
6da2ec5605 treewide: kmalloc() -> kmalloc_array()
The kmalloc() function has a 2-factor argument form, kmalloc_array(). This
patch replaces cases of:

        kmalloc(a * b, gfp)

with:
        kmalloc_array(a * b, gfp)

as well as handling cases of:

        kmalloc(a * b * c, gfp)

with:

        kmalloc(array3_size(a, b, c), gfp)

as it's slightly less ugly than:

        kmalloc_array(array_size(a, b), c, gfp)

This does, however, attempt to ignore constant size factors like:

        kmalloc(4 * 1024, gfp)

though any constants defined via macros get caught up in the conversion.

Any factors with a sizeof() of "unsigned char", "char", and "u8" were
dropped, since they're redundant.

The tools/ directory was manually excluded, since it has its own
implementation of kmalloc().

The Coccinelle script used for this was:

// Fix redundant parens around sizeof().
@@
type TYPE;
expression THING, E;
@@

(
  kmalloc(
-	(sizeof(TYPE)) * E
+	sizeof(TYPE) * E
  , ...)
|
  kmalloc(
-	(sizeof(THING)) * E
+	sizeof(THING) * E
  , ...)
)

// Drop single-byte sizes and redundant parens.
@@
expression COUNT;
typedef u8;
typedef __u8;
@@

(
  kmalloc(
-	sizeof(u8) * (COUNT)
+	COUNT
  , ...)
|
  kmalloc(
-	sizeof(__u8) * (COUNT)
+	COUNT
  , ...)
|
  kmalloc(
-	sizeof(char) * (COUNT)
+	COUNT
  , ...)
|
  kmalloc(
-	sizeof(unsigned char) * (COUNT)
+	COUNT
  , ...)
|
  kmalloc(
-	sizeof(u8) * COUNT
+	COUNT
  , ...)
|
  kmalloc(
-	sizeof(__u8) * COUNT
+	COUNT
  , ...)
|
  kmalloc(
-	sizeof(char) * COUNT
+	COUNT
  , ...)
|
  kmalloc(
-	sizeof(unsigned char) * COUNT
+	COUNT
  , ...)
)

// 2-factor product with sizeof(type/expression) and identifier or constant.
@@
type TYPE;
expression THING;
identifier COUNT_ID;
constant COUNT_CONST;
@@

(
- kmalloc
+ kmalloc_array
  (
-	sizeof(TYPE) * (COUNT_ID)
+	COUNT_ID, sizeof(TYPE)
  , ...)
|
- kmalloc
+ kmalloc_array
  (
-	sizeof(TYPE) * COUNT_ID
+	COUNT_ID, sizeof(TYPE)
  , ...)
|
- kmalloc
+ kmalloc_array
  (
-	sizeof(TYPE) * (COUNT_CONST)
+	COUNT_CONST, sizeof(TYPE)
  , ...)
|
- kmalloc
+ kmalloc_array
  (
-	sizeof(TYPE) * COUNT_CONST
+	COUNT_CONST, sizeof(TYPE)
  , ...)
|
- kmalloc
+ kmalloc_array
  (
-	sizeof(THING) * (COUNT_ID)
+	COUNT_ID, sizeof(THING)
  , ...)
|
- kmalloc
+ kmalloc_array
  (
-	sizeof(THING) * COUNT_ID
+	COUNT_ID, sizeof(THING)
  , ...)
|
- kmalloc
+ kmalloc_array
  (
-	sizeof(THING) * (COUNT_CONST)
+	COUNT_CONST, sizeof(THING)
  , ...)
|
- kmalloc
+ kmalloc_array
  (
-	sizeof(THING) * COUNT_CONST
+	COUNT_CONST, sizeof(THING)
  , ...)
)

// 2-factor product, only identifiers.
@@
identifier SIZE, COUNT;
@@

- kmalloc
+ kmalloc_array
  (
-	SIZE * COUNT
+	COUNT, SIZE
  , ...)

// 3-factor product with 1 sizeof(type) or sizeof(expression), with
// redundant parens removed.
@@
expression THING;
identifier STRIDE, COUNT;
type TYPE;
@@

(
  kmalloc(
-	sizeof(TYPE) * (COUNT) * (STRIDE)
+	array3_size(COUNT, STRIDE, sizeof(TYPE))
  , ...)
|
  kmalloc(
-	sizeof(TYPE) * (COUNT) * STRIDE
+	array3_size(COUNT, STRIDE, sizeof(TYPE))
  , ...)
|
  kmalloc(
-	sizeof(TYPE) * COUNT * (STRIDE)
+	array3_size(COUNT, STRIDE, sizeof(TYPE))
  , ...)
|
  kmalloc(
-	sizeof(TYPE) * COUNT * STRIDE
+	array3_size(COUNT, STRIDE, sizeof(TYPE))
  , ...)
|
  kmalloc(
-	sizeof(THING) * (COUNT) * (STRIDE)
+	array3_size(COUNT, STRIDE, sizeof(THING))
  , ...)
|
  kmalloc(
-	sizeof(THING) * (COUNT) * STRIDE
+	array3_size(COUNT, STRIDE, sizeof(THING))
  , ...)
|
  kmalloc(
-	sizeof(THING) * COUNT * (STRIDE)
+	array3_size(COUNT, STRIDE, sizeof(THING))
  , ...)
|
  kmalloc(
-	sizeof(THING) * COUNT * STRIDE
+	array3_size(COUNT, STRIDE, sizeof(THING))
  , ...)
)

// 3-factor product with 2 sizeof(variable), with redundant parens removed.
@@
expression THING1, THING2;
identifier COUNT;
type TYPE1, TYPE2;
@@

(
  kmalloc(
-	sizeof(TYPE1) * sizeof(TYPE2) * COUNT
+	array3_size(COUNT, sizeof(TYPE1), sizeof(TYPE2))
  , ...)
|
  kmalloc(
-	sizeof(TYPE1) * sizeof(THING2) * (COUNT)
+	array3_size(COUNT, sizeof(TYPE1), sizeof(TYPE2))
  , ...)
|
  kmalloc(
-	sizeof(THING1) * sizeof(THING2) * COUNT
+	array3_size(COUNT, sizeof(THING1), sizeof(THING2))
  , ...)
|
  kmalloc(
-	sizeof(THING1) * sizeof(THING2) * (COUNT)
+	array3_size(COUNT, sizeof(THING1), sizeof(THING2))
  , ...)
|
  kmalloc(
-	sizeof(TYPE1) * sizeof(THING2) * COUNT
+	array3_size(COUNT, sizeof(TYPE1), sizeof(THING2))
  , ...)
|
  kmalloc(
-	sizeof(TYPE1) * sizeof(THING2) * (COUNT)
+	array3_size(COUNT, sizeof(TYPE1), sizeof(THING2))
  , ...)
)

// 3-factor product, only identifiers, with redundant parens removed.
@@
identifier STRIDE, SIZE, COUNT;
@@

(
  kmalloc(
-	(COUNT) * STRIDE * SIZE
+	array3_size(COUNT, STRIDE, SIZE)
  , ...)
|
  kmalloc(
-	COUNT * (STRIDE) * SIZE
+	array3_size(COUNT, STRIDE, SIZE)
  , ...)
|
  kmalloc(
-	COUNT * STRIDE * (SIZE)
+	array3_size(COUNT, STRIDE, SIZE)
  , ...)
|
  kmalloc(
-	(COUNT) * (STRIDE) * SIZE
+	array3_size(COUNT, STRIDE, SIZE)
  , ...)
|
  kmalloc(
-	COUNT * (STRIDE) * (SIZE)
+	array3_size(COUNT, STRIDE, SIZE)
  , ...)
|
  kmalloc(
-	(COUNT) * STRIDE * (SIZE)
+	array3_size(COUNT, STRIDE, SIZE)
  , ...)
|
  kmalloc(
-	(COUNT) * (STRIDE) * (SIZE)
+	array3_size(COUNT, STRIDE, SIZE)
  , ...)
|
  kmalloc(
-	COUNT * STRIDE * SIZE
+	array3_size(COUNT, STRIDE, SIZE)
  , ...)
)

// Any remaining multi-factor products, first at least 3-factor products,
// when they're not all constants...
@@
expression E1, E2, E3;
constant C1, C2, C3;
@@

(
  kmalloc(C1 * C2 * C3, ...)
|
  kmalloc(
-	(E1) * E2 * E3
+	array3_size(E1, E2, E3)
  , ...)
|
  kmalloc(
-	(E1) * (E2) * E3
+	array3_size(E1, E2, E3)
  , ...)
|
  kmalloc(
-	(E1) * (E2) * (E3)
+	array3_size(E1, E2, E3)
  , ...)
|
  kmalloc(
-	E1 * E2 * E3
+	array3_size(E1, E2, E3)
  , ...)
)

// And then all remaining 2 factors products when they're not all constants,
// keeping sizeof() as the second factor argument.
@@
expression THING, E1, E2;
type TYPE;
constant C1, C2, C3;
@@

(
  kmalloc(sizeof(THING) * C2, ...)
|
  kmalloc(sizeof(TYPE) * C2, ...)
|
  kmalloc(C1 * C2 * C3, ...)
|
  kmalloc(C1 * C2, ...)
|
- kmalloc
+ kmalloc_array
  (
-	sizeof(TYPE) * (E2)
+	E2, sizeof(TYPE)
  , ...)
|
- kmalloc
+ kmalloc_array
  (
-	sizeof(TYPE) * E2
+	E2, sizeof(TYPE)
  , ...)
|
- kmalloc
+ kmalloc_array
  (
-	sizeof(THING) * (E2)
+	E2, sizeof(THING)
  , ...)
|
- kmalloc
+ kmalloc_array
  (
-	sizeof(THING) * E2
+	E2, sizeof(THING)
  , ...)
|
- kmalloc
+ kmalloc_array
  (
-	(E1) * E2
+	E1, E2
  , ...)
|
- kmalloc
+ kmalloc_array
  (
-	(E1) * (E2)
+	E1, E2
  , ...)
|
- kmalloc
+ kmalloc_array
  (
-	E1 * E2
+	E1, E2
  , ...)
)

Signed-off-by: Kees Cook <keescook@chromium.org>
2018-06-12 16:19:22 -07:00
Linus Torvalds
2857676045 - Introduce arithmetic overflow test helper functions (Rasmus)
- Use overflow helpers in 2-factor allocators (Kees, Rasmus)
 - Introduce overflow test module (Rasmus, Kees)
 - Introduce saturating size helper functions (Matthew, Kees)
 - Treewide use of struct_size() for allocators (Kees)
 -----BEGIN PGP SIGNATURE-----
 Comment: Kees Cook <kees@outflux.net>
 
 iQJKBAABCgA0FiEEpcP2jyKd1g9yPm4TiXL039xtwCYFAlsYJ1gWHGtlZXNjb29r
 QGNocm9taXVtLm9yZwAKCRCJcvTf3G3AJlCTEACwdEeriAd2VwxknnsstojGD/3g
 8TTFA19vSu4Gxa6WiDkjGoSmIlfhXTlZo1Nlmencv16ytSvIVDNLUIB3uDxUIv1J
 2+dyHML9JpXYHHR7zLXXnGFJL0wazqjbsD3NYQgXqmun7EVVYnOsAlBZ7h/Lwiej
 jzEJd8DaHT3TA586uD3uggiFvQU0yVyvkDCDONIytmQx+BdtGdg9TYCzkBJaXuDZ
 YIthyKDvxIw5nh/UaG3L+SKo73tUr371uAWgAfqoaGQQCWe+mxnWL4HkCKsjFzZL
 u9ouxxF/n6pij3E8n6rb0i2fCzlsTDdDF+aqV1rQ4I4hVXCFPpHUZgjDPvBWbj7A
 m6AfRHVNnOgI8HGKqBGOfViV+2kCHlYeQh3pPW33dWzy/4d/uq9NIHKxE63LH+S4
 bY3oO2ela8oxRyvEgXLjqmRYGW1LB/ZU7FS6Rkx2gRzo4k8Rv+8K/KzUHfFVRX61
 jEbiPLzko0xL9D53kcEn0c+BhofK5jgeSWxItdmfuKjLTW4jWhLRlU+bcUXb6kSS
 S3G6aF+L+foSUwoq63AS8QxCuabuhreJSB+BmcGUyjthCbK/0WjXYC6W/IJiRfBa
 3ZTxBC/2vP3uq/AGRNh5YZoxHL8mSxDfn62F+2cqlJTTKR/O+KyDb1cusyvk3H04
 KCDVLYPxwQQqK1Mqig==
 =/3L8
 -----END PGP SIGNATURE-----

Merge tag 'overflow-v4.18-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux

Pull overflow updates from Kees Cook:
 "This adds the new overflow checking helpers and adds them to the
  2-factor argument allocators. And this adds the saturating size
  helpers and does a treewide replacement for the struct_size() usage.
  Additionally this adds the overflow testing modules to make sure
  everything works.

  I'm still working on the treewide replacements for allocators with
  "simple" multiplied arguments:

     *alloc(a * b, ...) -> *alloc_array(a, b, ...)

  and

     *zalloc(a * b, ...) -> *calloc(a, b, ...)

  as well as the more complex cases, but that's separable from this
  portion of the series. I expect to have the rest sent before -rc1
  closes; there are a lot of messy cases to clean up.

  Summary:

   - Introduce arithmetic overflow test helper functions (Rasmus)

   - Use overflow helpers in 2-factor allocators (Kees, Rasmus)

   - Introduce overflow test module (Rasmus, Kees)

   - Introduce saturating size helper functions (Matthew, Kees)

   - Treewide use of struct_size() for allocators (Kees)"

* tag 'overflow-v4.18-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux:
  treewide: Use struct_size() for devm_kmalloc() and friends
  treewide: Use struct_size() for vmalloc()-family
  treewide: Use struct_size() for kmalloc()-family
  device: Use overflow helpers for devm_kmalloc()
  mm: Use overflow helpers in kvmalloc()
  mm: Use overflow helpers in kmalloc_array*()
  test_overflow: Add memory allocation overflow tests
  overflow.h: Add allocation size calculation helpers
  test_overflow: Report test failures
  test_overflow: macrofy some more, do more tests for free
  lib: add runtime test of check_*_overflow functions
  compiler.h: enable builtin overflow checkers and add fallback code
2018-06-06 17:27:14 -07:00
Kees Cook
b4b06db115 treewide: Use struct_size() for vmalloc()-family
This only finds one hit in the entire tree, but here's the Coccinelle:

// Directly refer to structure's field
@@
identifier alloc =~ "vmalloc|vzalloc";
identifier VAR, ELEMENT;
expression COUNT;
@@

- alloc(sizeof(*VAR) + COUNT * sizeof(*VAR->ELEMENT))
+ alloc(struct_size(VAR, ELEMENT, COUNT))

// mr = kzalloc(sizeof(*mr) + m * sizeof(mr->map[0]), GFP_KERNEL);
@@
identifier alloc =~ "vmalloc|vzalloc";
identifier VAR, ELEMENT;
expression COUNT;
@@

- alloc(sizeof(*VAR) + COUNT * sizeof(VAR->ELEMENT[0]))
+ alloc(struct_size(VAR, ELEMENT, COUNT))

// Same pattern, but can't trivially locate the trailing element name,
// or variable name.
@@
identifier alloc =~ "vmalloc|vzalloc";
expression SOMETHING, COUNT, ELEMENT;
@@

- alloc(sizeof(SOMETHING) + COUNT * sizeof(ELEMENT))
+ alloc(CHECKME_struct_size(&SOMETHING, ELEMENT, COUNT))

Signed-off-by: Kees Cook <keescook@chromium.org>
2018-06-06 11:15:43 -07:00
Kees Cook
acafe7e302 treewide: Use struct_size() for kmalloc()-family
One of the more common cases of allocation size calculations is finding
the size of a structure that has a zero-sized array at the end, along
with memory for some number of elements for that array. For example:

struct foo {
    int stuff;
    void *entry[];
};

instance = kmalloc(sizeof(struct foo) + sizeof(void *) * count, GFP_KERNEL);

Instead of leaving these open-coded and prone to type mistakes, we can
now use the new struct_size() helper:

instance = kmalloc(struct_size(instance, entry, count), GFP_KERNEL);

This patch makes the changes for kmalloc()-family (and kvmalloc()-family)
uses. It was done via automatic conversion with manual review for the
"CHECKME" non-standard cases noted below, using the following Coccinelle
script:

// pkey_cache = kmalloc(sizeof *pkey_cache + tprops->pkey_tbl_len *
//                      sizeof *pkey_cache->table, GFP_KERNEL);
@@
identifier alloc =~ "kmalloc|kzalloc|kvmalloc|kvzalloc";
expression GFP;
identifier VAR, ELEMENT;
expression COUNT;
@@

- alloc(sizeof(*VAR) + COUNT * sizeof(*VAR->ELEMENT), GFP)
+ alloc(struct_size(VAR, ELEMENT, COUNT), GFP)

// mr = kzalloc(sizeof(*mr) + m * sizeof(mr->map[0]), GFP_KERNEL);
@@
identifier alloc =~ "kmalloc|kzalloc|kvmalloc|kvzalloc";
expression GFP;
identifier VAR, ELEMENT;
expression COUNT;
@@

- alloc(sizeof(*VAR) + COUNT * sizeof(VAR->ELEMENT[0]), GFP)
+ alloc(struct_size(VAR, ELEMENT, COUNT), GFP)

// Same pattern, but can't trivially locate the trailing element name,
// or variable name.
@@
identifier alloc =~ "kmalloc|kzalloc|kvmalloc|kvzalloc";
expression GFP;
expression SOMETHING, COUNT, ELEMENT;
@@

- alloc(sizeof(SOMETHING) + COUNT * sizeof(ELEMENT), GFP)
+ alloc(CHECKME_struct_size(&SOMETHING, ELEMENT, COUNT), GFP)

Signed-off-by: Kees Cook <keescook@chromium.org>
2018-06-06 11:15:43 -07:00
Ben Skeggs
6c46d01f25 drm/nouveau/gr/gf100-: insert some WFIs during gr init
Inserted wait-for-gr-idle in the places it seems that RM does it, seems
to prevent some random mmio timeouts on Quadro GV100.

Signed-off-by: Ben Skeggs <bskeggs@redhat.com>
2018-05-18 17:09:35 +10:00
Arushi Singhal
dd3b89be3e drm/nouveau/clk: Use list_for_each_entry_from_reverse
It's better to use "list_for_each_entry_from_reverse" for iterating list
than "for loop" as it makes the code more clear to read.
This patch replace "for loop" with "list_for_each_entry_from_reverse"
and "start" variable with "cstate" which helps in refactoring
the code and also "cstate" variable is more commonly used in the other
functions.

changes in v2:
"start" variable is removed, before "cstate" variable was removed
but "cstate" is more common so preferred "cstate" over "start".

Signed-off-by: Arushi Singhal <arushisinghal19971997@gmail.com>
Signed-off-by: Ben Skeggs <bskeggs@redhat.com>
2018-05-18 17:09:35 +10:00
Ilia Mirkin
7a22c737fa drm/nouveau: fix temp/pwm visibility, skip hwmon when no sensors exist
A NV34 GPU was seeing temp and pwm entries in hwmon, which would error
out when read. These should not have been visible, but also the whole
hwmon object should just not have been registered in the first place.

Signed-off-by: Ilia Mirkin <imirkin@alum.mit.edu>
Signed-off-by: Ben Skeggs <bskeggs@redhat.com>
2018-05-18 17:09:48 +10:00
Luc Van Oostenryck
f43cda5c76 drm/nouveau: fix nouveau_dsm_get_client_id()'s return type
The method struct vga_switcheroo_handler::get_client_id() is defined
as returning an 'enum vga_switcheroo_client_id' but the implementation
in this driver, nouveau_dsm_get_client_id(), returns an 'int'.

Fix this by returning 'enum vga_switcheroo_client_id' in this driver too.

Signed-off-by: Luc Van Oostenryck <luc.vanoostenryck@gmail.com>
Signed-off-by: Ben Skeggs <bskeggs@redhat.com>
2018-05-18 17:09:46 +10:00
Luc Van Oostenryck
54b202f1d8 drm/nouveau: fix mode_valid's return type
The method struct drm_connector_helper_funcs::mode_valid is defined
as returning an 'enum drm_mode_status' but the driver implementation
for this method uses an 'int' for it.

Fix this by using 'enum drm_mode_status' in the driver too.

Signed-off-by: Luc Van Oostenryck <luc.vanoostenryck@gmail.com>
Signed-off-by: Ben Skeggs <bskeggs@redhat.com>
2018-05-18 17:09:35 +10:00
Ben Skeggs
d521097f58 drm/nouveau/gr/gv100: initial support
Signed-off-by: Ben Skeggs <bskeggs@redhat.com>
2018-05-18 15:01:47 +10:00
Ben Skeggs
6e1f34e33c drm/nouveau/ce/gv100: initial support
Signed-off-by: Ben Skeggs <bskeggs@redhat.com>
2018-05-18 15:01:46 +10:00
Ben Skeggs
37e1c45a58 drm/nouveau/fifo/gv100: initial support
Signed-off-by: Ben Skeggs <bskeggs@redhat.com>
2018-05-18 15:01:46 +10:00
Ben Skeggs
facaed62b4 drm/nouveau/kms/gv100: initial support
Signed-off-by: Ben Skeggs <bskeggs@redhat.com>
2018-05-18 15:01:46 +10:00
Ben Skeggs
290ffeafcc drm/nouveau/disp/gv100: initial support
Signed-off-by: Ben Skeggs <bskeggs@redhat.com>
2018-05-18 15:01:43 +10:00
Ben Skeggs
6fb566b913 drm/nouveau/dma/gv100: initial support
Signed-off-by: Ben Skeggs <bskeggs@redhat.com>
2018-05-18 15:01:39 +10:00
Ben Skeggs
24a7513c10 drm/nouveau/therm/gv100: initial support
Signed-off-by: Ben Skeggs <bskeggs@redhat.com>
2018-05-18 15:01:39 +10:00
Ben Skeggs
ada0c56281 drm/nouveau/pmu/gv100: initial support
Appears to be compatible with GP102.

Signed-off-by: Ben Skeggs <bskeggs@redhat.com>
2018-05-18 15:01:39 +10:00
Ben Skeggs
8b811951c6 drm/nouveau/fault/gv100: initial support
Signed-off-by: Ben Skeggs <bskeggs@redhat.com>
2018-05-18 15:01:38 +10:00
Ben Skeggs
013b7b3773 drm/nouveau/bar/gv100: initial support
Appears to be compatible with GM107.

Signed-off-by: Ben Skeggs <bskeggs@redhat.com>
2018-05-18 15:01:38 +10:00
Ben Skeggs
edf50395c7 drm/nouveau/mmu/gv100: initial support
VEID support hacked in here, as it's the most convenient place for now.

Will be refined once it's better understood.

Signed-off-by: Ben Skeggs <bskeggs@redhat.com>
2018-05-18 15:01:38 +10:00
Ben Skeggs
1bce57250a drm/nouveau/ltc/gv100: initial support
Appears to be compatible with GP102.

Signed-off-by: Ben Skeggs <bskeggs@redhat.com>
2018-05-18 15:01:38 +10:00
Ben Skeggs
3582942c28 drm/nouveau/fb/gv100: initial support
Signed-off-by: Ben Skeggs <bskeggs@redhat.com>
2018-05-18 15:01:34 +10:00
Ben Skeggs
a4a0cfb642 drm/nouveau/imem/gv100: initial support
Can't imagine this will be any different.

Signed-off-by: Ben Skeggs <bskeggs@redhat.com>
2018-05-18 15:01:34 +10:00
Ben Skeggs
936240c9bb drm/nouveau/tmr/gv100: initial support
Appears to be compatible with GK20A.

Signed-off-by: Ben Skeggs <bskeggs@redhat.com>
2018-05-18 15:01:34 +10:00
Ben Skeggs
9506bd2407 drm/nouveau/bus/gv100: initial support
Appears to be compatible with GF100.

Signed-off-by: Ben Skeggs <bskeggs@redhat.com>
2018-05-18 15:01:34 +10:00
Ben Skeggs
41af75bd35 drm/nouveau/mc/gv100: initial support
Appears to be compatible with GP100.

Signed-off-by: Ben Skeggs <bskeggs@redhat.com>
2018-05-18 15:01:34 +10:00
Ben Skeggs
292550499a drm/nouveau/fuse/gv100: initial support
Appears to be compatible with GM107.

Signed-off-by: Ben Skeggs <bskeggs@redhat.com>
2018-05-18 15:01:34 +10:00
Ben Skeggs
d2e3b57d81 drm/nouveau/i2c/gv100: initial support
Appears to be compatible with GM200.

Signed-off-by: Ben Skeggs <bskeggs@redhat.com>
2018-05-18 15:01:34 +10:00
Ben Skeggs
8afbcca549 drm/nouveau/gpio/gv100: initial support
Appears to be compatible with GK104.

Signed-off-by: Ben Skeggs <bskeggs@redhat.com>
2018-05-18 15:01:34 +10:00
Ben Skeggs
46fe1a813a drm/nouveau/ibus/gv100: initial support
Appears to be compatible with GM200.

Signed-off-by: Ben Skeggs <bskeggs@redhat.com>
2018-05-18 15:01:34 +10:00
Ben Skeggs
a1c771a5cb drm/nouveau/top/gv100: initial support
Signed-off-by: Ben Skeggs <bskeggs@redhat.com>
2018-05-18 15:01:34 +10:00
Ben Skeggs
8769dc989c drm/nouveau/devinit/gv100: initial support
Signed-off-by: Ben Skeggs <bskeggs@redhat.com>
2018-05-18 15:01:31 +10:00
Ben Skeggs
6827c9a868 drm/nouveau/bios/pll: limits table 5.0
Signed-off-by: Ben Skeggs <bskeggs@redhat.com>
2018-05-18 15:01:31 +10:00
Ben Skeggs
75e482efd3 drm/nouveau/bios/gv100: initial support
No real surprises here so far.

Signed-off-by: Ben Skeggs <bskeggs@redhat.com>
2018-05-18 15:01:31 +10:00
Ben Skeggs
893855d821 drm/nouveau/pci/gv100: initial support
Appears to be compatible with GP100.

Signed-off-by: Ben Skeggs <bskeggs@redhat.com>
2018-05-18 15:01:31 +10:00
Ben Skeggs
c1f856bb99 drm/nouveau/core: recognise gv100
Signed-off-by: Ben Skeggs <bskeggs@redhat.com>
2018-05-18 15:01:31 +10:00
Ben Skeggs
890c85f3ee drm/nouveau/core: increase maximum number of copy engines to 9
Signed-off-by: Ben Skeggs <bskeggs@redhat.com>
2018-05-18 15:01:31 +10:00
Ben Skeggs
2ce7f38629 drm/nouveau/kms/nv50-: initial overlay support
Signed-off-by: Ben Skeggs <bskeggs@redhat.com>
2018-05-18 15:01:31 +10:00
Ben Skeggs
88b600d421 drm/nouveau/kms/gk104-: add support for [XA]2R10G10B10 formats
Signed-off-by: Ben Skeggs <bskeggs@redhat.com>
2018-05-18 15:01:30 +10:00
Ben Skeggs
01d380ab4f drm/nouveau/kms/gk104-: support additional cursor sizes
Signed-off-by: Ben Skeggs <bskeggs@redhat.com>
2018-05-18 15:01:30 +10:00
Ben Skeggs
b05d873808 drm/nouveau/kms/nv50-: separate blocklinear vs linear pitch
Will be required to support Volta.

Signed-off-by: Ben Skeggs <bskeggs@redhat.com>
2018-05-18 15:01:30 +10:00
Ben Skeggs
119608a7f3 drm/nouveau/kms/nv50-: handle degamma LUT from window channels
Required to eventually support DRM colour management APIs, and to
support Volta.

Signed-off-by: Ben Skeggs <bskeggs@redhat.com>
2018-05-18 15:01:29 +10:00
Ben Skeggs
e349a05dc8 drm/nouveau/kms/nv50-: plane updates don't always require image_set()
When only the position of a window changes, there's no need to submit
an image update as well.

Will be required to support the overlays, and Volta windows.

Signed-off-by: Ben Skeggs <bskeggs@redhat.com>
2018-05-18 15:01:29 +10:00
Ben Skeggs
859b456b6b drm/nouveau/kms/nv50-: store window visibility in state
Window visibility is going to become a little more complicated with the
upcoming LUT changes, so store the calculated value to avoid needing to
recalculate the armed state again.

Signed-off-by: Ben Skeggs <bskeggs@redhat.com>
2018-05-18 15:01:29 +10:00
Ben Skeggs
45a2945a37 drm/nouveau/kms/nv50-: simplify swap interval handling
This is just cleaning up some left-overs from when we needed a custom
legacy page flip implementation.

Signed-off-by: Ben Skeggs <bskeggs@redhat.com>
2018-05-18 15:01:29 +10:00
Ben Skeggs
04fc14be77 drm/nouveau/kms/nv50-: decouple window state changes, and update method submisssion
This will be required to support Volta.

Signed-off-by: Ben Skeggs <bskeggs@redhat.com>
2018-05-18 15:01:29 +10:00
Ben Skeggs
53e0a3e70d drm/nouveau/kms/nv50-: simplify tracking of channel interlocks
Instead of windows returning their core channel interlock mask if they
know core has been modified, it's recorded unconditionally and used if
required when update methods are emitted.

This will be required to support Volta.

Signed-off-by: Ben Skeggs <bskeggs@redhat.com>
2018-05-18 15:01:29 +10:00
Ben Skeggs
34508f9d26 drm/nouveau/kms/nv50-: determine MST support from DP Info Table
GV100 doesn't support MST, use the information provided in VBIOS tables to
detect its presence instead.

Signed-off-by: Ben Skeggs <bskeggs@redhat.com>
2018-05-18 15:01:29 +10:00
Ben Skeggs
261fcfa969 drm/nouveau/kms/nv50-: extend window image data for stereo/planar formats
Signed-off-by: Ben Skeggs <bskeggs@redhat.com>
2018-05-18 15:01:29 +10:00
Ben Skeggs
43c181e9de drm/nouveau/kms/nv50-: move drm format->hw conversion into common code
This will be required to support additional HW features.

Signed-off-by: Ben Skeggs <bskeggs@redhat.com>
2018-05-18 15:01:28 +10:00
Ben Skeggs
f88bc9d3ec drm/nouveau/kms/nv50-: unify set/clr masks
This is a simplification that'll be used to improve interlock handling.

Signed-off-by: Ben Skeggs <bskeggs@redhat.com>
2018-05-18 15:01:28 +10:00
Ben Skeggs
9d6c2fe191 drm/nouveau/kms/nv50-: allow specification of valid heads for a window
This will be required to support Volta, where window ID != head.

Signed-off-by: Ben Skeggs <bskeggs@redhat.com>
2018-05-18 15:01:28 +10:00
Ben Skeggs
ccd27db8c7 drm/nouveau/kms/nv50-: split base implementation by hardware class
Signed-off-by: Ben Skeggs <bskeggs@redhat.com>
2018-05-18 15:01:28 +10:00
Ben Skeggs
09e1b78aab drm/nouveau/kms/nv50-: split core implementation by hardware class
Signed-off-by: Ben Skeggs <bskeggs@redhat.com>
2018-05-18 15:01:28 +10:00
Ben Skeggs
1590700d94 drm/nouveau/kms/nv50-: split each resource type into their own source files
There should be no code changes here, just shuffling stuff around.

Signed-off-by: Ben Skeggs <bskeggs@redhat.com>
2018-05-18 15:01:28 +10:00
Ben Skeggs
0a3687716b drm/nouveau/kms/nv50: abstract OR interfaces so the code can be split
Signed-off-by: Ben Skeggs <bskeggs@redhat.com>
2018-05-18 15:01:28 +10:00
Ben Skeggs
2ca7fb5c1c drm/nouveau/kms/nv50: handle SetControlOutputResource from head
Removes duplicated code from OR-specific functions.

Signed-off-by: Ben Skeggs <bskeggs@redhat.com>
2018-05-18 15:01:28 +10:00
Ben Skeggs
10ffe0fad5 drm/nouveau/kms/nv50-: abstract head interfaces so the code can be split
Signed-off-by: Ben Skeggs <bskeggs@redhat.com>
2018-05-18 15:01:28 +10:00
Ben Skeggs
9ca6f1ebba drm/nouveau/kms/nv50: modify core allocation so the code can be split
Signed-off-by: Ben Skeggs <bskeggs@redhat.com>
2018-05-18 15:01:28 +10:00
Ben Skeggs
d7c6e97a32 drm/nouveau/kms/nv50-: modify base allocation so the code can be split
Signed-off-by: Ben Skeggs <bskeggs@redhat.com>
2018-05-18 15:01:28 +10:00
Ben Skeggs
b97ace4072 drm/nouveau/kms/nv50-: modify cursor allocation so the code can be split
Signed-off-by: Ben Skeggs <bskeggs@redhat.com>
2018-05-18 15:01:27 +10:00
Ben Skeggs
a97c530eb9 drm/nouveau/kms/nv50-: modify overlay allocation so the code can be split
Signed-off-by: Ben Skeggs <bskeggs@redhat.com>
2018-05-18 15:01:27 +10:00
Ben Skeggs
5bca1621c0 drm/nouveau/kms/nv50-: move fb ctxdma tracking into windows
Signed-off-by: Ben Skeggs <bskeggs@redhat.com>
2018-05-18 15:01:27 +10:00
Ben Skeggs
62b290fc7b drm/nouveau/kms/nv50-: fix i2c-over-aux on anx9805
We don't support address-only transactions there.

Signed-off-by: Ben Skeggs <bskeggs@redhat.com>
2018-05-18 15:01:27 +10:00
Ben Skeggs
30ed49b55b drm/nouveau/kms/nv50-: move code underneath dispnv50/
The code is about to be split up, and this matches dispnv04.

Signed-off-by: Ben Skeggs <bskeggs@redhat.com>
2018-05-18 15:01:26 +10:00
Ben Skeggs
0d4a2c5767 drm/nouveau/kms: move display class instantiation to library
This function is useful outside of DRM code.

Signed-off-by: Ben Skeggs <bskeggs@redhat.com>
2018-05-18 15:01:26 +10:00
Ben Skeggs
512fa0b8a3 drm/nouveau/drm/nv50-: remove allocation of sw class
Hasn't been required for a long time.

Signed-off-by: Ben Skeggs <bskeggs@redhat.com>
2018-05-18 15:01:26 +10:00
Ben Skeggs
92b4eaaf9a drm/nouveau: no need to create ctxdma for push buffers on fermi and up
Signed-off-by: Ben Skeggs <bskeggs@redhat.com>
2018-05-18 15:01:26 +10:00
Ben Skeggs
11e451e740 drm/nouveau: remove fence wait code from deferred client work handler
Fences attached to deferred client work items now originate from channels
belonging to the client, meaning we can be certain they've been signalled
before we destroy a client.

This closes a race that could happen if the dma_fence_wait_timeout() call
didn't succeed.  When the fence was later signalled, a use-after-free was
possible.

Signed-off-by: Ben Skeggs <bskeggs@redhat.com>
2018-05-18 15:01:26 +10:00
Ben Skeggs
470db8b781 drm/nouveau/gem: tie deferred unmapping of buffers to VMA fence completion
As VMAs are per-client, unlike buffers, this allows us to avoid referencing
foreign fences (those that belong to another client/driver) from the client
deferred work handler, and prevent some not-fun race conditions that can be
triggered when a fence stalls.

Signed-off-by: Ben Skeggs <bskeggs@redhat.com>
2018-05-18 15:01:26 +10:00
Ben Skeggs
0db912af8f drm/nouveau/gem: attach fences to VMAs to track GPU usage
An upcoming patch will use these to fix issues related to the deferred
unmapping of GEM objects.

Signed-off-by: Ben Skeggs <bskeggs@redhat.com>
2018-05-18 15:01:26 +10:00
Ben Skeggs
19ca10d82e drm/nouveau/gem: lookup VMAs for buffers referenced by pushbuf ioctl
We previously only did this for push buffers, but an upcoming patch will
need to attach fences to all VMAs to resolve another issue.

Signed-off-by: Ben Skeggs <bskeggs@redhat.com>
2018-05-18 15:01:26 +10:00
Ben Skeggs
4b2c71edf0 drm/nouveau/gr/gp102-: setup stencil zbc
Signed-off-by: Ben Skeggs <bskeggs@redhat.com>
2018-05-18 15:01:26 +10:00
Ben Skeggs
e9d03335f6 drm/nouveau/gr/gp100-: use correct registers for zbc colour/depth setup
These were missed the first time around due to the driver version I traced
using the older registers still.

Signed-off-by: Ben Skeggs <bskeggs@redhat.com>
2018-05-18 15:01:26 +10:00
Ben Skeggs
7a058a900c drm/nouveau/gr/gp100-: fix attrib cb setup
Signed-off-by: Ben Skeggs <bskeggs@redhat.com>
2018-05-18 15:01:26 +10:00
Ben Skeggs
17f2d4df32 drm/nouveau/gr/gp100-: fix pagepool setup
Signed-off-by: Ben Skeggs <bskeggs@redhat.com>
2018-05-18 15:01:26 +10:00
Ben Skeggs
191e323278 drm/nouveau/gr/gf100-gm10x: update register lists
There are differences on GM200 and newer too, but we can't fix them there
as they come from firmware packages.

A request has been made to NVIDIA to release updated firmware.

Signed-off-by: Ben Skeggs <bskeggs@redhat.com>
2018-05-18 15:01:26 +10:00
Ben Skeggs
6f0233329b drm/nouveau/gr/gf100-: swap bundle and pagepool
Makes it easier to diff against RM traces.

Signed-off-by: Ben Skeggs <bskeggs@redhat.com>
2018-05-18 15:01:26 +10:00
Ben Skeggs
068cae743c drm/nouveau/gr/gf100-: calculate and use sm mapping table
There's a number of places that require this data, so let's separate out
the calculations to ensure they remain consistent.

This is incorrect for GM200 and newer, but will produce the same results
as we did before.

Signed-off-by: Ben Skeggs <bskeggs@redhat.com>
2018-05-18 15:01:26 +10:00
Ben Skeggs
d00ffc0c40 drm/nouveau/gr/gf100-: port zcull tile mapping calculations from NVGPU
Signed-off-by: Ben Skeggs <bskeggs@redhat.com>
2018-05-18 15:01:26 +10:00
Ben Skeggs
5f6474a4e6 drm/nouveau/gr/gf100-: port tile mapping calculations from NVGPU
There's also a couple of hardcoded tables for a couple of very specific
configurations that NVGPU's algorithm didn't work for.

Signed-off-by: Ben Skeggs <bskeggs@redhat.com>
2018-05-18 15:01:26 +10:00
Ben Skeggs
5c05a58985 drm/nouveau/gr/gf100-: virtualise trap_mp
Required to support Volta.

Signed-off-by: Ben Skeggs <bskeggs@redhat.com>
2018-05-18 15:01:25 +10:00
Ben Skeggs
74b6068bd6 drm/nouveau/gr/gf100-: add missing reset sequence before golden context init
RM and NVGPU both have a variant of this, we probably should too.

Signed-off-by: Ben Skeggs <bskeggs@redhat.com>
2018-05-18 15:01:25 +10:00
Ben Skeggs
201ed6f651 drm/nouveau/gr/gf100-: delete duplicated grctx init code
Signed-off-by: Ben Skeggs <bskeggs@redhat.com>
2018-05-18 15:01:25 +10:00
Ben Skeggs
a5537f980e drm/nouveau/gr/gf100-: update r408840 where required
Signed-off-by: Ben Skeggs <bskeggs@redhat.com>
2018-05-18 15:01:25 +10:00
Ben Skeggs
8d56fc48d3 drm/nouveau/gr/gf100-: update 419a3c where required
Signed-off-by: Ben Skeggs <bskeggs@redhat.com>
2018-05-18 15:01:25 +10:00
Ben Skeggs
c2592adea7 drm/nouveau/gr/gf100-: virtualise r418e94
Signed-off-by: Ben Skeggs <bskeggs@redhat.com>
2018-05-18 15:01:25 +10:00
Ben Skeggs
18d17221dd drm/nouveau/gr/gf100-: virtualise r419e00
Signed-off-by: Ben Skeggs <bskeggs@redhat.com>
2018-05-18 15:01:25 +10:00
Ben Skeggs
ad45a92b9a drm/nouveau/gr/gf100-: update 419eb0 where required
Signed-off-by: Ben Skeggs <bskeggs@redhat.com>
2018-05-18 15:01:24 +10:00
Ben Skeggs
5b54b5b925 drm/nouveau/gr/gf100-: note missing 418800 modifications
Signed-off-by: Ben Skeggs <bskeggs@redhat.com>
2018-05-18 15:01:24 +10:00
Ben Skeggs
99a3c67e84 drm/nouveau/gr/gf100-gf119: update 419cb8 where required
Signed-off-by: Ben Skeggs <bskeggs@redhat.com>
2018-05-18 15:01:24 +10:00
Ben Skeggs
0e5a5e86f3 drm/nouveau/gr/gf100-: support firmware-provided bundle/method everywhere
Signed-off-by: Ben Skeggs <bskeggs@redhat.com>
2018-05-18 15:01:24 +10:00
Ben Skeggs
fc36076441 drm/nouveau/gr/gf100-: virtualise tpc_mask + apply fixes from traces
We weren't placing higher TPC IDs in the right place on some configurations.

Signed-off-by: Ben Skeggs <bskeggs@redhat.com>
2018-05-18 15:01:24 +10:00
Ben Skeggs
aa5e38dc9f drm/nouveau/gr/gf100-: virtualise r419f78 + apply fixes from traces
Removed from GK110[B]/GK208 as RM traces show it not being touched.

Signed-off-by: Ben Skeggs <bskeggs@redhat.com>
2018-05-18 15:01:24 +10:00
Ben Skeggs
60c0264a66 drm/nouveau/gr/gf100-: virtualise gpc_tpc_nr
Signed-off-by: Ben Skeggs <bskeggs@redhat.com>
2018-05-18 15:01:24 +10:00
Ben Skeggs
e7163b1922 drm/nouveau/gr/gf100-: virtualise r406500
Signed-off-by: Ben Skeggs <bskeggs@redhat.com>
2018-05-18 15:01:24 +10:00
Ben Skeggs
60770fa28b drm/nouveau/gr/gf100-: virtualise dist_skip_table + improve algorithm
The algorithm for GM200 and newer matches RM for all the boards I have, but
I don't have enough data to try and figure something out for earlier boards,
so these will still write zeroes to the table as we did before.

The code in NVGPU isn't helpful here, it appears to handle specific cases.

Signed-off-by: Ben Skeggs <bskeggs@redhat.com>
2018-05-18 15:01:24 +10:00
Ben Skeggs
c4a2b6385d drm/nouveau/gr/gf100-gf119: modify max_ways_evict where required
I don't think this is done after Fermi, NVGPU used to do it but removed
the code, and I've not seen RM traces touching it either.

Signed-off-by: Ben Skeggs <bskeggs@redhat.com>
2018-05-18 15:01:24 +10:00
Ben Skeggs
43952c6f43 drm/nouveau/gr/gf100-: virtualise alpha_beta_tables + improve algorithms
I haven't yet been able to find a fully programatic way of calculating the
same mapping as NVIDIA for GF100-GF119, so the algorithm partially depends
on data tables for specific configurations.

I couldn't find traces for every possibility, so the algorithm will switch
to a mapping similar to what GK104-GM10x use if it encounters one.  We did
the wrong thing before anyway, so shouldn't matter too much.

The algorithm used in the GK104 implementation was ported from NVGPU.

Signed-off-by: Ben Skeggs <bskeggs@redhat.com>
2018-05-18 15:01:24 +10:00
Ben Skeggs
ff209c235d drm/nouveau/gr/gf100-: virtualise rop_mapping
Signed-off-by: Ben Skeggs <bskeggs@redhat.com>
2018-05-18 15:01:24 +10:00
Ben Skeggs
9d8a80df73 drm/nouveau/gr/gf100-: virtualise r4060a8 + apply fixes from traces
Also fixes some GPUs where we write too many registers.

Signed-off-by: Ben Skeggs <bskeggs@redhat.com>
2018-05-18 15:01:24 +10:00
Ben Skeggs
e51f75d501 drm/nouveau/gr/gf100-: virtualise tpc_per_gpc
GM20B now also shares the same code, as NVGPU shows it doesn't need
special treatment.

Signed-off-by: Ben Skeggs <bskeggs@redhat.com>
2018-05-18 15:01:24 +10:00
Ben Skeggs
fc740f545d drm/nouveau/gr/gf100-: virtualise sm_id/tpc_nr
Signed-off-by: Ben Skeggs <bskeggs@redhat.com>
2018-05-18 15:01:24 +10:00
Ben Skeggs
ea4a2bb530 drm/nouveau/gr/gf100-: virtualise patch_ltc, noting missing init
Signed-off-by: Ben Skeggs <bskeggs@redhat.com>
2018-05-18 15:01:24 +10:00
Ben Skeggs
aedc49fd0e drm/nouveau/gr/gf100-: support firmware-provided sw_ctx everywhere
Signed-off-by: Ben Skeggs <bskeggs@redhat.com>
2018-05-18 15:01:23 +10:00
Ben Skeggs
525230cb20 drm/nouveau/gr/gf100-: delete duplicated init code
Signed-off-by: Ben Skeggs <bskeggs@redhat.com>
2018-05-18 15:01:23 +10:00
Ben Skeggs
04547482ae drm/nouveau/gr/gf100-: virtualise init_400054
Signed-off-by: Ben Skeggs <bskeggs@redhat.com>
2018-05-18 15:01:23 +10:00
Ben Skeggs
6df6d2b95e drm/nouveau/gr/gf100-: apply be exception fixes from traces
Signed-off-by: Ben Skeggs <bskeggs@redhat.com>
2018-05-18 15:01:23 +10:00
Ben Skeggs
4615e9b438 drm/nouveau/gr/gf100-: virtualise init_shader_exceptions
Signed-off-by: Ben Skeggs <bskeggs@redhat.com>
2018-05-18 15:01:23 +10:00
Ben Skeggs
ab4d49a349 drm/nouveau/gr/gf100-: virtualise init_504430
Signed-off-by: Ben Skeggs <bskeggs@redhat.com>
2018-05-18 15:01:23 +10:00
Ben Skeggs
f3ef80c0c4 drm/nouveau/gr/gf100-: virtualise init_tex_hww_esr
Signed-off-by: Ben Skeggs <bskeggs@redhat.com>
2018-05-18 15:01:23 +10:00
Ben Skeggs
70d2148209 drm/nouveau/gr/gf100-: virtualise init_ppc_exceptions
Signed-off-by: Ben Skeggs <bskeggs@redhat.com>
2018-05-18 15:01:23 +10:00
Ben Skeggs
778f18c607 drm/nouveau/gr/gf100-: virtualise init_419c9c + apply fixes from traces
Deliberately removed from non-GP100, as RM doesn't touch it.

Signed-off-by: Ben Skeggs <bskeggs@redhat.com>
2018-05-18 15:01:23 +10:00
Ben Skeggs
0a84a51334 drm/nouveau/gr/gf100-: virtualise init_419eb4 + apply fixes from traces
Signed-off-by: Ben Skeggs <bskeggs@redhat.com>
2018-05-18 15:01:23 +10:00
Ben Skeggs
0feab0250d drm/nouveau/gr/gf100-: virtualise init_419cc0 + apply fixes from traces
Pulled some init out of main per-GPC/TPC loops to match RM.

Signed-off-by: Ben Skeggs <bskeggs@redhat.com>
2018-05-18 15:01:23 +10:00
Ben Skeggs
0a5b97304b drm/nouveau/gr/gf100-: virtualise init_sked_hww_esr
Signed-off-by: Ben Skeggs <bskeggs@redhat.com>
2018-05-18 15:01:23 +10:00
Ben Skeggs
2b297b0d6d drm/nouveau/gr/gf100-: virtualise init_40601c
Signed-off-by: Ben Skeggs <bskeggs@redhat.com>
2018-05-18 15:01:23 +10:00
Ben Skeggs
3ac72e98b4 drm/nouveau/gr/gf100-: virtualise init_ds_hww_esr_2
Signed-off-by: Ben Skeggs <bskeggs@redhat.com>
2018-05-18 15:01:22 +10:00
Ben Skeggs
2585a1b131 drm/nouveau/gr/gf100-: virtualise init_fecs_exceptions + apply fixes from traces
The value for GF100 has changed here, but it matches RM now.

Signed-off-by: Ben Skeggs <bskeggs@redhat.com>
2018-05-18 15:01:22 +10:00
Ben Skeggs
7c76ebb65a drm/nouveau/gr/gf100: write 0x400124 during init
Signed-off-by: Ben Skeggs <bskeggs@redhat.com>
2018-05-18 15:01:22 +10:00
Ben Skeggs
dff30dbd1d drm/nouveau/gr/gf100-: virtualise init_swdx_pes_mask
Signed-off-by: Ben Skeggs <bskeggs@redhat.com>
2018-05-18 15:01:22 +10:00
Ben Skeggs
0f78acc86b drm/nouveau/gr/gf100-: implement another chunk of bios-provided init
Signed-off-by: Ben Skeggs <bskeggs@redhat.com>
2018-05-18 15:01:22 +10:00
Ben Skeggs
429412e231 drm/nouveau/gr/gf100-: virtualise init_rop_active_fbps
Signed-off-by: Ben Skeggs <bskeggs@redhat.com>
2018-05-18 15:01:22 +10:00
Ben Skeggs
bfd27f39b5 drm/nouveau/gr/gf100-: virtualise init_num_active_ltcs
Signed-off-by: Ben Skeggs <bskeggs@redhat.com>
2018-05-18 15:01:22 +10:00
Ben Skeggs
02917aa39d drm/nouveau/gr/gf100-: virtualise init_zcull
Signed-off-by: Ben Skeggs <bskeggs@redhat.com>
2018-05-18 15:01:22 +10:00
Ben Skeggs
2fe5ff6371 drm/nouveau/gr/gf100-: virtualise init_vsc_stream_master
Signed-off-by: Ben Skeggs <bskeggs@redhat.com>
2018-05-18 15:01:22 +10:00
Ben Skeggs
a37279e94c drm/nouveau/gr/gf100-: virtualise init_bios
Signed-off-by: Ben Skeggs <bskeggs@redhat.com>
2018-05-18 15:01:22 +10:00
Ben Skeggs
cd9662f89e drm/nouveau/gr/gf100-: support clkgate_pack everywhere
Signed-off-by: Ben Skeggs <bskeggs@redhat.com>
2018-05-18 15:01:22 +10:00
Ben Skeggs
8b058ca518 drm/nouveau/gr/gf100-: virtualise r405a14
Signed-off-by: Ben Skeggs <bskeggs@redhat.com>
2018-05-18 15:01:22 +10:00
Ben Skeggs
6f63a5fb1e drm/nouveau/gr/gf100-: support firmware-provided sw_nonctx everywhere
Signed-off-by: Ben Skeggs <bskeggs@redhat.com>
2018-05-18 15:01:22 +10:00
Ben Skeggs
1246f1dc22 drm/nouveau/gr/gf100-: virtualise init_gpc_mmu + apply fixes from traces
Signed-off-by: Ben Skeggs <bskeggs@redhat.com>
2018-05-18 15:01:22 +10:00
Ben Skeggs
334cc26d4d drm/nouveau/fifo/gp100-: force individual channels into a channel group
RM does this for some reason, and is enforced in HW on Volta.

Signed-off-by: Ben Skeggs <bskeggs@redhat.com>
2018-05-18 15:01:22 +10:00
Ben Skeggs
eda12417d3 drm/nouveau/fifo/gm107-: write instance address in channel runlist entry
RM does this for some reason.

Signed-off-by: Ben Skeggs <bskeggs@redhat.com>
2018-05-18 15:01:22 +10:00
Ben Skeggs
79bb4b617f drm/nouveau/fifo/gk208-: write pbdma timeout regs during initialisation
Signed-off-by: Ben Skeggs <bskeggs@redhat.com>
2018-05-18 15:01:22 +10:00
Ben Skeggs
8c4e9f9dff drm/nouveau/fifo/gk110-: support writing channel group runlist entries
Signed-off-by: Ben Skeggs <bskeggs@redhat.com>
2018-05-18 15:01:22 +10:00
Ben Skeggs
4f2fc25c0f drm/nouveau/fifo/gk104-: poll for runlist update completion
Newer HW doesn't appear to send this event, which will cause long delays
in runlist updates if they don't complete immediately.

RM doesn't use these events anywhere, and an NVGPU commit message notes
that polling is the preferred method even on HW that supports the event.

Signed-off-by: Ben Skeggs <bskeggs@redhat.com>
2018-05-18 15:01:21 +10:00
Ben Skeggs
665870837a drm/nouveau/fifo/gk104-: add interfaces to support different runlist layouts
This will be required to support features on newer hardware.

Signed-off-by: Ben Skeggs <bskeggs@redhat.com>
2018-05-18 15:01:21 +10:00
Ben Skeggs
f9360c3aa6 drm/nouveau/fifo/gk104-: simplify definition of channel classes
Signed-off-by: Ben Skeggs <bskeggs@redhat.com>
2018-05-18 15:01:21 +10:00
Ben Skeggs
a7cf01809b drm/nouveau/fifo/gk104-: require explicit runlist selection for channel allocation
We didn't used to be aware that runlist/engine IDs weren't the same thing,
or that there was such variability in configuration between GPUs.

By exposing this information to a client, and giving it explicit control
of which runlist it's allocating a channel on, we're able to make better
choices.

The immediate effect of this is that on GPUs where CE0 is the "GRCE", we
will now be allocating a copy engine running asynchronously to GR for BO
migrations - as intended.

Signed-off-by: Ben Skeggs <bskeggs@redhat.com>
2018-05-18 15:01:21 +10:00
Ben Skeggs
cc36205085 drm/nouveau/fifo/gk104-: support querying engines available on each runlist
Will be used to improve channel runlist selection.

Signed-off-by: Ben Skeggs <bskeggs@redhat.com>
2018-05-18 15:01:21 +10:00
Ben Skeggs
ddc669e256 drm/nouveau/fifo/gk104-: allow fault recovery code to be called by other subdevs
This will be required to support Volta.

Signed-off-by: Ben Skeggs <bskeggs@redhat.com>
2018-05-18 15:01:21 +10:00
Ben Skeggs
55b8e85b0b drm/nouveau/fifo/gk104-: accept engine contexts for CE3 and up
These can exist on GP100 and newer.

Signed-off-by: Ben Skeggs <bskeggs@redhat.com>
2018-05-18 15:01:21 +10:00
Ben Skeggs
eb47db4f3b drm/nouveau/fifo: support channel count query
Signed-off-by: Ben Skeggs <bskeggs@redhat.com>
2018-05-18 15:01:21 +10:00
Ben Skeggs
6eb01aa898 drm/nouveau/device: support querying available engines of a specific type
Will be used for fifo runlist selection.

Signed-off-by: Ben Skeggs <bskeggs@redhat.com>
2018-05-18 15:01:21 +10:00
Ben Skeggs
c5c9127b25 drm/nouveau/device: implement a generic method to query device-specific properties
We have a need to fetch data from GPU-specific sub-devices that is not
tied to any particular engine object.

This commit provides the framework to support such queries.

Signed-off-by: Ben Skeggs <bskeggs@redhat.com>
2018-05-18 15:01:21 +10:00
Ben Skeggs
f5650478ab drm/nouveau/disp/nv50-: pass nvkm_memory objects for channel push buffers
Signed-off-by: Ben Skeggs <bskeggs@redhat.com>
2018-05-18 15:01:21 +10:00
Ben Skeggs
a9c44a88ca drm/nouveau/disp/nv50-: add channel interfaces to control error interrupts
This will be required to support Volta, but also allows us to remove code
that's duplicated for each channel type already.

Signed-off-by: Ben Skeggs <bskeggs@redhat.com>
2018-05-18 15:01:21 +10:00
Ben Skeggs
4a8621a24a drm/nouveau/disp/nv50-: add channel interfaces to determine the user area
This will be required to support Volta.

Signed-off-by: Ben Skeggs <bskeggs@redhat.com>
2018-05-18 15:01:21 +10:00
Ben Skeggs
8531f57027 drm/nouveau/disp/nv50-: merge handling of pio and dma channels
Unnecessarily complicated, and a barrier to cleanly supporting Volta.

Signed-off-by: Ben Skeggs <bskeggs@redhat.com>
2018-05-18 15:01:21 +10:00
Ben Skeggs
9b096283bf drm/nouveau/disp/nv50-: simplify definiton of core channels
Signed-off-by: Ben Skeggs <bskeggs@redhat.com>
2018-05-18 15:01:21 +10:00
Ben Skeggs
6d41a7536f drm/nouveau/disp/nv50-: simplify definition of cursor channels
Signed-off-by: Ben Skeggs <bskeggs@redhat.com>
2018-05-18 15:01:21 +10:00
Ben Skeggs
3ceeef9c03 drm/nouveau/disp/nv50-: simplify definition of base channels
Signed-off-by: Ben Skeggs <bskeggs@redhat.com>
2018-05-18 15:01:21 +10:00
Ben Skeggs
c2c3a00310 drm/nouveau/disp/nv50-: simplify definition of overlay immediate channels
Signed-off-by: Ben Skeggs <bskeggs@redhat.com>
2018-05-18 15:01:20 +10:00
Ben Skeggs
46f74a8ad7 drm/nouveau/disp/nv50-: simplify definition of overlay channels
Introduces a new method of defining channels available from the display,
common to all channel types, allowing for more flexibility in available
channel types/counts, and reducing the amount of boiler-plate required.

This will be required to support Volta.

Signed-off-by: Ben Skeggs <bskeggs@redhat.com>
2018-05-18 15:01:20 +10:00
Ben Skeggs
abc1d4379b drm/nouveau/disp/nv50-: replace user object with engine pointer in channels
More simplification.

Signed-off-by: Ben Skeggs <bskeggs@redhat.com>
2018-05-18 15:01:20 +10:00
Ben Skeggs
bb3b0a4220 drm/nouveau/disp/nv50-: initialise from the engine, rather than the user object
Engines are initialised on an as-needed basis, so this results in the
same behaviour, whilst allowing us to simplify things a bit.

Signed-off-by: Ben Skeggs <bskeggs@redhat.com>
2018-05-18 15:01:20 +10:00
Ben Skeggs
f5e088d6f0 drm/nouveau/disp/nv50-: fetch mask of available piors during oneinit
Signed-off-by: Ben Skeggs <bskeggs@redhat.com>
2018-05-18 15:01:20 +10:00
Ben Skeggs
9fe4e17704 drm/nouveau/disp/nv50-: fetch mask of available sors during oneinit
Signed-off-by: Ben Skeggs <bskeggs@redhat.com>
2018-05-18 15:01:20 +10:00
Ben Skeggs
bf5d1a6b6a drm/nouveau/disp/nv50-: fetch mask of available dacs during oneinit
Signed-off-by: Ben Skeggs <bskeggs@redhat.com>
2018-05-18 15:01:20 +10:00
Ben Skeggs
f7b2ece37f drm/nouveau/disp/nv50-: fetch mask of available heads during oneinit
Signed-off-by: Ben Skeggs <bskeggs@redhat.com>
2018-05-18 15:01:20 +10:00
Ben Skeggs
3b9ba66ab0 drm/nouveau/disp/nv50-: delay subunit construction until oneinit
We should be reading registers to determine which subunits are really
present on a given board, and this needs to be done after DEVINIT.

Signed-off-by: Ben Skeggs <bskeggs@redhat.com>
2018-05-18 15:01:20 +10:00
Ben Skeggs
85a3b9c839 drm/nouveau/fb/gm200-: fix overwriting of big page setting
Likely a rebase bug.  Should have no impact in default configuration due
to using per-instance setting by default.

Signed-off-by: Ben Skeggs <bskeggs@redhat.com>
2018-05-18 15:01:20 +10:00
Ben Skeggs
d1ea77ab5f drm/nouveau/fb/gf100-: bump size of mmu debug buffers to match big page size
Signed-off-by: Ben Skeggs <bskeggs@redhat.com>
2018-05-18 15:01:20 +10:00
Ben Skeggs
d0e9351e42 drm/nouveau/fault/gp100: implement replayable fault buffer initialisation
Signed-off-by: Ben Skeggs <bskeggs@redhat.com>
2018-05-18 15:01:20 +10:00
Ben Skeggs
36780d7eee drm/nouveau/fault: add infrastructure to support fault buffers
GPU-specific support will be added separately.

Signed-off-by: Ben Skeggs <bskeggs@redhat.com>
2018-05-18 15:01:20 +10:00
Ben Skeggs
2f68234fb3 drm/nouveau/mc/gp100-: route fault buffer interrupts to FAULT
Signed-off-by: Ben Skeggs <bskeggs@redhat.com>
2018-05-18 15:01:20 +10:00
Ben Skeggs
1ce466894b drm/nouveau/core: define FAULT subdev
This will be responsible for the handling of MMU fault buffers on GPUs
that support them.

Signed-off-by: Ben Skeggs <bskeggs@redhat.com>
2018-05-18 15:01:20 +10:00
Gustavo A. R. Silva
7bf5b70bef drm/nouveau/secboot: remove VLA usage
In preparation to enabling -Wvla, remove VLA. In this particular
case directly use macro NVKM_MSGQUEUE_CMDLINE_SIZE instead of local
variable cmdline_size. Also, remove cmdline_size as it is not
actually useful anymore.

The use of stack Variable Length Arrays needs to be avoided, as they
can be a vector for stack exhaustion, which can be both a runtime bug
or a security flaw. Also, in general, as code evolves it is easy to
lose track of how big a VLA can get. Thus, we can end up having runtime
failures that are hard to debug.

Also, fixed as part of the directive to remove all VLAs from
the kernel: https://lkml.org/lkml/2018/3/7/621

Signed-off-by: Gustavo A. R. Silva <gustavo@embeddedor.com>
Reviewed-by: Thierry Reding <treding@nvidia.com>
Signed-off-by: Ben Skeggs <bskeggs@redhat.com>
2018-05-18 15:01:20 +10:00
Arnd Bergmann
9dfbd73199 drm/nouveau: nouveau: use larger buffer in nvif_vmm_map
gcc points out a buffer that is clearly too small to be used
in a meaningful way, as the 'sizeof(*args) + argc > sizeof(stack)'
will always fail:

In function 'memcpy',
    inlined from 'nvif_vmm_map' at drivers/gpu/drm/nouveau/nvif/vmm.c:55:2:
include/linux/string.h:353:9: error: '__builtin_memcpy' offset 40 is out of the bounds [0, 16] of object 'stack' with type 'u8[16]' {aka 'unsigned char[16]'} [-Werror=array-bounds]
  return __builtin_memcpy(p, q, size);
         ^~~~~~~~~~~~~~~~~~~~~~~~~~~~
drivers/gpu/drm/nouveau/nvif/vmm.c: In function 'nvif_vmm_map':
drivers/gpu/drm/nouveau/nvif/vmm.c:40:5: note: 'stack' declared here

This makes the buffer large enough so it should serve the purpose
that the author presumably had in mind. Alternatively we could
just get rid of it completely and simplify the code at the cost
of always doing the kmalloc (as we do in the current version).

Fixes: 920d2b5ef2 ("drm/nouveau/mmu: define user interfaces to mmu vmm opertaions")
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Ben Skeggs <bskeggs@redhat.com>
2018-05-18 15:01:19 +10:00
Dave Airlie
1fafef9dfe urgent i686 mmap fix for drm drivers
-----BEGIN PGP SIGNATURE-----
 
 iQIcBAABAgAGBQJa+mZEAAoJEAx081l5xIa+p/4P/3kIW0Zk6wO2HOF2u4TRZdhe
 2b6yYP6ig1MMpLsJuRH2f8hnWl2f+CBzhwHaKbUni9ffY4TboOWeoYL5YWap2Pcp
 MxRLBXBAI9+8zqqsrm/VB4gQL/Xp0nghN3CT1khLnMs38BkFUX7nASiSIknVIxj3
 ux/95o0Tb2uYN886ILZCixPjmNUSgfNAyQuNNKRmT1EM3mgDZ2mc6BJoArPcCBqr
 0vkekQA9+ZK4XYEHfjq/0CrVMLXhjaO05+BADK8A8WOtyvU+0xKjJjmQx0sQAd6L
 Vcr+aMabJP8+3LeMDjIWqH0wUk6YqECwnUOoBkJFp5YTx+D1ff2RzmlWwvt9skIZ
 4tmyFMfAn8XKkoSwa598/jamxOgTmMTIO8/6dJfO01sDgUvmTeR5z+ZTDG9FudFW
 7Y2aHLMm19kitjqLDCpWBPmFGYVmfIsqA52qSgIjF4JVIurDk3PLRbQt++4k2j84
 hLvYClJIs4ulTfmNRuBH4cVYtW5H5ohIkwP9L715Y+7ag/LUdQB1V6QsrX1bHEXg
 KX1jP1UHqpUwNEQ9N2/1wVv1Ss7p7CKFY3C2UAMacRyymrws4McziPuXUalkBArs
 royz2gRc5ykpbZ7Itlls43XlyMYxBeaogq+P2ODHouQMfDM21Gam/mpBPz3+t2c5
 fo9rLqk3NqxPbHud1NJH
 =4NJV
 -----END PGP SIGNATURE-----

Merge drm-fixes-for-v4.17-rc6-urgent into drm-next

Need to backmerge some nouveau fixes to reduce
the nouveau -next conflicts a lot.

Signed-off-by: Dave Airlie <airlied@redhat.com>
2018-05-18 14:08:53 +10:00
Lyude Paul
352672db85 drm/nouveau: Fix deadlock in nv50_mstm_register_connector()
Currently; we're grabbing all of the modesetting locks before adding MST
connectors to fbdev. This isn't actually necessary, and causes a
deadlock as well:

======================================================
WARNING: possible circular locking dependency detected
4.17.0-rc3Lyude-Test+ #1 Tainted: G           O
------------------------------------------------------
kworker/1:0/18 is trying to acquire lock:
00000000c832f62d (&helper->lock){+.+.}, at: drm_fb_helper_add_one_connector+0x2a/0x60 [drm_kms_helper]

but task is already holding lock:
00000000942e28e2 (crtc_ww_class_mutex){+.+.}, at: drm_modeset_backoff+0x8e/0x1c0 [drm]

which lock already depends on the new lock.

the existing dependency chain (in reverse order) is:

-> #3 (crtc_ww_class_mutex){+.+.}:
       ww_mutex_lock+0x43/0x80
       drm_modeset_lock+0x71/0x130 [drm]
       drm_helper_probe_single_connector_modes+0x7d/0x6b0 [drm_kms_helper]
       drm_setup_crtcs+0x15e/0xc90 [drm_kms_helper]
       __drm_fb_helper_initial_config_and_unlock+0x29/0x480 [drm_kms_helper]
       nouveau_fbcon_init+0x138/0x1a0 [nouveau]
       nouveau_drm_load+0x173/0x7e0 [nouveau]
       drm_dev_register+0x134/0x1c0 [drm]
       drm_get_pci_dev+0x8e/0x160 [drm]
       nouveau_drm_probe+0x1a9/0x230 [nouveau]
       pci_device_probe+0xcd/0x150
       driver_probe_device+0x30b/0x480
       __driver_attach+0xbc/0xe0
       bus_for_each_dev+0x67/0x90
       bus_add_driver+0x164/0x260
       driver_register+0x57/0xc0
       do_one_initcall+0x4d/0x323
       do_init_module+0x5b/0x1f8
       load_module+0x20e5/0x2ac0
       __do_sys_finit_module+0xb7/0xd0
       do_syscall_64+0x60/0x1b0
       entry_SYSCALL_64_after_hwframe+0x49/0xbe

-> #2 (crtc_ww_class_acquire){+.+.}:
       drm_helper_probe_single_connector_modes+0x58/0x6b0 [drm_kms_helper]
       drm_setup_crtcs+0x15e/0xc90 [drm_kms_helper]
       __drm_fb_helper_initial_config_and_unlock+0x29/0x480 [drm_kms_helper]
       nouveau_fbcon_init+0x138/0x1a0 [nouveau]
       nouveau_drm_load+0x173/0x7e0 [nouveau]
       drm_dev_register+0x134/0x1c0 [drm]
       drm_get_pci_dev+0x8e/0x160 [drm]
       nouveau_drm_probe+0x1a9/0x230 [nouveau]
       pci_device_probe+0xcd/0x150
       driver_probe_device+0x30b/0x480
       __driver_attach+0xbc/0xe0
       bus_for_each_dev+0x67/0x90
       bus_add_driver+0x164/0x260
       driver_register+0x57/0xc0
       do_one_initcall+0x4d/0x323
       do_init_module+0x5b/0x1f8
       load_module+0x20e5/0x2ac0
       __do_sys_finit_module+0xb7/0xd0
       do_syscall_64+0x60/0x1b0
       entry_SYSCALL_64_after_hwframe+0x49/0xbe

-> #1 (&dev->mode_config.mutex){+.+.}:
       drm_setup_crtcs+0x10c/0xc90 [drm_kms_helper]
       __drm_fb_helper_initial_config_and_unlock+0x29/0x480 [drm_kms_helper]
       nouveau_fbcon_init+0x138/0x1a0 [nouveau]
       nouveau_drm_load+0x173/0x7e0 [nouveau]
       drm_dev_register+0x134/0x1c0 [drm]
       drm_get_pci_dev+0x8e/0x160 [drm]
       nouveau_drm_probe+0x1a9/0x230 [nouveau]
       pci_device_probe+0xcd/0x150
       driver_probe_device+0x30b/0x480
       __driver_attach+0xbc/0xe0
       bus_for_each_dev+0x67/0x90
       bus_add_driver+0x164/0x260
       driver_register+0x57/0xc0
       do_one_initcall+0x4d/0x323
       do_init_module+0x5b/0x1f8
       load_module+0x20e5/0x2ac0
       __do_sys_finit_module+0xb7/0xd0
       do_syscall_64+0x60/0x1b0
       entry_SYSCALL_64_after_hwframe+0x49/0xbe

-> #0 (&helper->lock){+.+.}:
       __mutex_lock+0x70/0x9d0
       drm_fb_helper_add_one_connector+0x2a/0x60 [drm_kms_helper]
       nv50_mstm_register_connector+0x2c/0x50 [nouveau]
       drm_dp_add_port+0x2f5/0x420 [drm_kms_helper]
       drm_dp_send_link_address+0x155/0x1e0 [drm_kms_helper]
       drm_dp_add_port+0x33f/0x420 [drm_kms_helper]
       drm_dp_send_link_address+0x155/0x1e0 [drm_kms_helper]
       drm_dp_check_and_send_link_address+0x87/0xd0 [drm_kms_helper]
       drm_dp_mst_link_probe_work+0x4d/0x80 [drm_kms_helper]
       process_one_work+0x20d/0x650
       worker_thread+0x3a/0x390
       kthread+0x11e/0x140
       ret_from_fork+0x3a/0x50

other info that might help us debug this:
Chain exists of:
  &helper->lock --> crtc_ww_class_acquire --> crtc_ww_class_mutex
 Possible unsafe locking scenario:
       CPU0                    CPU1
       ----                    ----
  lock(crtc_ww_class_mutex);
                               lock(crtc_ww_class_acquire);
                               lock(crtc_ww_class_mutex);
  lock(&helper->lock);

 *** DEADLOCK ***
5 locks held by kworker/1:0/18:
 #0: 000000004a05cd50 ((wq_completion)"events_long"){+.+.}, at: process_one_work+0x187/0x650
 #1: 00000000601c11d1 ((work_completion)(&mgr->work)){+.+.}, at: process_one_work+0x187/0x650
 #2: 00000000586ca0df (&dev->mode_config.mutex){+.+.}, at: drm_modeset_lock_all+0x3a/0x1b0 [drm]
 #3: 00000000d3ca0ffa (crtc_ww_class_acquire){+.+.}, at: drm_modeset_lock_all+0x44/0x1b0 [drm]
 #4: 00000000942e28e2 (crtc_ww_class_mutex){+.+.}, at: drm_modeset_backoff+0x8e/0x1c0 [drm]

stack backtrace:
CPU: 1 PID: 18 Comm: kworker/1:0 Tainted: G           O      4.17.0-rc3Lyude-Test+ #1
Hardware name: Gateway FX6840/FX6840, BIOS P01-A3         05/17/2010
Workqueue: events_long drm_dp_mst_link_probe_work [drm_kms_helper]
Call Trace:
 dump_stack+0x85/0xcb
 print_circular_bug.isra.38+0x1ce/0x1db
 __lock_acquire+0x128f/0x1350
 ? lock_acquire+0x9f/0x200
 ? lock_acquire+0x9f/0x200
 ? __ww_mutex_lock.constprop.13+0x8f/0x1000
 lock_acquire+0x9f/0x200
 ? drm_fb_helper_add_one_connector+0x2a/0x60 [drm_kms_helper]
 ? drm_fb_helper_add_one_connector+0x2a/0x60 [drm_kms_helper]
 __mutex_lock+0x70/0x9d0
 ? drm_fb_helper_add_one_connector+0x2a/0x60 [drm_kms_helper]
 ? ww_mutex_lock+0x43/0x80
 ? _cond_resched+0x15/0x30
 ? ww_mutex_lock+0x43/0x80
 ? drm_modeset_lock+0xb2/0x130 [drm]
 ? drm_fb_helper_add_one_connector+0x2a/0x60 [drm_kms_helper]
 drm_fb_helper_add_one_connector+0x2a/0x60 [drm_kms_helper]
 nv50_mstm_register_connector+0x2c/0x50 [nouveau]
 drm_dp_add_port+0x2f5/0x420 [drm_kms_helper]
 ? mark_held_locks+0x50/0x80
 ? kfree+0xcf/0x2a0
 ? drm_dp_check_mstb_guid+0xd6/0x120 [drm_kms_helper]
 ? trace_hardirqs_on_caller+0xed/0x180
 ? drm_dp_check_mstb_guid+0xd6/0x120 [drm_kms_helper]
 drm_dp_send_link_address+0x155/0x1e0 [drm_kms_helper]
 drm_dp_add_port+0x33f/0x420 [drm_kms_helper]
 ? nouveau_connector_aux_xfer+0x7c/0xb0 [nouveau]
 ? find_held_lock+0x2d/0x90
 ? drm_dp_dpcd_access+0xd9/0xf0 [drm_kms_helper]
 ? __mutex_unlock_slowpath+0x3b/0x280
 ? drm_dp_dpcd_access+0xd9/0xf0 [drm_kms_helper]
 drm_dp_send_link_address+0x155/0x1e0 [drm_kms_helper]
 drm_dp_check_and_send_link_address+0x87/0xd0 [drm_kms_helper]
 drm_dp_mst_link_probe_work+0x4d/0x80 [drm_kms_helper]
 process_one_work+0x20d/0x650
 worker_thread+0x3a/0x390
 ? process_one_work+0x650/0x650
 kthread+0x11e/0x140
 ? kthread_create_worker_on_cpu+0x50/0x50
 ret_from_fork+0x3a/0x50

Taking example from i915, the only time we need to hold any modesetting
locks is when changing the port on the mstc, and in that case we only
need to hold the connection mutex.

Signed-off-by: Lyude Paul <lyude@redhat.com>
Cc: Karol Herbst <kherbst@redhat.com>
Cc: stable@vger.kernel.org

Signed-off-by: Lyude Paul <lyude@redhat.com>

Signed-off-by: Ben Skeggs <bskeggs@redhat.com>
2018-05-10 13:11:52 +10:00
Ben Skeggs
0d5a03c3d9 drm/nouveau/ttm: don't dereference nvbo::cli, it can outlive client
Potentially responsible for some random OOPSes.

Signed-off-by: Ben Skeggs <bskeggs@redhat.com>
Cc: stable@vger.kernel.org [v4.15+]
2018-05-10 13:11:52 +10:00